----------------------------------------------------------------------------
Website exploits - begginners guide
https://youtu.be/oG5qB80NOeE
---------------------------------------------------------------------------
#ethical_hacking #penetration_testing
Whether you want to find hidden urls / directories or look for SQL Injections and XSS attacks, In this video you can see the best / easiest way to do that. I'm going to use and rank the 5 best website scanners to see which one can capture all the exploits on very vulnerable websites that I have setup.
Those website scanners are free to use and install.
Educational purposes only
I’m going to show how to use:
- Nikto
- Skipfish
- Wapiti
- OWASP-ZAP
- Xsser
With and without authentication on the website.
Chapters:
0:00 Intro
1:05 Nikto: Simple and general vulnerability scanner
2:44 Skipfish: Build a website map and find hidden URLs / files
7:28 Wapiti: Find all vulnerabilities and exploit them from the terminal
11:48 OWASP-ZAP: All exploitations using a GUI
13:37 Xsser: Super good super specialised XSS
Sources:
https://cirt.net/Nikto2
https://www.kali.org/tools/skipfish/
https://wapiti-scanner.github.io/
https://www.zaproxy.org/
https://xsser.03c8.net/
Setup OWASP-ZAP with DVWA:
https://augment1security.com/authentication/dvwa-authentication/
https://www.zaproxy.org/faq/details/setting-up-zap-to-test-dvwa/
