First stage of hacking is information gathering in which we discover the IP, domain, open ports, services versions, operating system etc. of victim’s system. But only information gathering is not sufficient for hacking. Second stage of hacking is vulnerability analysis in which we find the weaknesses in system of victim and using these weaknesses we access the system of victim. But we could not start vulnerability analysis without information gathering. In this post we will discuss some GUI tools of kali Linux to find vulnerabilities in the system of our victim to attack. But every vulnerability is not exploitable means that we could not access the system by using every vulnerability. So, more important is that vulnerability must be exploitable to access the system or website. One more thing in vulnerability analysis is that vulnerability has three main levels. Low level is not mostly exploitable. High level is mostly exploitable. Medium level may or may not be exploitable. Vulnerability and information both are important to access a system. We could not separate them because both are required to exploit and access the system. Information is nothing without vulnerability. So, let’s start vulnerability analysis.
a) VEGA
It is the vulnerability finding tool of the kali Linux that is used to find vulnerabilities of different kinds in target website. It is very important tool that works in graphical user interface mode. It is very helpful during hacking of website and a hacker must learn it. You can install it using following steps. To install it java must be install in your kali Linux. Then go to the website (https://subgraph.com/vega/download/) , click on (download) and then click on (link gtk 64 bit intel) and vega will download in yours (downloads) folder. Unzip the folder. Then open the (vega) folder. Here you will see a file (vega). To run vega run (vega) file by following commands.
(chmod +x vega)
(./ vega)
After this vega will start and you can use it. Now to scan website click on (scan) on the top, and then click on (start new scan). Then enable the option (enter a base URL for scan) and then paste link of your target website in box below. Click on (next). Then tick on all options (injection modules) and in (response processing module) to scan website completely, then click on (next) and the on (finish). After finishing scanning (vega) will show (high), (medium) and (Low) vulnerabilities as shown in the figure. Information provided by (vega) will help you very much during hacking target website. To see more information about different vulnerabilities click on (scan alerts) and click on (high) or (low) or (medium) and then click on
Vulnerabilities shown by vega tool in detail with links
(vulnerabilities). As a result on a side the information will appear. By clicking on (links) you can find more information in more detail about specific vulnerability. So you should use vega. Good luck for good work in vega.
b) OWASP ZAP:
It is the vulnerability finding tool of kali Linux that is used to find different vulnerabilities or weaknesses in websites. It works in graphical user interface mode. It is very important tool of kali Linux that helps very much during hacking of a website and it is very easy to use. OWASP ZAP can be installed in your kali Linux or you can installed it yourself, by following steps java must be installed in your kali Linux.
Go to the website (zap.proxy.org)
Click on (Download Zap)
Linux installer of owasp zap
And download (Linux installer)
Then go to your (Download folder and (open terminal here)
Run these commands to install owasp zap:
(chmod +x zap _2_7_0_ unix.sh)
(./zap=2_7_0_ unix.sh)
Click on (next), (next), (next) and then(install).
Installing owasp zap in kali Linux
After this owasp zap will install on your kali Linux and you can use it.
1)
BASIC
INTERFACE OF OWASP ZAP:
Interface of owasp zap
On the top owasp zap has the (menu bar), 2nd is the (Tool bar) that has different tools of owasp zap for information gathering. Then there is a (Tree window), then it has workspace window to do work related to information about or target, and at there is (footer bar) having some tools.
2) CONFIGURATION OF DYNAMIC SSL CERTIFICATE IN OWASP ZAP:
For the working of owasp zap in managed way configuration of (dynamic SSL certificate) by following steps.
Open the owasp zap and click on (Tools) and in (Tools) click on (options) then click on (Dynamic SSL certificate) and click on (save) and save it in your computer anywhere you want. Then to important the certificate in Firefox open the (Firefox) and click on (menu items) and then click on (settings). Click on (privacy and security) then click on (view certificates) Then click on (import) and then select your saved certificate from your and click (open).
SSL certificate of owasp zap
Then tick the option (trust this certificate to identify websites) and click on (ok) and again (ok) Then (dynamic SSL certificate) will configur in Firefox and you ca use the owasp zap in your kali Linux system.
3) CONFIGURATION OF PROXY IN OWASP ZAP:
Proxy setting is also very important for proper working of owasp zap otherwise no website will open in your any browser. So, for proxy setting open the owasp zap, in your kali Linux and click on (Tools ) and then click on (option) and then click on (local proxies) and set your port as (8081) and then click on (ok).
Proxy setting in owasp zap
Now to set proxy in your (Firefox) browser. Open the (Firefox) and click on (menu) and click on setting. Then click on (network settings) and tick the option (manual proxy) and type (localhost) and set (port) same as you set in owasp zap as (8081), also tick the option (Also use the proxy for FTP and HTTPS) and click (ok).
Proxy setting in browser
After this proxy will figure and you can use owasp zap. Now any work that you do no your browser will pass from owasp zap and now you can analyze different websites. Now we will discuss about the working of owasp zap in kali Linux for vulnerability testing. Request capturing in owasp zap:
4) REQUEST CAPTURING IN OWASP ZAP:
First of all we will discuss that how to capture request in owasp zap. So set the proxy in owasp zap and in Firefox. Now as you will open the target website then requests and your work will be capture in owasp zap. To see (request) and (response) in (workspace window). Then you can see request and response of your target websites. By clicking on green icon you can capture requests directly. To capture a specific request (right click) on it in (information window) and click on (show in sight tab) and it will highlight in (tree window).
Request captured by owasp zap for vulnerability analysis
To avoid any request (right click) on it and click on (break) use of manual explore option for vulnerability testing:
5) USE OF MANUAL EXPLORE OPTION IN OWASP ZAP FOR VULNERABILITY TESTING:
This is very useful and important option of the owasp zap that is used to find the vulnerability in our target website. Open this option and put the link of your target website in front of option (URL to explore) then choose your browse like (Firefox) and click on (launch browser) to see the error massage click on (alert) in information window and you can find more detail by clicking on any error message.
Vulnerabilities found in target website
If you enter wrong things or information or request in your target website and no error message is recorded in owasp zap then it means website is vulnerable. By the (manual explore) option you can some vulnerabilities in your target website.
SPIDERING:
Spider website in owasp zap
Spider is also a very important function in finding vulnerability. In this work we enable the option (spider) in owasp zap and it checks different link related to target website and find the parameters and vulnerabilities.
To enable spider option, in owasp zap click on (+) icon in information window and then click on (spider). Then to set target click on (new scan), then paste the link of your target website in front of option (starting point), then click on (start scan). As a result in (information window) you can see the different parameters, URL founded by (right clicking) on it in (tree bar). Then click on (attack) and then on (spider), so you can find more information.
6) VULNERABILITY IDENTIFICATION IN A PAGE OF WEBSITE:
We can find the vulnerabilities in our target website by (Active scan) in owasp zap. Let’s consider that we want to find vulnerability in (login page) of website. So, open the login page and enter incorrect (username) and (password). This login page will be captured in (information window) (Right click) on (login page) URL in (window) and click on (show in sight tab). Then it will highlight in (tree bar). Right click on the (login link), click on (Attack) and click on (active scan) then click on (start scan. To see vulnerabilities will appear in (information window).
Vulnerability test in a single page of website
By clicking on specific vulnerability you can find more details. By same method you can find vulnerabilities in any page of any target website.
7) ACTIVE SCAN OF COMPLETE WEBSITE:
First we will discuss about the scanning of single page. Now we will discuss about the scanning of whole website in owasp zap. To do click on (Automated scan in (workspace window). Then paste the main URL or link in front of option (URL to attack) then click on (Alerts) you can find vulnerabilities and by clicking on any vulnerability you can find more details.
Detail of complete website
8) GENERATING VULNERABILITY REPORT IN OWASP ZAP:
After finding the vulnerability in target of website it is very important to generate the vulnerability report in owasp zap to send it to the server of website. To generate report first of all (delete) the unwanted links from (tree bar), the click on (report) in (menu bar), click on (generate html report).Then type the report name and select the location where want to (save) the report. After this html report will generate and you can send it server of website.
Vulnerabilities report in owasp zap
There are many more options that you can use but important are those that I discussed. You can use option as you wish. So good luck for good hacking.