https | Penetration Testing Tools

mitmproxy

February 18, 2014Sniffing/Spoofinghttp, https, proxy, sniffing, spoofing

mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly. Also shipped is mitmdump, the command-line version of mitmproxy, with the same functionality but without the frills.

Ncrack

February 18, 2014Password Attackshttp, https, passwords, smb

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients.

Paros

February 18, 2014Web Applicationsgui, http, https, infogathering, proxy, sniffing, webapps

A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.

plecost

February 18, 2014Web Applicationsenumeration, http, https, vulnanalysis, webapps

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin.

ProxyStrike

February 18, 2014Web Applicationsenumeration, gui, http, https, proxy, sniffing, webapps

ProxyStrike is an active Web Application Proxy. It’s a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.

THC-SSL-DOS

February 18, 2014Stress Testinghttps, stresstesting

THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet.

TLSSLed

February 18, 2014Information Gatheringenumeration, https, infogathering, ssl, tls, webapps

TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the “openssl s_client” command line tool.

Uniscan

February 18, 2014Web Applicationsgui, http, https, vulnanalysis, webapps

Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

Vega

February 18, 2014Web Applicationsenumeration, gui, http, https, infogathering, vulnanalysis, webapps

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java.

w3af

February 18, 2014Web Applicationsenumeration, exploitation, gui, http, https, vulnanalysis, webapps

w3af is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities. This package provides a graphical user interface (GUI) for the framework.

Tag: https

mitmproxy

Ncrack

Paros

plecost

ProxyStrike

THC-SSL-DOS

TLSSLed

Uniscan

Vega

w3af

Tools Categories

Recent Additions

Tag: https

Tools Categories

Recent Additions

Tag Cloud