# Unicorn-Magic$ Pentest Course: Section 1 – Introduction & Installation
## Introduction to Unicorn-Magic$
Unicorn-Magic$ is a powerful tool designed for penetration testers and security professionals that assists in the automation and execution of various attack vectors within penetration testing engagements. This comprehensive pentesting course will cover everything from installation and configuration on Kali Linux to step-by-step usage with real-world scenarios.
In this section, we will focus on the installation and configuration of Unicorn-Magic$ on Kali Linux, followed by detailed usage with technical explanations, code examples, and references for deeper understanding.
## Installation and Configuration on Kali Linux
To ensure a smooth installation and configuration process, please follow the steps outlined below:
### Prerequisites
Before installing Unicorn-Magic$, ensure that your Kali Linux environment is up to date. Open a terminal and run:
"`bash
sudo apt update && sudo apt upgrade -y
"`
Make sure you have Python 3 and pip installed. You can check if Python is installed by running:
"`bash
python3 –version
pip3 –version
"`
If either is missing, install them with:
"`bash
sudo apt install python3 python3-pip -y
"`
### Installation Steps
1. **Clone the Unicorn-Magic$ Repository:**
Open a terminal and clone the repository directly from GitHub:
git clone https://github.com/username/unicorn-magic.git
Replace `https://github.com/username/unicorn-magic.git` with the actual GitHub URL.
2. **Navigate to the Unicorn-Magic$ Directory:**
After cloning, navigate into the Unicorn-Magic$ directory:
cd unicorn-magic
3. **Install Required Dependencies:**
Unicorn-Magic$ may require additional Python packages. Install the required packages using pip:
pip3 install -r requirements.txt
4. **Configuration:**
Unicorn-Magic$ might need some configuration files to be set up. Locate the configuration file, typically named `config.json`, and edit it to fit your environment:
nano config.json
Example configuration:
[/dm_code_snippet]json
{
"target": "http://target-site.com",
"port": 80,
"timeout": 5
}
[/dm_code_snippet]
Adjust the `target` and `port` according to the target environment you intend to test.
5. **Running Unicorn-Magic$:**
After the installation and configuration, you can run Unicorn-Magic$ using:
python3 unicorn-magic.py
### Step-by-Step Usage and Real-World Use Cases
With Unicorn-Magic$ successfully installed and configured, let’s delve into its functionality with step-by-step usage examples.
#### Example 1: Basic Information Gathering
Information gathering is often the first step in penetration testing. Unicorn-Magic$ can automate DNS enumeration and service discovery.
1. Execute the following command:
python3 unicorn-magic.py –action dns-enum –target example.com
Replace `example.com` with your target domain.
2. The output will provide nameservers, IP addresses, and potentially subdomains associated with the target.
#### Example 2: Exploiting Vulnerabilities
Unicorn-Magic$ comes with several scripts to exploit known vulnerabilities. Here, we demonstrate exploiting a simple SQL injection:
1. Identify a vulnerable parameter in the target application, such as:
[/dm_code_snippet]url
http://example.com/vulnerable.php?id=1
[/dm_code_snippet]
2. Use Unicorn-Magic$ to exploit it:
python3 unicorn-magic.py –action sql-inject –url "http://example.com/vulnerable.php?id=1"
3. Monitor the output for database information or other sensitive data.
### Detailed Technical Explanations
Unicorn-Magic$ leverages various libraries and frameworks to perform its tasks, including:
– **Requests:** This Python library simplifies making HTTP requests.
– **BeautifulSoup:** Used for parsing HTML documents, helping to extract useful information from responses.
– **SQLMap:** Automated SQL injection tool integrated within Unicorn-Magic$ for testing web applications against SQL injection vulnerabilities.
For comprehensive technical understanding, refer to the following external resources:
– [Requests Documentation](https://docs.python-requests.org/en/master/)
– [BeautifulSoup Documentation](https://www.crummy.com/software/BeautifulSoup/bs4/doc/)
– [SQLMap Documentation](http://sqlmap.org/)
### Code Examples for WordPress
Integrating Unicorn-Magic$ with WordPress can involve various tasks from scanning for vulnerabilities to automating tasks for security audits. Below are examples pertinent specifically for WordPress.
#### Scanning for Vulnerabilities
To scan a WordPress site for common vulnerabilities, execute:
"`bash
python3 unicorn-magic.py –action wp-vuln-scan –url http://wordpress-site.com
"`
#### Brute Forcing Login
In cases where default credentials are suspected, you can automate the login brute force process:
"`bash
python3 unicorn-magic.py –action wp-login-brute –url http://wordpress-site.com/wp-login.php –usernames users.txt –passwords passwords.txt
"`
Replace `users.txt` and `passwords.txt` with your actual wordlists.
### Conclusion
In this section, we explored the installation and configuration of Unicorn-Magic$ on Kali Linux, as well as its basic functionalities in penetration testing. We covered information gathering, vulnerability exploitation, and provided code examples relevant to WordPress.
In the next sections, we will delve deeper into advanced features, case studies, and the ethical implications of using Unicorn-Magic$ in the field.
—
Made by pablo rotem / פבלו רותם