Here is an updated list of the Top Ten pentesting tools gathered by Concise-Courses for 2017: 1. Nmap (Network Mapper) | Free | Used to Scan Ports and Map Networks – and a whole bunch more! 2. Metasploit Penetration Testing Software | Free & Paid Versions – Vulnerability Exploitation Tool 3. John The Ripper | […]
Category: Tools
What is fuzzing?
Fuzzing is when random data is thrown at a web application to see what happens next. A Security Fuzzer is a tool designed to provide random data (fuzzing testing) to an application and record the reaction of the application. In the context of web application testing, fuzzing means testing especially for buffer overflows, parameter validation […]
Open Source Black Box Testing tools
Reference: OWASP General Testing OWASP ZAP The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to […]
Some ways to use free tools
use Owasp ZAP or Webscarab for their proxy functionality. use Nikto and W3AF to scan web applications. use SQLMap to exploit SQL injections vulnerabilities. use XSSer to detect and exploit XSS vulnerabilities. use Powefuzzer to fuzz parameters use online encoder/decoders use DirBuster to find hidden resources
What is sqlmap?
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. sqlmap – automatic SQL injection tool root@kali:~# sqlmap -h Usage: python sqlmap [options] Options: -h, –help Show basic help message and exit -hh […]
What is Nikto2?
Nikto is an Open Source (GPL) web server scanner which can check for more than 6,700 potentially dangerous files or programs, for outdated versions of more than 1,250 servers, and for version-specific issues on more than 270 servers. Additionally, it will look at server configuration concerns such as multiple index files and various HTTP server […]
What is Cain and Abel?
Cain and Abel describes itself as a password recovery tool for Windows. In reality, however, it is much more useful than that – it can capture and monitor network traffic for passwords, crack encrypted passwords using multiple methods, record VoIP conversations, and even recover wireless network keys. The software can perform a dictionary attack test […]
Tools That Should Be In Your Infosec Toolbox
Reference: http://www.proactiverisk.com/tools/ DISCLAIMER The following list of URL’s are a collection of resources broken down by category. The resources are listed numerically in no particular order except for tracking purposes Breach Laws State Breach Laws Hardening Guides Windows: CIS Security Benchmarks for Windows NSA Security Configuration Guides for Windows Microsoft Baseline Security Analyzer Microsoft PC Security Secunia Personal […]