Vulnerability Analysis | Penetration Testing Tools

DBPwAudit

February 18, 2014portsPassword Attacks, Vulnerability Analysisdatabase, db2, mssql, mysql, oracle, passwords, vulnanalysis

DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory.

Doona

February 18, 2014portsVulnerability Analysisfuzzing, stresstesting, vulnanalysis

Doona is a fork of the Bruteforce Exploit Detector Tool (BED). BED is a program which is designed to check daemons for potential buffer overflows, format string bugs etc.

DotDotPwn

February 18, 2014portsInformation Gathering, Vulnerability Analysisexploitation, http, recon

It’s a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc.

HexorBase

February 18, 2014portsPassword Attacks, Vulnerability Analysisdatabase, gui, mssql, mysql, passwords, postgresql, sqlite, vulnanalysis

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).

Inguma

February 18, 2014portsVulnerability Analysisenumeration, fuzzing, infogathering, passwords, portscanning, vulnanalysis

Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits.

jSQL

February 18, 2014portsVulnerability Analysis, Web Applicationsgui, http, https, vulnanalysis, webapps

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

Lynis

February 18, 2014portsVulnerability Analysisforensics, vulnanalysis

Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.

ohrwurm

February 18, 2014portsSniffing/Spoofing, Vulnerability Analysisfuzzing, rtp, sniffing, spoofing, voip, vulnanalysis

ohrwurm is a small and simple RTP fuzzer that has been successfully tested on a small number of SIP phones.

Oscanner

February 18, 2014portsVulnerability Analysisenumeration, oracle, passwords

Oscanner is an Oracle assessment framework developed in Java. It has a plugin-based architecture.

Powerfuzzer

February 18, 2014portsVulnerability Analysis, Web Applicationsfuzzing, gui, http, vulnanalysis, webapps

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working.

Category: Vulnerability Analysis