5 best website pentesting tools on Kali Linux (tutorial)

Рет қаралды 67,531

Күн бұрын

----------------------------------------------------------------------------
Website exploits - begginners guide
• you NEED to learn webs...
---------------------------------------------------------------------------
#ethical_hacking #penetration_testing
Whether you want to find hidden urls / directories or look for SQL Injections and XSS attacks, In this video you can see the best / easiest way to do that. I'm going to use and rank the 5 best website scanners to see which one can capture all the exploits on very vulnerable websites that I have setup.
Those website scanners are free to use and install.
Educational purposes only
I’m going to show how to use:
- Nikto
- Skipfish
- Wapiti
- OWASP-ZAP
- Xsser
With and without authentication on the website.
Chapters:
0:00 Intro
1:05 Nikto: Simple and general vulnerability scanner
2:44 Skipfish: Build a website map and find hidden URLs / files
7:28 Wapiti: Find all vulnerabilities and exploit them from the terminal
11:48 OWASP-ZAP: All exploitations using a GUI
13:37 Xsser: Super good super specialised XSS
Sources:
cirt.net/Nikto2
www.kali.org/tools/skipfish/
wapiti-scanner.github.io/
www.zaproxy.org/
xsser.03c8.net/
Setup OWASP-ZAP with DVWA:
augment1security.com/authenti...
www.zaproxy.org/faq/details/s...

Пікірлер: 41

@waylonbraswell8445 2 жыл бұрын

This video is gold to someone getting started in bounties.. great video!

@mdatheeb Жыл бұрын

Super useful video thank you for sharing with us!!!

@gamingrampage2898 Жыл бұрын

thank you so much..........so much things to learn

@user-eq1er5lh3d Жыл бұрын

Greta tools and great explanation!!!!!!!!!! Thank you)

@everytimemotivation1669 2 жыл бұрын

I love your video 🙏❤️😊 nice 🙏❤️😊

@imnoname9259 Жыл бұрын

Thanks, bro ❤❤❤❤❤❤❤❤

@ricardoluvega Жыл бұрын

Thank you

@Vigilantisim 2 ай бұрын

Can I do it in Android as I have installed kali nethunter

@siddhubora6241 11 ай бұрын

How do I get that source address ,that address shown in here is not working

@giop1207 Жыл бұрын

I really enjoyed your video, Nour, and your nice relaxing way to explain things !! May I ask why that link for Setup OWASP-ZAP with DVWA is gone/not working, is it permanent or can I see it somewhere else?? Greetings G

@nourtechtalk Жыл бұрын

Hey Gio, I will check it out and see whats up

@nourtechtalk Жыл бұрын

Hi Gio, I have added a second link. The first one also works for me so I'm not sure where it went wrong

@giop1207 Жыл бұрын

Hello Nour, it works!! Thank you very much!! Greetings from the Netherlands

@razerstride1178 Жыл бұрын

Does Nikto also support https?

@user-rc9fy2pi1g 7 ай бұрын

thanks btrother..next to video "how to fix access file in file directory web browser,,,,after scanner use a zaproxi"..plese

@ikehkenechukwu838 Жыл бұрын

I’m still confused 🤷‍♂️ how do you all get the IP address of your chosen target

@online__Money Жыл бұрын

Super ❤

@nourtechtalk Жыл бұрын

Thanks 🔥

@ZaneEddy 3 ай бұрын

Btw i must say for api fuzzing and scanning sn1per is amazing for other things also but you get a lot of results in my experience compared to some others.

@shadowz7076 Жыл бұрын

is there any scanner that works on mobile platform for scanning website??

@nourtechtalk Жыл бұрын

Good question. I'm gonna check it out and maybe do a video about

@scott8964 Жыл бұрын

Could you please inlarge text so it is easier to follow along

@nourtechtalk Жыл бұрын

Thats a good suggestion 👌 I will make sure I add it to future videos

@hemanacademyandsecurity Жыл бұрын

According to you which is best scanner! wapiti seems me better.

@nourtechtalk Жыл бұрын

Yeah I love Wapiti But some people like the user interface

@bullsen7120 Жыл бұрын

😍

@user-pv5ik8kn4h Жыл бұрын

😊

@MarkVikram 2 ай бұрын

Create a Bluetooth hack video

@gamingrampage2898 Жыл бұрын

Bro we can use it in bug bounty

@nourtechtalk Жыл бұрын

Of course you can I'm also going to make a video about more advanced scanners soon

@securityresearches2796 Жыл бұрын

Show Nuclei 😀

@nourtechtalk Жыл бұрын

Good suggestion! I have added it to my list of ideas for future videos. Thank you!

@f4b1022 2 жыл бұрын

+1 Sub

@DexterSKUpload Жыл бұрын

Please, wake up, its 2022 not 2000

@nourtechtalk Жыл бұрын

Why? Which part did you find to be outdated?

@GokuXxx-o3q Күн бұрын

Get out What the hell your doing here

@videocorner2498 Жыл бұрын

What about ((dixode ))to hack web?

@nourtechtalk Жыл бұрын

Could you send me a link to that scanner?

@sahibtemkar5967 Жыл бұрын

Can we talk on Instagram

@nourtechtalk Жыл бұрын

Hi Sahib, You can find all my contact info in the about section of the channel