background preloader

Penetration Testing Tools and How2s

Facebook Twitter

Python-Pen-Toolbag

Pen-Toolbag. Violent-Python-Code-Sploits. Sploits. Wifi Hacker. Ethical Hacking. HACK CRACK. Kali - Linux. Penetration Testing/Ethical Hacking/Etc | Jobs/Etc. Hacking/Forensics/Penetration Testing Distributions. Penetration Testing Explained by Varonis. Software Testing Help - A Must Visit Software Testing Portal. Personal Software Inspector. Personal Software Inspector is a security scanner which identifies programs that are insecure and need updates.

Personal Software Inspector

It automates the updating of the majority of these programs, making it a lot easier to maintain a secure PC. It automatically detects insecure programs, downloads the required patches, and installs them accordingly without further user interaction. Personal Software Inspector also detects and notifies you of programs that cannot be automatically updated with software patches and provides you with detailed instructions for updating the program when available. In most cases, you simply need to click the appropriate icon in the Results window and follow the on-screen instructions to install the latest patches.

Personal Security Inspector includes the following: Automatic update of programs Automatically updates your insecure programs, so you don’t have to visit different software vendor sites and figure out what their particular update mechanism is. OpenVAS - OpenVAS - Open Vulnerability Assessment System. Hcon - Home. IronWASP - Iron Web application Advanced Security testing Platform. Paterva Home. Category:OWASP WebScarab Project. Nikto2. Nikto is sponsored by Netsparker, a dead accurate and easy to use web application security solution.

Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS.

Not every check is a security problem, though most are. Nagios - The Industry Standard In IT Infrastructure Monitoring. IBM - Software - IBM Security AppScan. Static and dynamic application security testing throughout the application lifecycle IBM Security AppScan Trial Try a full-featured version of the software.

IBM - Software - IBM Security AppScan

Punkspider / PunkScan. Home - Arachni - Web Application Security Scanner Framework. Aircrack-ng. Shodan. SATAN. Demos. Dradis - Effective Information Sharing. BeEF - The Browser Exploitation Framework Project. Nmap: the Network Mapper - Free Security Scanner. Sqlninja - a SQL Server injection & takeover tool. The Official Social Engineering Portal. Retina Network Community - BeyondTrust. Retina Community gives you powerful vulnerability management across your entire environment.

Retina Network Community - BeyondTrust

For up to 256 IPs free, Retina Community identifies network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments. Manage your network security with Retina Community. Metro styled user interface for streamlined vulnerability assessment, management and content related to database, workstation, server, and virtualized environmentsPerform free vulnerability assessment of missing patches, zero-days and insecure configurationsSimplify security assessment with user profiles that align to your job functionImprove risk management and prioritization with broad exploit identification from Core Impact, Metasploit, and Exploit-db.comFull Support for VMware environments, including online and offline virtual image scanning, virtual application scanning, and integration with vCenter. John the Ripper password cracker.

John the Ripper is free and Open Source software, distributed primarily in source code form.

John the Ripper password cracker

If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version's. Requires OpenSSL. There are unofficial binary builds (by John the Ripper user community members) for Windows, Linux, Solaris, and Mac OS X. Web Application Security with Acunetix Web Vulnerability Scanner. OWASP Zed Attack Proxy Project.

Involvement in the development of ZAP is actively encouraged!

OWASP Zed Attack Proxy Project

You do not have to be a security expert in order to contribute. Some of the ways you can help: Feature Requests Please raise new feature requests as enhancement requests here: If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly. Feedback Please use the zaproxy-users Google Group for feedback: What do like? Cain & Abel - Download. Burp Suite. Nessus Vulnerability Scanner. Web Application Security with Netsparker Web Vulnerability Scanner. This is probably the best web-app tool that I have ever seen.

Web Application Security with Netsparker Web Vulnerability Scanner

Of course, I am not a hacker... Really :) But I have reviewed some penetration test results and other tools, and of course I know a lot of hackers, so I can say that your tool covers all of the most important things. Eli Jellenc. BackTrack Linux - Penetration Testing Distribution. Penetration Testing & Vulnerability Assessment. w3af - Open Source Web Application Security Scanner. Go Deep. Penetration Testing Software.