OWASP ZAP (Zed Attack Proxy) - Proxy that allows for both automated and manual testing and identification of vulnerabilities. It has many components that allow for different tasks to be performed., Burp Suite Community Edition - Proxy with a wide range of options to test web applications for different vulnerabilities. Its components allow you to perform particular types of automated testing, manually modifying requests, and passive analysis., DirBuster - Web application brute-force finder for directories and files. Comes with 9 different lists, including default directories and common names given by developers. Also allows for brute-force., truffleHog - Git secrets search tool. It can automatically crawl through a repository looking for accidental commits of secrets. GitHub secrets allow code commits, this will allow an attacker to modify code in a repository., w3af - The Web Application Attack and Audit Framework allows you to identify and exploit a large set of web-based vulnerabilities, such as SQL injection and cross-site scripting., WPScan (WordPress Security Scanner)(Browser Exploit Framework) - Automatically gathers data about a WordPress site and compares findings such as plugins against a database of known vulnerabilities. Provides useful information on findings, including plugin version and references to the vulnerability such as CVE number and link., Wapiti - A web application vulnerability scanner which will automatically navigate a webapp looking for areas where it can inject data. Several modules can be enabled/disabled to target different vulnerabilities., Gobuster - Can discover subdomains, directories, and files by brute-forcing from a list of common names. This can provide information that was otherwise not available., CrackMapExec - Post-exploitation tool to identify vulnerabilities in active directory environments., BeEF (Browser Exploit Framework) - Focuses on web browser attacks by assessing the actual security posture of a target by using client-side attack vectors., Brakeman - Static code analysis security tool for Ruby on Rails applications. Checks for vulnerabilities and provides confidence level of finding (high, medium, weak)., SQLmap - SQL Injection scanner tool. Automates several of the attacks and supports many databases. Some of its features include database search, enumeration, and command execution., SearchSploit - Exploit finder that allows to search through the information found in Exploit-DB. It also supports Nmap outputs in XML format to search for exploits automatically., Reaver - Used to perform brute force attacks against WPS-enabled APs., Covenant - a .NET C2 framework that shows the attack surace of .NET to make attacks through this vector easier, EAPHammer - Python-based tookit used to launch attacks on WPA2-Enterprise 802.11a or 802.11n networks., Drozer - open-source software used for testing for vulnerabilities on Android devices., Snow - Used to hide and conceal activity within the whitespace of a text file that uses ASCII format., Empire - leverages PowerShell for common post-exploitation tasks on Windows, Mythic - a cross-platform C2 framework that contains payloads that can provide consistently good results., Bloodhound - used to investigate relationships in a network that uses AD. Explores AD trust relationships, abusable rights on AD objects, security group membership, SQL admin links, etc., Airmon-ng - will enable and disable monitor mode on wireless interface. Can switch an interface from managed to monitor mode., Steghide - used to conceal a payload in either an image or audio file., Postman - provides an interactive and automatic environment used to test and HTTP API., Airplay-ng - Used to force single clients or all clients from a WAP, Frida - open source, able to work with wide range of OS includes custom dev tools for app testing. Allows examining plaintext data being passed., Airodump-ng - Provides ability to capture 802.11 frames and use the output to identify the MAC address of the AP along with the MAC address of a victim client device., Mimikatz - an open-source tool with several modules, having the ability to create Microsoft Kerberos API, list active processes, and view credential information stored on a Windows computer., WMI - provides information about the status of hosts, configure security settines, and manipulate environment variables., Fern - Python Based, runs on Linux. Used to recover WEP/WPA/WPS keys,
0%
Pentest+ Tools
Teilen
Teilen
Teilen
von
Theemrsg
College
CS
Inhalt bearbeiten
Drucken
Einbetten
Mehr
Zuweisungen
Bestenliste
Mehr anzeigen
Weniger anzeigen
Diese Bestenliste ist derzeit privat. Klicke auf
Teilen
um sie öffentlich zu machen.
Diese Bestenliste wurde vom Eigentümer der Ressource deaktiviert.
Diese Bestenliste ist deaktiviert, da sich Ihre Einstellungen von denen des Eigentümer der Ressource unterscheiden.
Einstellungen zurücksetzen
It's a Match
ist eine Vorlage mit offenem Ende. Es generiert keine Punkte für eine Bestenliste.
Anmelden erforderlich
Visueller Stil
Schriftarten
Abonnement erforderlich
Einstellungen
Vorlage ändern
Alle anzeigen
Weitere Formate werden angezeigt, wenn du die Aktivität spielst.
Offene Ergebnisse
Link kopieren
QR-Code
Löschen
Soll die automatisch gespeicherte Aktivität
wiederhergestellt werden?
