Enumeration | Penetration Testing Tools

Webshag

February 18, 2014portsWeb Applicationsenumeration, gui, http, https, portscanning, webapps

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.

WebSploit

February 18, 2014portsWeb Applicationsenumeration, http, https, vulnanalysis, webapps

WebSploit Is an open source project for web application assessments.

Wfuzz

February 18, 2014portsWeb Applicationsenumeration, vulnanalysis, webapps

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

Wifite

February 18, 2014portsWireless Attacksenumeration, exploitation, wireless

To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool.

WOL-E

February 18, 2014portsInformation Gatheringenumeration, infogathering

WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers.

Xplico

February 18, 2014portsForensics, Information Gatheringenumeration, forensics, infogathering, networking, voip

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP, MGCP, H323), FTP, TFTP, and so on. Xplico is not a network protocol analyzer.

cisco-torch

February 16, 2014portsExploitation Tools, Information Gathering, Vulnerability Analysisenumeration, infogathering, passwords, snmp, tftp

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs.

CDPSnarf

February 16, 2014portsInformation Gatheringcdp, enumeration, infogathering, sniffing

CDPSnarf is a network sniffer exclusively written to extract information from CDP packets.
It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.

braa

February 16, 2014portsInformation Gatheringenumeration, infogathering, snmp

Braa is a mass snmp scanner. The intended usage of such a tool is of course making SNMP queries – but unlike snmpget or snmpwalk from net-snmp, it is able to query dozens or hundreds of hosts simultaneously, and in a single process. Thus, it consumes very few system resources and does the scanning VERY fast.

Nmap

February 15, 2014portsInformation Gathering, Vulnerability Analysisenumeration, http, https, infogathering, portscanning, smb, smtp, snmp, ssl, tftp, vulnanalysis

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Tag: enumeration