Another round up of tool releases that can be useful to the Pen Tester, if you are aware of any new tools or releases of existing tools you feel should be included please contact me with the details.
The comments here are my own views and I am not recommending any one product over another, if you are looking for tools I recommend trying a few, as most have free versions and picking the one that works for you. We all have our own methods of working and a pen tester’s tool bag reflects their own personality.
New test release of NMap (9th March 2012)
http://seclists.org/nmap-hackers/2012/0
5.61TEST5. This release has 43 new scripts, including new brute forcers for http proxies, SOCKS proxies, Asterisk IAX2, Membase, MongoDB, Nessus XMLRPC, Redis, the WinPcap remote capture daemon, the VMWare auth daemon, and old-school rsync.
Vanguard Pentesting Scanner (8th March)
http://packetstormsecurity.org/files/download/110603/vanguard-public.tgz
Vanguard is a comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. It provides crawling, uses LibWhisker2 for HTTP IDS evasion, and checks for issues like SQL injection, XSS, LDAP injection and more.
Not a tool as such but useful nethertheless Mutillidae (9th March)
http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. It is already installed on Samurai WTF. Simply replace existing version with latest on Samurai. Mutillidae contains dozens of vulnerabilities and hints to help the user exploit them; providing an easy-to-use web hacking environment deliberately designed to be used as a hack-lab for security enthusiast, classroom labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software.
No comments:
Post a Comment