قالب وردپرس درنا توس
Home / Tips and Tricks / How To Scan Websites With An Android Phone Without Root Vulnerabilities «Null Byte :: WonderHowTo

How To Scan Websites With An Android Phone Without Root Vulnerabilities «Null Byte :: WonderHowTo



Monitoring websites and detecting vulnerabilities can be a challenge. By combining RapidScan and UserLAnd, anyone with an Android mobile phone with no rootbones can hack sites with a few simple commands.

RapidScan automates the deployment of vulnerability scanners and website auditing software excellently. It supports a variety of effective and remarkable tools that make finding general Web site vulnerabilities extremely easy. In conjunction with an app like UserLAnd, you can build any unobtrusive Android phone into a fully functional web hacking device.

Step 1: Install UserLAnd and Import Kali Repositories

UserLAnd is an Android app that gives users quick and easy access. Easily install Linux distributions on the Android operating system without rooting the device , That way, we can create a Debian operating system (OS) and import the Kali tool repositories for full access to some of the best site monitoring and hacking tools. The full installation process for UserLAnd has been described in our manual which turns an Android phone into a hacking device.

Disclaimer: UserLAnd has limitations. Without root access, for example, some of the tools used by RapidScan are not fully supported. Certain Nmap and Nikto commands sometimes stop or break completely. Keep this in mind when scanning. Just press Ctrl + C to stop a specific scan. RapidScan will automatically proceed to the next scan. Similarly, Android's Wi-Fi interface can not be put into monitor mode, so traditional Wi-Fi hacking tools like Aircrack-ng will not work.

Step 2: Install the RapidScan Dependencies

to get started, log into UserLA on the Kali or Debian operating system, and use either the built-in SSH feature or an SSH client such as ConnectBot, and then enter a root terminal to execute the following commands:

  su [19659009] Next, install the many hacker tools used by RapidScan with the following command  apt- get . It's worth noting that not all of the following tools are required to run RapidScan. If RapidScan does not find a specific tool being installed, it will be intuitively redirected to another tool. 

  apt-get install python screen wapiti whatweb nmap golismero host wget uniscan wafw00f dirb davtest theharvester xsser dnsrecon fierce dnswalk whois sslyze lbd golismero dnsenum dmitry davtest nikto dnsmap

Read package lists ... Done
Create dependency tree
Status information is read ... Done
The following additional packages will be installed:
docutils-common docutils-doc gir1.2-glib-2.0 libgirepository-1.0-1 libnet-netmask-perl libpaper-utils libpaper1
libpython-all-dev libstring-random-perl libxml-writer-perl nmap-common python-all python-all-dev python-bson python-dbus
python-docutils python-entry-points python-gi python-gridfs python-keyring python-keyrings.alt python-pip python-pip-whl
The following packages are being updated:
nmap-common python-pkg-resources wget
4 updated, 45 reinstalled, 0 removed and 181 not updated.
You need 29.2 MB of archives.
After this process, 96.9 MB of additional disk space is used.
Would you like to continue? [Y/n] y 

This installation process may take up to an hour, depending on the network speed and the CPU of the Android device. Make sure that Android stays loaded while packages are being downloaded and installed. As this happens, let's take a look at what tools are being installed.

WhatWeb

WhatWeb is used to identify site technologies and software version information. It contains over 1,750 plugins that can recognize blogger platforms, JavaScript libraries, web server fingerprints, and content management systems (CMS), just to name a few.

DNSRecon

When domain names are resolved, domain names (such as wonderhowto.com) become an IP address that can be interpreted by servers and computers. DNSRecon is a comprehensive tool for listing and detecting DNS (Domain Name Service). It is capable of performing the following advanced tasks to give you an idea of ​​its performance:

Nmap

Nmap is a port scanner and network discovery tool. It's a full-featured tool that lets you find shared servers, discover CVEs, and perform a variety of advanced scanning techniques. As mentioned earlier, some Nmap features are currently not supported by UserLAnd. If you have problems, open a new GitHub issue to help developers.

WAFW00F

A Web Application Firewall (WAF) detects and blocks malicious traffic to and from the Web server it is protective. WAFW00F is able to identify and identify web application firewall technologies with a fingerprint by sending an HTTP request to the site and analyzing the response. Currently, over 45 common web application firewall solutions such as CloudFlare, Sucuri, ModSecurity and Incapsula can be identified.

GoLismero

GoLismero is a web application framework that can be used to test websites and operating systems running Windows 10, Linux, and macOS (OS X).

DAVTest

Web Distributed Authoring and Versioning (WebDAV) is an extension of HTTP that allows web servers to behave like file servers. This allows system administrators to remotely create and edit files. DAVTest monitors WebDAV-enabled servers by uploading executable files and listing command execution vulnerabilities. With DAVTest, penetration testers can quickly determine whether a particular WebDAV server can be exploited.

Uniscan

Uniscan is a simple tool that can detect the inclusion of remote and local files, as well as vulnerabilities in remote command execution. It can also detect SQL and PHP CGI argument injections, crawl hidden files and directories, and fingerprint web servers.

WHOIS

WHOIS is a search and response protocol used by a variety of software and websites to query domain owner data. The command-line tool whois is used to easily access the contact information of the domain owner and the assignment of IP addresses for informational purposes.

DIRB

DIRB is a web application analytics and WebObject discovery tool that performs a dictionary-based attack on web servers.

