Advertisement
e01

Penetration testing tools

e01
May 27th, 2018
363
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.13 KB | None | 0 0
  1. ======================================================================================================================================
  2. Here is a compilation of multiple forensic and penetration testing tools for applications, networks, and websites.
  3. =======================================================================================================================================
  4. Nmap
  5. Nmap is a very versatile tool developed to scan addresses (IPV6 included), this tool allows the users to gather a mass amount of
  6. information about the target quickly, information including open ports, + much, much more.
  7. Nmap supports a large number of scanning techniques such as: UDP, TCP connect(), TCP SYN (half open), ftp proxy (bounce attack), ICMP
  8. (ping sweep), FIN, ACK sweep, Xmas Tree, SYN sweep, IP Protocol, and Null scan.
  9.  
  10. Wireshark
  11.  
  12. A very powerful network troubleshooting and analysis tool,
  13. Wire shark provides the ability to view data from a live network, and supports hundreds of protocols and media formats.
  14.  
  15. Cain & Abel
  16.  
  17. Cain and Abel is a revolutionary tool that provides many functions that are able to do various password retrieval jobs, cracking passwords, sniffing networks, and routing/analyzing protocols. This tool is Windows-only, unlike many other tools that exist, this is a
  18. pleasant twist to modern penetration testing and forensic tools.
  19.  
  20. MetaSploit
  21.  
  22. MetaSploit, a very powerful network security and analysis tool, used often for penetration attacks, this tool has a clean interface and
  23. easily gathers the information that you seek.
  24.  
  25. Ettercap
  26.  
  27. Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many
  28. feature for network and host analysis. (Taken from their website)
  29.  
  30. Nessus
  31.  
  32. The Nessus tool provides high-speed data discovery, asset profiling, configuration auditing, and vulnerability analysis of networks.
  33.  
  34. Havij
  35.  
  36. Havij is the most common and heard of testing tool for SQLI injection and many other web-based injection types. It fluently provides the site's scan, admin look-up, password cracking, and database retrieval. It literally makes it a breeze to hack, and find, vulnerable
  37. websites.
  38.  
  39. Kismet
  40.  
  41. Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic.
  42. Kismet also supports plugins which allow sniffing other media such as DECT. (Taken from Kismet website)
  43.  
  44. Kali Linux
  45.  
  46. Kali is a widely popular bootable Live-CD of a Linux Distro. Kali offers a vast variety of penetration testing tools, along with those for network attacks, and supports many other forms of testing/attacking, for VOIP networks, Websites + more. The tool's interface and
  47. design provides an easy to use layout.
  48.  
  49. w3af
  50.  
  51. W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation-plugins. In some ways it is like a web-focused Metasploit.
  52. (Taken from nmap.org)
  53.  
  54. Encase
  55. EnCase is a suite of computer forensics software, commonly used by law enforcement. Its wide use has made it a de-facto standard in forensics. It is made to collect data from a computer in a forensically sound manner (employing checksums to help detect tampering).
  56. (Taken from Nmap.org.)
  57.  
  58.  
  59.  
  60. Helix
  61.  
  62. Helix is a live bootable Ubuntu CD, that contains a multitude of forensic tools involving cellphones, computers, file systems, images,
  63. and tied into its sheer power is a friendly and easy-to-use interface.
  64.  
  65.  
  66. Acunetix
  67.  
  68. Acunetix is a strong, and very popular website security tool. It provides many tools to test your website, (or others) for various
  69. injections. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.
  70.  
  71.  
  72. Burp Suite
  73.  
  74. Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. (Taken from http://portswigger.net/burp/)
  75. ======================================================================================================================================
  76. ~ e01 @AccessPwned 2018
  77. ======================================================================================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement