iT邦幫忙

2019 iT 邦幫忙鐵人賽

DAY 16
0

昨天介紹弱點掃描工具 Nessus,可以利用弱點掃描工具來找出資訊設備的弱點,藉由弱點修復,減少漏洞會增加安全性。所以這些弱點需要被管理,那麼弱點掃描完成後需要如何管理這些弱點呢?


可以使用 Faraday 這一個工具來達到漏洞管理的效果,把弱點掃描的報告匯入 Faraday ,透過這個漏洞管理平台來視覺化呈現。

https://ithelp.ithome.com.tw/upload/images/20181031/200609717kCGnlOJHf.png

軟體支援:

  • Linux

報告種類支援:
* Acunetix (REPORT) (XML)
* Amap (CONSOLE)
* Arachni (REPORT, CONSOLE) (XML)
* arp-scan (CONSOLE)
* BeEF (API)
* Brutexss (REPORT)
* Burp, BurpPro (REPORT, API) (XML)
* Core Impact, Core Impact (REPORT) (XML)
* Dig (CONSOLE)
* Dirb (CONSOLE)
* Dirsearch (REPORT,CONSOLE)
* Dnsenum (CONSOLE)
* Dnsmap (CONSOLE)
* Dnsrecon (CONSOLE)
* Dnswalk (CONSOLE)
* evilgrade (API)
* Fierce (CONSOLE)
* Fruitywifi (API)
* ftp (CONSOLE)
* Goohost (CONSOLE)
* hping3 (CONSOLE)
* Hydra (CONSOLE) (XML)
* Immunity Canvas (API)
* Ip360 (REPORT)
* Linys (REPORT)
* Listurls (CONSOLE)
* Maltego (REPORT)
* masscan (REPORT, CONSOLE) (XML)
* Medusa (CONSOLE)
* Metagoofil (CONSOLE)
* Metasploit, (REPORT, API) (XML) XML report
* Ndiff (REPORT, CONSOLE)
* Nessus, (REPORT) (XML .nessus)
* Netcat (CONSOLE)
* Netdiscover (CONSOLE)
* Netsparker (REPORT) (XML)
* Netsparker Cloud (REPORT)
* Nexpose, Nexpose Enterprise, (REPORT) (simple XML, XML Export plugin (2.0))
* Nikto (REPORT, CONSOLE) (XML)
* Nmap (REPORT, CONSOLE) (XML)
* Openvas (REPORT) (XML)
* PasteAnalyzer (CONSOLE)
* Peeping Tom (CONSOLE)
* ping (CONSOLE)
* propecia (CONSOLE)
* Qualysguard (REPORT) (XML)
* Recon-NG (REPORT)
* Retina (REPORT) (XML)
* Reverseraider (CONSOLE)
* Sentinel (API)
* Shodan (API)
* Skipfish (CONSOLE)
* Sqlmap (CONSOLE)
* SSHdefaultscan (CONSOLE)
* SSLcheck (CONSOLE)
* SSLyze (CONSOLE)
* Sublist3r (REPORT,CONSOLE)
* Telnet (CONSOLE)
* Theharvester (CONSOLE)
* Traceroute (CONSOLE)
* W3af (REPORT) (XML)
* Wapiti (CONSOLE)
* Wcscan (CONSOLE)
* Webfuzzer (CONSOLE)
* WebInspect (REPORT,CONSOLE)
* Wfuzz (CONSOLE)
* whois (CONSOLE)
* WPScan (CONSOLE)
* Xsssniper (REPORT)
* X1, Onapsis (REPORT) (XML)
* Zap (REPORT) (XML)


  • Faraday Server 安裝
 git clone https://github.com/infobyte/faraday.git faraday-dev
 cd faraday-dev
 ./install.sh

  • Web 登入
http://IP:5985

上一篇
[Day 15]-弱點管理-Nessus
下一篇
[Day 17]-弱點管理-OpenVAS
系列文
利用開源軟體打造企業內部資安環境30

尚未有邦友留言

立即登入留言