# PenTesting Peanut Gallery

Really enjoyed getting a crash course in InfoSec and PenTesting by Dean at the Ctrl-H HackerSpace meetup. Here’s how to get some tools for easy, ethical hacking.

sqlmap

git clone [email protected]/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */:sqlmapproject/sqlmap.git
# pip install -e pwd/sqlmap/  # no joy, help them with a PR setup.py?


Give sqlmap a URL with a ?id=42” at the end of it and you might get lucky. I may try to pull out links from the twip scraped tweets and sqlmap the ones with a GET query that looks SQL-ish. Would have to follow the bit.ly redirects before it would be possible to filter them, but what the heck, my server has cycles to spare.

python sqlmap.py -a -u vuln.com?id=42


Another python-ish tool is Wapiti. Not sure how it works, but this tool has a bunch of python CLI tools for scanning networks.

curl -O -L http://downloads.sourceforge.net/project/wapiti/wapiti/wapiti-2.3.0/wapiti-2.3.0.tar.gz
tar xvzf wapiti-2.3.0.tar.gz


An enterprise (Windoze) security expert showed up late and talked about following infosec since the opensource, CLI BackTrack days. BackTrack is a linux distro with a lot of pen testing tools installed/configured. Kali is a similar set of tools used for Enterprise testing. He mentioned Nessus’s open source fork, OpenVAS. He says it fizzled as the community deflated as they went closed source as Nessus. But here’s how to get by sourceforge click-traps and snag it:

curl -L -O http://wald.intevation.org/frs/download.php/2325/greenbone-security-assistant-6.1+beta4.tar.gz


So with these two keywords it was a cynch to find high-traffic security tools lists like these: