Penetration Testing
OWASP Top 10 penetration testing software? Feb 28 2012 07:35PM
webcat (matthew mckinzie lewin com) (7 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 09:40PM
Nathalie Vaiser (nvaiser gmail com)
Here is a list of different tools from my notes. I don't recall which
web site I got this list from. If the hyperlinked URLs don't show up
and you
need the web site address for any of these just let me know.

(sorry if this is bit messy, in my Evernote I have it all hyperlinked
and formatted but this mailing list won't accept anything other than
plain text messages)

Suites / Frameworks:

  - Burp Suite <http://www.portswigger.net/burp/
>
  The premier tool for performing manual web application vulnerability
  assessments and penetration tests. The pro version includes a scanner, and
  the Intruder tool makes the offering stand out amongst its peers.
  - HP WebInspect <https://download.spidynamics.com/webinspect/default.htm
>
  An enterprise-focused tool suite that includes a scanner, proxy, and
  assorted other tools.
  - WebScarabNG <https://download.spidynamics.com/webinspect/default.htm
>
  The latest version of this famous suite from OWASP. Includes a web
  services module that allows you to parse WSDLs and interact with their
  associated functions.
  - IBM AppScan <http://www-01.ibm.com/software/awdtools/appscan/
>
  IBM's enterprise-focused suite.
  - Acunetix <http://www.acunetix.com/
>
  Acunetix's enterprise-focused suite.
  - NTOSpider <http://www.acunetix.com/
>
  NTObjectives's enterprise-focused suite.
  - W3af <http://w3af.sourceforge.net/
>
  w3af is a Web Application Attack and Audit Framework. The project's goal
  is to create a framework to find and exploit web application
  vulnerabilities that is easy to use and extend.
  - Websecurify <http://www.websecurify.com/
>
  Websecurify is a powerful web application security testing environment
  designed from the ground up to provide the best combination of automatic
  and manual vulnerability testing technologies.
  - Samurai <http://samurai.inguardians.com/
>
  Websecurify is a powerful web application security testing environment
  designed from the ground up to provide the best combination of automatic
  and manual vulnerability testing technologies.
  - Skipfish <http://code.google.com/p/skipfish/>
  A fully automated, active web application security reconnaissance tool
  written by Michal Zalewski of Google.
  - RAFT (Response Analysis and Further Testing
Tool)<http://code.google.com/p/raft/>
  RAFT is a testing tool for the identification of vulnerabilities in web
  applications. RAFT is a suite of tools that utilize common shared elements
  to make testing and analysis easier. The tool provides visibility in to
  areas that other tools do not such as various client side storage.
  - Zed Attack Proxy
(ZAP)<https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
>
  The Zed Attack Proxy (ZAP) is an easy to use integrated penetration
  testing tool for finding vulnerabilities in web applications. It is
  designed to be used by people with a wide range of security experience and
  as such is ideal for developers and functional testers who are new to
  penetration testing. ZAP provides automated scanners as well as a set of
  tools that allow you to find security vulnerabilities manually.

Standalone Web Assessment Tools:

  - Nikto <http://www.cirt.net/nikto2
>
  Nikto is an command line Open Source (GPL) web server scanner which
  performs comprehensive tests against web servers for multiple items,
  including over 6400 potentially dangerous files/CGIs, checks for outdated
  versions of over 1000 servers, and version specific problems on over 270
  servers.
  - Wikto <http://www.sensepost.com/labs/tools/pentest/wikto
>
  Wikto is Nikto for Windows - but with a couple of fancy extra features
  including Fuzzy logic error code checking, a back-end miner, Google
  assisted directory mining and real time HTTP request/response monitoring.
  Wikto is coded in C# and requires the .NET framework.

Nathalie Vaiser
CEH, MCP, MCTS, Linux+

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:50PM
David Mirza (dma subgraph com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:44PM
psiinon (psiinon gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Mar 05 2012 11:00AM
Zaki Akhmad (zakiakhmad gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Mar 05 2012 11:17AM
psiinon (psiinon gmail com) (1 replies)
RE: OWASP Top 10 penetration testing software? Mar 05 2012 05:46PM
Adam Behnke (adam infosecinstitute com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:33PM
Tim Gonzales (tim gonzales gmail com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:15PM
martin mngoma gmail com (1 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:44PM
Robert Wood (robertwood50 gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:53PM
martin mngoma gmail com
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:09PM
Michele Orru (antisnatchor gmail com)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:07PM
M. Hani Benhailes (kroosec gmail com) (1 replies)
Re: OWASP Top 10 penetration testing software? Feb 28 2012 08:32PM
webcat (matthew mckinzie lewin com)


 

Privacy Statement
Copyright 2010, SecurityFocus