Vulnanalysis | Penetration Testing Tools

ohrwurm

February 18, 2014portsSniffing/Spoofing, Vulnerability Analysisfuzzing, rtp, sniffing, spoofing, voip, vulnanalysis

ohrwurm is a small and simple RTP fuzzer that has been successfully tested on a small number of SIP phones.

PadBuster

February 18, 2014portsWeb Applicationsvulnanalysis, webapps

PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster provides the capability to decrypt arbitrary ciphertext, encrypt arbitrary plaintext, and perform automated response analysis to determine whether a request is vulnerable to padding oracle attacks.

plecost

February 18, 2014portsWeb Applicationsenumeration, http, https, vulnanalysis, webapps

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin.

Powerfuzzer

February 18, 2014portsVulnerability Analysis, Web Applicationsfuzzing, gui, http, vulnanalysis, webapps

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working.

sfuzz

February 18, 2014portsVulnerability Analysisfuzzing, vulnanalysis

simple fuzz is exactly what it sounds like – a simple fuzzer. don’t mistake simple with a lack of fuzz capability. this fuzzer has two network modes of operation, an output mode for developing command line fuzzing scripts, as well as taking fuzzing strings from literals and building strings from sequences.

SidGuesser

February 18, 2014portsVulnerability Analysisdatabase, oracle, vulnanalysis

Guesses sids/instances against an Oracle database according to a predefined dictionary file. The speed is slow (80-100 guesses per second) but it does the job.

SIPArmyKnife

February 18, 2014portsSniffing/Spoofing, Vulnerability Analysisvoip, vulnanalysis, webapps

SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more.

Skipfish

February 18, 2014portsWeb Applicationsenumeration, vulnanalysis, webapps

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.

sqlmap

February 18, 2014portsExploitation Tools, Vulnerability Analysis, Web Applicationsdatabase, db2, exploitation, http, mssql, mysql, oracle, postgresql, sqlite, vulnanalysis, webapps

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Sqlninja

February 18, 2014portsVulnerability Analysis, Web Applicationsdatabase, mssql, vulnanalysis, webapps

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja.

Tag: vulnanalysis