One of the features of a Pen Test tool I feels is the ability to add to its functionality and this demonstrates why, the ability to run addition tools from withing another improves the testing capability of a tool.
Sqlmap plugin for BurpSuite http://code.google.com/p/gason/
This project contains plugins to extend BurpSuite proxy. The first release contains a plugin to run sqlmap from Burp.
OWASP ZAP http://code.google.com/p/zaproxy/
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. The current version of ZAP is 1.3.4 But they have alsoe also got a 1.4.alpha.1
I have looked at several sites where their has been problems with security certificates, this is a tool I will be looking at to see if it can help with identifying thr problems.
SSLyze http://code.google.com/p/sslyze/
a Better, faster scanner to analyze the configuration of SSL servers.
- Supports cipher suites scanning, insecure renegotiation verification, session resumption testing, client certificates, and more...
- Tested on Python 2.6 & 2.7 with Ubuntu and Windows 7, both 32 and 64 bits. Might work on other platforms as well.
- Based on OpenSSL and a custom SSL Python wrapper
No comments:
Post a Comment