Load Balance Detector (Lbd)

Load balancing refers to the efficient distribution of incoming network traffic to a large pool (or "farm") of servers. To cost-effectively deliver consistent and reliable content to its visitors, large websites (such as Facebook or Instagram) must use load-balancing solutions. Lbd attempts to determine if a particular Web site uses DNS or HTTP load balancing software by comparing the responses from the server headers.

Wapiti

Wapiti is an injection tool for website and web application auditing. It supports both GET and POST HTTP methods, generates detailed vulnerability assessment reports, and allows custom HTTP headers. Wapiti is able to detect a variety of vulnerabilities, including:

TheHarvester

TheHarvester is an open-source information gathering tool designed for penetration testers in the early stages of black-boxing. and red team engagements. It provides the ability to perform virtual host checks, DNS enumeration, reverse domain searches, IP searches, and Shodan queries.

XSSer

Cross-Site Scripter (XSSer) is an automation tool that attempts to detect and exploit cross-site scripting vulnerabilities in Web applications and Web sites. It also includes several options for bypassing XSS detection filters.

SSLyze

Transport Layer Security (TLS) is a cryptographic protocol that enables secure communication between computers working over the Internet. SSLyze analyzes the SSL configuration of a particular Web site and reports misconfigurations and critical vulnerabilities.

DMitry

DMitry is an information gathering tool that seeks to collect as much information as possible about a host. It collects information about subdomains, email addresses, uptime information, open port details, answers to whois answers, and more.

Nikto

Nikto is a vulnerability scanner that performs countless in-depth tests against web servers. Among its many scan functions, it looks for outdated software, malformed server configuration, directory checks, weak HTTP headers, and many plugins to further enhance functionality.

DNSmap

DNSmap is another DNS enumeration tool used during the information capture phase of a Penetration Test. Brute-forcing subdomains is a widely used and effective way of finding additional servers and IP controls by a target website or company.

Step 3: Clone the RapidScan Repository

Now we have a good idea of ​​what tools these are. RapidScan clones the repository and starts scanning sites.

  git clone https://github.com/skavngr/rapidscan

Cloning in "Rapidscan" ...
remote: enumeration of objects: 3, done.
Remote: Count objects: 100% (3/3), done.
Remote: Compressing objects: 100% (3/3), done.
Remote: Total 449 (delta 0), reused 1 (delta 0), reused 446 pack
Reception objects: 100% (449/449), 2.37 MiB | 100.00 KiB / s, finished.
Resolution of deltas: 100% (261/261), done. 

Then change ( cd ) to the newly created "rapidscan /" directory.

  cd rapidscan / 

Running in Kali.

  chmod + x rapidscan.py 

Step 4: Launcher (optional)

Using Android and UserLAnywhere the SSH connection changes unexpectedly on long, time-consuming scans. SSH breaks can cause ongoing scans to be aborted and fail, usually without saving the collected scan results. RapidScan can also continue running in the background without being able to reconnect to the session to see progress.

Terminal sessions are retained on the screen when the SSH connection is suddenly disconnected. To start a new screen session just type screen into the terminal.

  Screen 

Step 5: Launch RapidScan

The RapidScan Help options and the legend can help with the - argument.

  ./ rapidscan.py --help

__ __
/ __) _ _ / (_ _
/ ((//) / (/ __) ((//)
/
(The Web-Vulnerability Multi-Tool Scanner)

Information:
------------
./rapidscan.py example.com: Scans the domain example.com
./rapidscan.py --update: Updates the scanner to the latest version.
./rapidscan.py --help: Displays this help context.
interactive:
------------
Ctrl + C: Skips the current test.
Ctrl + Z: Ends RapidScan.
legends:
--------
[�]: Scanning may take longer (unpredictable).
[�]: Scanning may take less than 10 minutes.
[�]: Scanning may take less than a minute or two.
Information about the vulnerability:
--------------------------
Critical: Requires immediate attention, as this may lead to compromises or unavailable services.
high: Can not lead to an immediate compromise, but there is a high probability of likelihood.
Medium: Attackers can correlate multiple vulnerabilities of this type to launch a sophisticated attack.
low: No serious problem, but it is recommended to participate in the finding.
info: Not classified as a vulnerability, it's just a useful informational warning. 

If you want to scan a website, just specify the target domain and RapidScan does the rest.

  ./ rapidscan.py target.com 

RapidScan contains many tools. Depending on the network speed, the response time of the target domain, and the Android CPU, scanning a single website can take up to three hours.

Step 6: Analyze the RapidScan Vulnerability Reports

If RapidScan has checked the target domain, a report with the results will be available in the rapidscan / directory with the file name "RS Vulnerability Report." Vulnerability reports can easily accumulate over 300 rows of data. Use the command less to display the file, and not cat . Less allows continuous scrolling of the report by tapping Up and Down .

  Less RS Vulnerability Report 

The detailed output of each scan is attached to the "RS Vulnerability Report" file. Scan error messages are also included in the file and indicate if the scan of a particular tool was successful or not.

That's all that goes with it! RapidScan is a powerful automation tool that simplifies site monitoring. With a few commands, anyone with an undrilled Android device can often search for vulnerabilities and exploits. If you have questions or concerns, please leave a comment below.

Don & # 39; t miss: Easily recognize CVEs with Nmap scripts

Cover images and screenshots by distortion / zero byte

Source link