上次分享的Awvs,部分人绝对不太习惯web端的操作,这次分享一个windows桌面版本的渗透商用测试工具AppScan
新版下载
安装方法
运行安装文件
![图片[1]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-92.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
按需设置你的安装路径
![图片[2]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-93.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
破解步骤
将rcl_rational.dll
复制到安装目录覆盖原有文件
![图片[3]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-94-1024x365.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
然后运行AppScan,点击许可证
![图片[4]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-95.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
点击切换到IBM许可证
![图片[5]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-96.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
点击打开AppScan License Manager…
![图片[6]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-97.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
导入AppScanStandard.txt
文件,激活许可证
![图片[7]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-99-1024x763.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
这里可以看到许可证已经永久激活,然后我们可以开始使用工具欢乐的日站了
![图片[8]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-98.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
扫描教程
新建一个扫描web应用程序的项目
![图片[9]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-100-1024x639.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
填写你要扫描的站点,我这里填写我维护的客户网站地址
![图片[10]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-101.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
这里可以如果不涉及到登录的情况,你可以直接点下一步
如果涉及到登录,你可以在这里点击记录模拟登录过程,当然一般我们还是建议在cookies里直接设置比较好,这个后面再说
![图片[11]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-102.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
这里选择缺省值就行了,它不会扫描端口和进行入侵行为
![图片[12]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-103.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
如果碰到有cc攻击拦截的站点,或者有基础waf的,建议你把扫描速度调低,我们这里是授权进行测试,因此调快速也可以
![图片[13]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-104.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
点击完成
![图片[14]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-105.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
然后保存好项目就可以开始自动化扫描了
![图片[15]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-106.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
在扫描过程中,你可以通过右下角查看实时的不同等级威胁数量统计
![图片[16]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-107-1024x554.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
在右上角切换成问题
,可以更好的定位到我们服务器中存在的问题
![图片[17]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-108-1024x555.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
点击展开问题,可以看到每一个存在问题的详细情况,AppScan这里做的比较好的是把测试的响应结果也做成了可视化的界面,方便我们去阅读
![图片[18]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-112-1024x541.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
点击请求/响应
可以看到自动化工具在渗透测试中修改了哪些内容
![图片[19]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-110-1024x622.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
如果你不相信它的测试结果,你可以点击在浏览器中显示自己去试下
发现确实存在XSS的漏洞
![图片[20]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-109-1024x297.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
报告导出
生成报告
使用AppScan也可以像之前介绍的Awvs一样生成行业报告
![图片[21]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-111.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
你可以按照行业标准
![图片[22]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-113-1024x804.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
同时,在布局上可以进行细微调整,比方说把HCL的logo换成猪头logo
![图片[23]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-114.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
然后导出PDF就好了
![图片[24]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-115-1024x797.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
报告预览
![图片[25]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-116.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
一般行业报告都会有这种条例的以及固定的标准模板,比方说遵循XXX行业标准,行业标准有XXXX
![图片[26]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-117.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
然后会有专门的问题汇总
![图片[27]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-118.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
以及按照不同Owasp分类下的问题进行汇总
![图片[28]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-119.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
小技巧
设置cookies
如果你的测试中希望使用某个用户的登陆状态下进行测试,需要进行扫描配置
![图片[29]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-120.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
填写你要测试的Cookie名
![图片[30]-渗透测试工具Hcl AppScan Standard 10.0破解版-FancyPig's blog](https://static.iculture.cc/wp-content/uploads/2021/05/image-121.png?x-oss-process=image/auto-orient,1/format,webp/watermark,image_cHVibGljL2xvZ28ucG5nP3gtb3NzLXByb2Nlc3M9aW1hZ2UvcmVzaXplLFBfMTA,x_10,y_10)
- 最新
- 最热
只看作者