https | Penetration Testing Tools

RouterSploit

May 2, 2017dookieExploitation Toolsexploitation, http, https, passwords

routersploit Package Description The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits – modules that take advantage of identified vulnerabilities creds – modules designed to test credentials against network services scanners – modules that check if a target is vulnerable to…

SPARTA

March 28, 2017dookieInformation Gatheringdns, enumeration, gui, http, https, infogathering, mysql, passwords, portscanning, recon, smb, snmp

sparta Package Description SPARTA is a python GUI application that simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to their toolkit and by displaying all tool output in a convenient way. If less time is spent…

Gobuster

February 6, 2017dookieWeb Applicationsenumeration, http, https, infogathering, webapps

Gobuster is a web content scanner that looks for existing (and/or hidden) web objects. It basically works by launching a dictionary based attack against a web server and analyzing the response.

DIRB

February 18, 2014portsWeb Applicationsenumeration, http, https, infogathering, webapps

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analizing the response.

DirBuster

February 18, 2014portsWeb Applicationsenumeration, gui, http, https, infogathering, webapps

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

fimap

February 18, 2014portsWeb Applicationsexploitation, http, https, vulnanalysis, webapps

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.

Grabber

February 18, 2014portsWeb Applicationshttp, https, vulnanalysis, webapps

Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable.

joomscan

February 18, 2014portsWeb Applicationshttp, https, vulnanalysis, webapps

Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.

jSQL

February 18, 2014portsVulnerability Analysis, Web Applicationsgui, http, https, vulnanalysis, webapps

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

mitmproxy

February 18, 2014portsSniffing/Spoofinghttp, https, proxy, sniffing, spoofing

mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly. Also shipped is mitmdump, the command-line version of mitmproxy, with the same functionality but without the frills.

Tag: https