Penetration Testing mailing list archives
Re: OWASP Top 10 penetration testing software?
From: Nathalie Vaiser <nvaiser () gmail com>
Date: Tue, 28 Feb 2012 16:40:04 -0500
Here is a list of different tools from my notes. I don't recall which web site I got this list from. If the hyperlinked URLs don't show up and you need the web site address for any of these just let me know. (sorry if this is bit messy, in my Evernote I have it all hyperlinked and formatted but this mailing list won't accept anything other than plain text messages) Suites / Frameworks: - Burp Suite <http://www.portswigger.net/burp/
The premier tool for performing manual web application vulnerability assessments and penetration tests. The pro version includes a scanner, and the Intruder tool makes the offering stand out amongst its peers. - HP WebInspect <https://download.spidynamics.com/webinspect/default.htm
An enterprise-focused tool suite that includes a scanner, proxy, and assorted other tools. - WebScarabNG <https://download.spidynamics.com/webinspect/default.htm
The latest version of this famous suite from OWASP. Includes a web services module that allows you to parse WSDLs and interact with their associated functions. - IBM AppScan <http://www-01.ibm.com/software/awdtools/appscan/
IBM's enterprise-focused suite. - Acunetix <http://www.acunetix.com/
Acunetix's enterprise-focused suite. - NTOSpider <http://www.acunetix.com/
NTObjectives's enterprise-focused suite. - W3af <http://w3af.sourceforge.net/
w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. - Websecurify <http://www.websecurify.com/
Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. - Samurai <http://samurai.inguardians.com/
Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. - Skipfish <http://code.google.com/p/skipfish/> A fully automated, active web application security reconnaissance tool written by Michal Zalewski of Google. - RAFT (Response Analysis and Further Testing Tool)<http://code.google.com/p/raft/> RAFT is a testing tool for the identification of vulnerabilities in web applications. RAFT is a suite of tools that utilize common shared elements to make testing and analysis easier. The tool provides visibility in to areas that other tools do not such as various client side storage. - Zed Attack Proxy (ZAP)<https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Standalone Web Assessment Tools: - Nikto <http://www.cirt.net/nikto2
Nikto is an command line Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers. - Wikto <http://www.sensepost.com/labs/tools/pentest/wikto
Wikto is Nikto for Windows - but with a couple of fancy extra features including Fuzzy logic error code checking, a back-end miner, Google assisted directory mining and real time HTTP request/response monitoring. Wikto is coded in C# and requires the .NET framework. Nathalie Vaiser CEH, MCP, MCTS, Linux+ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- OWASP Top 10 penetration testing software? webcat (Feb 28)
- Re: OWASP Top 10 penetration testing software? M. Hani Benhailes (Feb 28)
- Re: OWASP Top 10 penetration testing software? webcat (Feb 28)
- Re: OWASP Top 10 penetration testing software? Michele Orru (Feb 28)
- Re: OWASP Top 10 penetration testing software? martin . mngoma (Feb 28)
- Re: OWASP Top 10 penetration testing software? Robert Wood (Feb 28)
- Re: OWASP Top 10 penetration testing software? martin . mngoma (Feb 28)
- Re: OWASP Top 10 penetration testing software? Robert Wood (Feb 28)
- Re: OWASP Top 10 penetration testing software? Tim Gonzales (Feb 28)
- Re: OWASP Top 10 penetration testing software? psiinon (Feb 28)
- Re: OWASP Top 10 penetration testing software? David Mirza (Feb 28)
- Re: OWASP Top 10 penetration testing software? Nathalie Vaiser (Feb 28)
- Re: OWASP Top 10 penetration testing software? M. Hani Benhailes (Feb 28)