Hola!! As you all aware of that vulnerabilities can cost you much more and as a developer you don’t need your website to have vulnerabilities (at least I am 😛 ).
And for testing for loopholes in your application can be painful, So here I am to show you a quick demo on how to test your web application for these vulnerabilities.
So we will use a known tool that is Metasploit, this is easy as well as powerful.
We will use two tools of metasploit
Firstly we need to have metasploit on your machine, to do that follow below commands for ubuntu
> sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev
Or you can follow the instructions from here
Metasploit comes pre-loaded with linux kali and Backtrack OS.
So now we all are set to test our application, just follow these commands
1. Start metasploit
2. Load the msfcrawler
> use auxiliary/scanner/http/crawler
3. So now you have to ser RHOST (url/IP address eg. localhost) and RPORT (port in whch you want to connect eg. 9000)
> set RHOST localhost
> set RPORT 9000
4. Run the crawler
5. After finishing crawling we have to load the “wmap”
> load wmap
6. Now we have to create site in wmap
> wmap_sites -a localhost:9000
7. Now you can see your added sites by
> wmap_sites -l
8. Now we have to add this site in to our targets
> wmap_target -d 0
Note:- 0 is this id of the site
and we can see our selected targets by
> wmap_target -l
9. Run the vulnerability scanner
> wmap_run -e
This can take a while depending on the size of the site
10 . After scanning finished we can see the vulnerabilities if we found any
So you are done, this will show you codes each representing a vulnerability, and if you know your weaknesses and you can overcome them :).