Monday 26 March 2012

Tools (March 26th)

Weekly blog on the tools that have come to my attention over the last week, it is not a comprehesive tool list but tools that I found interesting or details of tools I use that have been upgraded.

One of the features of a Pen Test tool I feels is the ability to add to its functionality and this demonstrates why, the ability to run addition tools from withing another improves the testing capability of a tool.

Sqlmap plugin for BurpSuite http://code.google.com/p/gason/
This project contains plugins to extend BurpSuite proxy. The first release contains a plugin to run sqlmap from Burp.

OWASP ZAP http://code.google.com/p/zaproxy/
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. The current version of ZAP is 1.3.4 But they have alsoe also got a 1.4.alpha.1
I have looked at several sites where their has been problems with security certificates, this is a tool I will be looking at to see if it can help with identifying thr problems.

SSLyze http://code.google.com/p/sslyze/
a Better, faster scanner to analyze the configuration of SSL servers.
  • Supports cipher suites scanning, insecure renegotiation verification, session resumption testing, client certificates, and more...
  • Tested on Python 2.6 & 2.7 with Ubuntu and Windows 7, both 32 and 64 bits. Might work on other platforms as well.
  • Based on OpenSSL and a custom SSL Python wrapper

No comments:

Post a Comment