1. This post will introduce you with a well known tool to clone a website ..the tool is known as HTTrack...though is inbuilt into Kali but older versions may not have it... The purpose of HTTrack is to copy a website.It allows a Penetration Tester to look at the entire content of a website, all its pages,and files offline, and in their own controlled environment. Needless to emphasize on the importance and usefulness of having a copy of a website that could be used to develop fake phishing websites, which can be incorporated in other Penetration Testing toolsets.To install HTTrack if not already inbuilt in Kali, open a Terminal window and type in the following as shown in the following screenshot.
apt-get install httrack
|
(Click on image to enlarge) |
|
(Click on image to enlarge) |
|
(Click on image to enlarge) |
2. Firstly we will create a directory to store the copied website. The following
screenshot shows a directory created named
testwebsite using the mkdir command.
3. To start HTTrack, type
httrack in the command window and give the project
a name, as shown in the following screen shot:
|
(Click on image to enlarge) |
|
(Click on image to enlarge) |
4. The next step is to select a directory to save the website. The example in the
following screen shot shows the folder created in the previous step
/root/
testwebsite, used for the directory:
|
(Click on image to enlarge) |
5. Enter the URL of the site you want to capture. The example in the following
screen shot shows
www.hackershandbook.org. This can be any website. Most attacks use a website accessed by clients from your target, such as popular social media websites or the target's internal websites.The next two options are presented regarding what you want to do with the captured site. Option 2 is the easiest method, which is a mirror website with a wizard as shown in the following screen shot:
|
(Click on image to enlarge) |
6. Next, you can specify if you want to use a proxy to launch the attack. You can also specify what type of files you want to download (the example in the following screen shot shows * for all files). You can also define any command line options or flags you might want to set. The example in the following screen shot shows no additional options.Before
httrack runs, it will display the command that it is running. You can use this command in the future if you want to run
httrack without going through the wizard again. The following screen shots show
hhtrack cloning
www.hackershandbook.org:
|
(Click on image to enlarge) |
|
(Click on image to enlarge) |
7. After you are done cloning the website, navigate to the directory where you
saved it. Inside, you will find all your files and web pages, as shown in the
following screen shot:
|
(Click on image to enlarge) |
8. Thanks to book
Web Penetration Testing with Kali Linux by
Joseph Muniz &
Aamir Lakhani