background preloader

Penetration Testing Tools and How2s

Facebook Twitter

Python-Pen-Toolbag

Pen-Toolbag. Violent-Python-Code-Sploits. Sploits. Wifi Hacker. Ethical Hacking. HACK CRACK. Kali - Linux. Penetration Testing/Ethical Hacking/Etc | Jobs/Etc. Hacking/Forensics/Penetration Testing Distributions. Penetration Testing Explained by Varonis. Software Testing Help - A Must Visit Software Testing Portal.

Personal Software Inspector. Personal Software Inspector is a security scanner which identifies programs that are insecure and need updates.

Personal Software Inspector

It automates the updating of the majority of these programs, making it a lot easier to maintain a secure PC. It automatically detects insecure programs, downloads the required patches, and installs them accordingly without further user interaction. Personal Software Inspector also detects and notifies you of programs that cannot be automatically updated with software patches and provides you with detailed instructions for updating the program when available.

In most cases, you simply need to click the appropriate icon in the Results window and follow the on-screen instructions to install the latest patches. Personal Security Inspector includes the following: Automatic update of programs Automatically updates your insecure programs, so you don’t have to visit different software vendor sites and figure out what their particular update mechanism is. OpenVAS - OpenVAS - Open Vulnerability Assessment System. Hcon - Home. IronWASP - Iron Web application Advanced Security testing Platform. Paterva Home. Category:OWASP WebScarab Project. Nikto2. Nikto is sponsored by Netsparker, a false positive free web application security scanner.

Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. Not every check is a security problem, though most are. Nagios - The Industry Standard In IT Infrastructure Monitoring. IBM - Software - IBM Security AppScan. Punkspider / PunkScan. Home - Arachni - Web Application Security Scanner Framework.

Aircrack-ng. Shodan. SATAN. Demos. Dradis - Effective Information Sharing. BeEF - The Browser Exploitation Framework Project. Nmap: the Network Mapper - Free Security Scanner. Sqlninja - a SQL Server injection & takeover tool. The Official Social Engineering Portal. Retina Network Community - BeyondTrust. Retina Community gives you powerful vulnerability management across your entire environment.

Retina Network Community - BeyondTrust

For up to 256 IPs free, Retina Community identifies network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments. Manage your network security with Retina Community. John the Ripper password cracker. John the Ripper is free and Open Source software, distributed primarily in source code form.

John the Ripper password cracker

If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features.

Unfortunately, its overall quality is lower than the official version's. Requires OpenSSL. There are unofficial binary builds (by John the Ripper user community members) for Windows, Linux, Solaris, and Mac OS X. Web Application Security with Acunetix Web Vulnerability Scanner. OWASP Zed Attack Proxy Project.

Involvement in the development of ZAP is actively encouraged!

OWASP Zed Attack Proxy Project

You do not have to be a security expert in order to contribute. Some of the ways you can help: Feature Requests Please raise new feature requests as enhancement requests here: If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly. Feedback. Cain & Abel - Download. Burp Suite. Burp Suite is an integrated platform for performing security testing of web applications.

Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun. Burp Suite contains the following key components: Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.

Nessus Vulnerability Scanner. Web Application Security with Netsparker Web Vulnerability Scanner. BackTrack Linux - Penetration Testing Distribution. Penetration Testing & Vulnerability Assessment. w3af - Open Source Web Application Security Scanner. Go Deep. Penetration Testing Software.