https://www.youtube.com/watch?v=rrpcjrCceRk
If you run kaillinux 2.0 default install recon-ng. This tool is a good scanning tool that can acquire multiple pieces of information about the target you want to attack.
The tool can be run simply from the CLI via the command recon-ng.
recon-ngAn important part of Recon-NG is the use of extension modules. Commands can be verified through the show moudles command.
show moudlesThen you can see the extension modules available in Recon-ng as shown below. Here, we will use the XSS module.
use recon/domains-vulnerabilities/xssposed
Let’s check the basic information first.
show info
The important part here is that you need to specify the source site to check.
Let’s go over the asecurity.so that I run.
I do not see the XSS reported on my site.
So let’s check if XSS has been reported for famous sites. You can see there are a number of XSS reports here.
You know that this report is based on the openbugbounty site, you can go to the site and see the XSS report information.
'Security' 카테고리의 다른 글
| WannaCryptor랜섬웨어 관련 대응 요령 – smb v1 비활성화 (0) | 2020.11.18 |
|---|---|
| Websecurify – 무료 웹 취약점 분석 도구 (0) | 2020.11.18 |
| Visual Studio - AddressSanitizer (0) | 2020.11.17 |
| SECURE DNS - What is best performance (0) | 2020.11.16 |
| Intel CPU bug Meltdown, Spectre Attack 이해와 Patch 방안 (0) | 2020.11.05 |
