https | Penetration Testing Tools

Webshag

February 18, 2014portsWeb Applicationsenumeration, gui, http, https, portscanning, webapps

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.

Webshells

February 18, 2014portsMaintaining Accesshttp, https, postexploitation

A collection of webshells for ASP, ASPX, CFM, JSP, Perl, and PHP servers.

WebSlayer

February 18, 2014portsWeb Applicationsfuzzing, gui, http, https, webapps

Webslayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc.

WebSploit

February 18, 2014portsWeb Applicationsenumeration, http, https, vulnanalysis, webapps

WebSploit Is an open source project for web application assessments.

WPScan

February 18, 2014portsWeb Applicationshttp, https, vulnanalysis, webapps

WPScan Package Description WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Source: http://wpscan.org/ WPScan Homepage | Kali wpscan Repo Author: The WPScan Team License: Other Tools included in the wpscan package wpscan – WordPress vulnerability scanner root@kali:~# wpscan –help _______________________________________________________________ …

XSSer

February 18, 2014portsWeb Applicationsgui, http, https, vulnanalysis, webapps

Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

zaproxy

February 18, 2014portsPassword Attacks, Sniffing/Spoofing, Web Applicationsfuzzing, gui, http, https, passwords, proxy, sniffing, vulnanalysis, webapps

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

DAVTest

February 16, 2014portsWeb Applicationsexploitation, http, https, vulnanalysis, webapps

DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

Burp Suite

February 16, 2014portsPassword Attacks, Sniffing/Spoofing, Web Applicationsfuzzing, gui, http, https, passwords, proxy, sniffing, vulnanalysis, webapps

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Nmap

February 15, 2014portsInformation Gathering, Vulnerability Analysisenumeration, http, https, infogathering, portscanning, smb, smtp, snmp, ssl, tftp, vulnanalysis

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Tag: https