1234567891011121314151617181920212223242526272829303132333435363738394041424344 |
- Tools for Pen-Testing
- SCAPY
- Scapy is a CLI tool written in Python. It can be used to forge or decode packets and
- then send them out in the network.
- KISMET
- Kismet is a network analyser, packet sniffer and intrusion detection system for 802.11
- wireless LAN.
- WPSCAN
- WPScan is a black box WordPress vulnerability scanner. With it, you can check vulnerab-
- ilities in third-party themes, plugins, etc.
- OPHCRACK
- Ophcrack helps you crack Windows passwords by using LM hashes through rainbow tables.
- BEEF
- BeEF stands for browser exploitation framework. You can use it to assess the actual
- security posture of a target environment by hooking in web browsers and using them as
- client-side attack vectors.
- SQLMAP
- Sqlmap automates the process of detecting and exploiting SQL injection flaws to finger-
- print and then take over database servers, to access the underlying filesystem.
- SIEGE
- Siege is an HTTP load testing and benchmarking utility. It is designed to help web
- developers measure their web applications under duress attacks like DDoS.
- FIMAP
- Fimap is a Python tool which can help you find, prepare, audit, exploit and even google
- automatically for local and remote file inclusion bugs in web applications.
- ETTERCAP
- Ettercap helps you to simulate man-in-the-middle attacks on LAN. Ettercap works by
- putting the network interface into promiscuous mode and by ARP poisoning the target
- machines.
- OWASP ZAP
- ZAP is an acronym for the Zed Attack Proxy project. It is created by OWASP, the
- renowned web security-based foundation. ZAP can be used to find vulnerabilities in web
- applications.
|