Penetration Tools List

Today in the pen-test newsletter from security focus, Nathalie Vaiser has sent a very interesting list of penetration tools. I publish as it.

Here is a list of different tools from my notes. I don’t recall which
web site I got this list from. If the hyperlinked URLs don’t show up
and you
need the web site address for any of these just let me know.

(sorry if this is bit messy, in my Evernote I have it all hyperlinked
and formatted but this mailing list won’t accept anything other than
plain text messages)

Suites / Frameworks:

Burp Suite http://www.portswigger.net/burp/
The premier tool for performing manual web application vulnerability
assessments and penetration tests. The pro version includes a scanner, and
the Intruder tool makes the offering stand out amongst its peers.
HP WebInspect https://download.spidynamics.com/webinspect/default.htm
An enterprise-focused tool suite that includes a scanner, proxy, and
assorted other tools.
WebScarabNG https://download.spidynamics.com/webinspect/default.htm
The latest version of this famous suite from OWASP. Includes a web
services module that allows you to parse WSDLs and interact with their
associated functions.
IBM AppScan http://www-01.ibm.com/software/awdtools/appscan/
IBM’s enterprise-focused suite.
Acunetix http://www.acunetix.com/
Acunetix’s enterprise-focused suite.
NTOSpider http://www.acunetix.com/
NTObjectives’s enterprise-focused suite.
W3af http://w3af.sourceforge.net/
w3af is a Web Application Attack and Audit Framework. The project’s goal
is to create a framework to find and exploit web application
vulnerabilities that is easy to use and extend.
Websecurify http://www.websecurify.com/
Websecurify is a powerful web application security testing environment
designed from the ground up to provide the best combination of automatic
and manual vulnerability testing technologies.
Samurai http://samurai.inguardians.com/
Websecurify is a powerful web application security testing environment
designed from the ground up to provide the best combination of automatic
and manual vulnerability testing technologies.
Skipfish http://code.google.com/p/skipfish/>
A fully automated, active web application security reconnaissance tool
written by Michal Zalewski of Google.
RAFT (Response Analysis and Further Testing
Tool) http://code.google.com/p/raft/>
RAFT is a testing tool for the identification of vulnerabilities in web
applications. RAFT is a suite of tools that utilize common shared elements
to make testing and analysis easier. The tool provides visibility in to
areas that other tools do not such as various client side storage.
Zed Attack Proxy
(ZAP) https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration
testing tool for finding vulnerabilities in web applications. It is
designed to be used by people with a wide range of security experience and
as such is ideal for developers and functional testers who are new to
penetration testing. ZAP provides automated scanners as well as a set of
tools that allow you to find security vulnerabilities manually.

Standalone Web Assessment Tools:

Nikto http://www.cirt.net/nikto2
Nikto is an command line Open Source (GPL) web server scanner which
performs comprehensive tests against web servers for multiple items,
including over 6400 potentially dangerous files/CGIs, checks for outdated
versions of over 1000 servers, and version specific problems on over 270
servers.
Wikto http://www.sensepost.com/labs/tools/pentest/wikto
Wikto is Nikto for Windows – but with a couple of fancy extra features
including Fuzzy logic error code checking, a back-end miner, Google
assisted directory mining and real time HTTP request/response monitoring.
Wikto is coded in C# and requires the .NET framework.

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s

A %d blogueros les gusta esto: