The Social-Engineer Toolkit (SET) The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community. The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent.
OWASP Broken Web Applications Project Main The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: learning about web application security testing manual assessment techniques testing automated tools testing source code analysis tools observing web attacks testing WAFs and similar code technologies all the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.
The TCP/IP Guide The TCP/IP Guide Welcome to the free online version of The TCP/IP Guide! My name is Charles and I am the author and publisher. Software >> sslstrip This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below. Requirements Python >= 2.5 (apt-get install python) The python "twisted-web" module (apt-get install python-twisted-web) i Deliberately Insecure Web Applications For Learning Web App Security Over the last few months I've been teaching free classes for the ISSA Kentuckiana chapter in Louisville Kentucky. After doing one on Nmap and another on Sniffers, I talked it over with my buddies Brian and Jeff and decided that the next one should be on web application vulnerabilities. Now the question becomes what to test against in a classroom environment?
Offensive Computer Security Home Page (CIS 4930 / CIS 5930) Spring 2014 - Vimperator Instructors Prof. Xiuwen Liu (homepage: W. Owen Redwood (homepage: Notification : stratégie - filtrage des URL [0x00] News and Changelog Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) Development just moved to a public github repository: There is a new section below for online tutorials. Read below for Linux compilation notes. CHANGELOG for 8.3 =================== ! i What is Mutillidae? Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
BlackArch - ArchWiki - Vimperator Specialty Distributions alphaOS alphaOS is a simple and minimalistic Linux distribution for the x86-64 architecture, built using Linux Live Kit set of scripts developed by Tomas M. SSL Survey Netcraft’s SSL Survey examines the use of encrypted transactions on the Web through extensive automated exploration of the internet. Each month it provides timely answers to questions such as: How many companies are doing encrypted transactions over the internet?How many more companies are using SSL compared to the previous 12 months?Where are they? OWASP WebGoat Project Detailed solution hints WebGoat in action WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE (this page) or [WebGoat for .Net] in ASP.NET.
SecurityXploit: Pentest web-sorrow - Linux Am Saturday, 19. May 2012 im Topic 'Pentest'