Http | Penetration Testing Tools

mitmproxy

February 18, 2014portsSniffing/Spoofinghttp, https, proxy, sniffing, spoofing

mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly. Also shipped is mitmdump, the command-line version of mitmproxy, with the same functionality but without the frills.

Ncrack

February 18, 2014portsPassword Attackshttp, https, passwords, smb

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients.

Paros

February 18, 2014portsWeb Applicationsgui, http, https, infogathering, proxy, sniffing, webapps

A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.

phrasendrescher

February 18, 2014portsPassword Attackshttp, mssql, passwords

phrasen|drescher (p|d) is a modular and multi processing pass phrase cracking tool. It comes with a number of plugins but a simple plugin API allows an easy development of new plugins.

plecost

February 18, 2014portsWeb Applicationsenumeration, http, https, vulnanalysis, webapps

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin.

Powerfuzzer

February 18, 2014portsVulnerability Analysis, Web Applicationsfuzzing, gui, http, vulnanalysis, webapps

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working.

ProxyStrike

February 18, 2014portsWeb Applicationsenumeration, gui, http, https, proxy, sniffing, webapps

ProxyStrike is an active Web Application Proxy. It’s a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.

sqlmap

February 18, 2014portsExploitation Tools, Vulnerability Analysis, Web Applicationsdatabase, db2, exploitation, http, mssql, mysql, oracle, postgresql, sqlite, vulnanalysis, webapps

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

SSLyze

February 18, 2014portsInformation Gatheringhttp, infogathering, recon, ssl, webapps

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.

Uniscan

February 18, 2014portsWeb Applicationsgui, http, https, vulnanalysis, webapps

Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

Tag: http