1
00:00:03,420 --> 00:00:09,420
So far we learned how to manually discover a number of very dangerous vulnerabilities.

2
00:00:09,510 --> 00:00:13,640
We've seen how to how they work and how to exploit them.

3
00:00:13,710 --> 00:00:20,430
And today's video I'd like to show you a tool that will allow you to automatically discover vulnerabilities

4
00:00:20,430 --> 00:00:22,110
in web applications.

5
00:00:22,110 --> 00:00:26,820
It will allow you to discover the vulnerabilities that we learned plus much more.

6
00:00:26,820 --> 00:00:32,590
The reason why I didn't teach you this at the start because I wanted you to learn how to do it manually.

7
00:00:32,610 --> 00:00:36,600
I also wanted you to know how these vulnerabilities occur.

8
00:00:36,690 --> 00:00:39,040
So to understand the reason behind them.

9
00:00:39,270 --> 00:00:41,390
Also these are just tools.

10
00:00:41,400 --> 00:00:43,410
So this program is just a tool.

11
00:00:43,410 --> 00:00:46,530
It can make mistakes and it can show false positives.

12
00:00:46,530 --> 00:00:48,390
It can also miss vulnerabilities.

13
00:00:48,390 --> 00:00:52,650
In some cases therefore I wanted you to know how to do this stuff manually.

14
00:00:52,650 --> 00:00:58,920
So if the program doesn't work or if the program misses something then you'll be able to find it the

15
00:00:58,920 --> 00:01:05,940
best way to use these programs is as a backup or as just a tool to help you with your penetration testing

16
00:01:07,490 --> 00:01:09,650
so using the tool is very simple.

17
00:01:09,650 --> 00:01:12,620
I'm gonna go on my applications and then I'm gonna opens up

18
00:01:16,130 --> 00:01:21,190
and it's asking me if I want to save the current session when I use search for something so I'm going

19
00:01:21,190 --> 00:01:21,800
to say no

20
00:01:25,710 --> 00:01:29,000
and this is the main view of the tool.

21
00:01:29,010 --> 00:01:35,250
So on the left here you'll see the websites that you're targeting on the right you can attack and said

22
00:01:35,250 --> 00:01:42,160
the website your URL and in here you'll see the results for your attacking or for your scan.

23
00:01:43,770 --> 00:01:51,340
If we go here on the card on the left it will allow you to modify the options for the program so you

24
00:01:51,340 --> 00:01:57,250
can modify certain aspects of it the way the fossil works the way the spider works the way the scan

25
00:01:57,250 --> 00:01:57,630
works.

26
00:01:59,230 --> 00:02:05,930
I'm going to give everything the same other thing that you can modify is the policies used in this count

27
00:02:05,950 --> 00:02:11,560
so something similar to this count that we were using with and map the intense count and all that.

28
00:02:11,560 --> 00:02:17,860
So I'm going to press on plus I'm going to press on the active scan and if you press on this on the

29
00:02:17,860 --> 00:02:24,920
left here and I'm going to press on the default plus the policy that you can create your own policies

30
00:02:24,940 --> 00:02:26,890
by using the Add button.

31
00:02:26,890 --> 00:02:33,100
I'm going to press on the default one and I'm going to go on modified to see you to show you the aspects

32
00:02:33,100 --> 00:02:41,180
that you can modify so right here you can modify the name the threshold and the strength for the Global

33
00:02:41,270 --> 00:02:41,870
Policy

34
00:02:44,560 --> 00:02:52,760
click in on each of these categories will allow you to modify the specific scans that will be performed

35
00:02:52,790 --> 00:02:58,820
for example and the injection tab here we can see all the injection scans that the program is going

36
00:02:58,820 --> 00:02:59,240
to try.

37
00:02:59,240 --> 00:03:05,300
For example you can see a scale injections here can see cross site scripting here and pressing on the

38
00:03:05,300 --> 00:03:13,430
threshold right here we can set this to default low medium or high setting it to the default will just

39
00:03:13,430 --> 00:03:16,770
default to the value selected here which is medium right now.

40
00:03:17,890 --> 00:03:22,570
Already you can have for example of Eskil injection is what you're looking for if you're what you're

41
00:03:22,570 --> 00:03:27,970
looking for is access for the database then you can set this to high so that it will try everything

42
00:03:28,000 --> 00:03:31,810
and it'll try to find it and even difficult places

43
00:03:35,070 --> 00:03:39,660
so I'm going to close all of this I'm leaving everything the same and I'm going to start my attack against

44
00:03:40,020 --> 00:03:41,440
the Matilda's script.

45
00:03:41,520 --> 00:03:50,370
So we have it in 10 20 14 to 0 4 running in the myth exploitable machine and if we go on all day right

46
00:03:50,370 --> 00:03:52,190
here does the url.

47
00:03:52,230 --> 00:03:54,210
So literally I'm just going to copy this

48
00:03:57,580 --> 00:04:03,980
and paste it here and then I'm going to attack.

49
00:04:04,140 --> 00:04:10,580
Now the tool is first gonna try to find all the URLs and then it's going to try and attack these your

50
00:04:10,590 --> 00:04:14,270
Ls based on this policy that we used.

51
00:04:14,280 --> 00:04:17,300
I'm gonna pop the video and resume it once this count is over.