Https | Penetration Testing Tools

Ncrack

February 18, 2014portsPassword Attackshttp, https, passwords, smb

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients.

Paros

February 18, 2014portsWeb Applicationsgui, http, https, infogathering, proxy, sniffing, webapps

A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.

plecost

February 18, 2014portsWeb Applicationsenumeration, http, https, vulnanalysis, webapps

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin.

ProxyStrike

February 18, 2014portsWeb Applicationsenumeration, gui, http, https, proxy, sniffing, webapps

ProxyStrike is an active Web Application Proxy. It’s a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.

THC-SSL-DOS

February 18, 2014portsStress Testinghttps, stresstesting

THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet.

TLSSLed

February 18, 2014portsInformation Gatheringenumeration, https, infogathering, ssl, tls, webapps

TLSSLed is a Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a thorough SSL/TLS scanner that is based on the openssl library, and on the “openssl s_client” command line tool.

Uniscan

February 18, 2014portsWeb Applicationsgui, http, https, vulnanalysis, webapps

Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

Vega

February 18, 2014portsWeb Applicationsenumeration, gui, http, https, infogathering, vulnanalysis, webapps

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java.

w3af

February 18, 2014portsWeb Applicationsenumeration, exploitation, gui, http, https, vulnanalysis, webapps

w3af is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities. This package provides a graphical user interface (GUI) for the framework.

WebScarab

February 18, 2014portsPassword Attacks, Sniffing/Spoofing, Web Applicationsfuzzing, gui, http, https, passwords, proxy, sniffing, webapps

WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

Tag: https