- “Command Line Kung Fu” blog (by Tim Medin, Ed Skoudis and Hal Pomeranz) – http://blog.commandlinekungfu.com/
- Hal Pomeranz’s “Return of Command-Line Kung Fu” presentations: http://www.deer-run.com/~hal/Return_of_Command-Line_Kung_Fu%28OSBridge2010%29.pdf | http://www.deer-run.com/~hal/Return_of_Command-Line_Kung_Fu(SANS2010).pdf
- “Windows Command-Line Kung Fu with WMIC” by Ed Skoudis (Internet Storm Center blog; 2006.03.30) – http://isc.sans.edu/diary.html?storyid=1229
- Checking Permissions with Batch Process” by Samson J Lo (2010.06.03) – http://justsamson.com/2010/06/03/checking-permissions-with-batch-process/
- Command-Line Selection Statements – http://ignitedsoul.com/2010/06/13/command-line-selection-statements/
2010.07.02
Command-Line Kung Fu
2010.05.16
2010.02.01
Infosec online (= infosec sites)
Magazines
- (In)Secure Magazine: http://www.net-security.org/insecuremag.php
- Hackin9 Magazine – http://hakin9.org/, http://www.en.hakin9.org/
- SC Magazine – http://www.scmagazineus.com/ | digital downloads – http://www.scmagazineus.com/Digital-Download/section/ | podcast – http://www.scmagazineus.com/Digital-Download/section/255
- Infosecurity (USA) magazine – http://www.infosecurity-us.com/
- Club Hack Magazine (India) – http://chmag.in/
Knowledge and tools sites
- Biblio@Lotek.net – http://biblio.l0t3k.net/
- /dev/ttyS0 – Embedded Device Hacking – http://www.devttys0.com/
Hacking: a cultural phenomenon
- “The Hacker Manifesto” by “+++The Mentor+++” (1986.01.08) – http://www.mithral.com/~beberg/manifesto.html
- “How To Become A Hacker” by Eric Steven Raymond (2001) – http://www.catb.org/~esr/faqs/hacker-howto.html
- Eric Raymond’s FAQ collection – http://www.catb.org/~esr/faqs/
- “Hackers and Painters” by Paul Graham (2003.05) – http://www.paulgraham.com/hp.html
Other sites
- Ashkan Soltani’s site – http://www.ashkansoltani.org/ – an independent researcher and consultant focused on privacy, security, and behavioral economics.
- KnowPrivacy by Ashkan Soltani – http://knowprivacy.org/ – site dedicated to his Master’s thesis
- The National Software Reference Library (NSRL) Project Web Site (@NIST): http://www.nsrl.nist.gov/. They provide the Reference Data Set (RDS), which is a collection of digital signatures of known, traceable software applications. There are application hash values in the hash set which may be considered malicious, i.e. steganography tools and hacking scripts. There are no hash values of illicit data, i.e. child abuse images.
- (An compendium of US) State Security Breach Notification Laws – http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/SecurityBreachNotificationLaws/tabid/13489/Default.aspx
- Faves.com list of links:
- Hacking – http://faves.com/users/jopiter/friends/dots/tag/hacking
- Penetration testing – http://faves.com/users/jopiter/friends/dots/tag/penetration+testing
- Framework – http://faves.com/users/jopiter/friends/dots/tag/framework
- Security-Shell blog – http://security-sh3ll.blogspot.com/ – tools.
- “SecurityConfig” site – http://www.securityconfig.com/ – tools
- ::eSploit:: – http://esploit.blogspot.com/ – looks like a blog linking to the various security/hacking resources.
Conferences
- Hak5 – http://www.hak5.org/
Related content at this blog:
- Infosec pages at this blog – https://eikonal.wordpress.com/2011/05/17/information-security-sites/
- Infosec online – https://eikonal.wordpress.com/2010/02/01/infosec-online/
- Infosec blogs – https://eikonal.wordpress.com/2010/03/17/infosec-blogs/
- Infosec wikies – https://eikonal.wordpress.com/2010/03/17/infosec-wikies/
- Infosec books – https://eikonal.wordpress.com/2010/10/19/infosec-books/
- InfoSec lists and newsgroups – https://eikonal.wordpress.com/2010/03/15/infosec-man-lists-and-newsgroups/
- Cloud security – https://eikonal.wordpress.com/2010/08/09/cloud-security/
- “Book: Enterprise Security For the Executive” – https://eikonal.wordpress.com/2010/01/07/book-enterprise-security-for-the-executive/
- IT Magazines – https://eikonal.wordpress.com/2010/03/01/it-magazines/
2010.01.29
Vulnerability Assessment tools
Information Gathering
- Maltego – http://www.paterva.com/web4/index.php/maltego
- Binging – http://www.blueinfy.com/
Network Scanners and Discovery, Port scanners
- AutoScan – http://autoscan-network.com/
- Angry IP Scanner – http://www.angryip.org | http://sourceforge.net/projects/ipscan/
- IPEye (by NTSecurity.nu) – http://ntsecurity.nu/toolbox/ipeye/ – IPEye is a TCP port scanner that can do SYN, FIN, Null and Xmas scans.
- Netifera – http://netifera.com/
- nmap (~”Network Mapper”): nmap.org, http://www.insecure.org/nmap/
- “NMap – Notes” – http://wikihead.wordpress.com/2010/06/23/nmap-notes/
- Discussion on nmap – http://www.secguru.com/forum/viewtopic.php?t=68
- Cheatsheet – http://www.secguru.com/index.php/content/view/535/
- Nmap tutorial at EDUCAUSE – http://www.educause.edu/Nmap/1295
- SQL Comes to Nmap: Power and Convenience/ by Hasnain Atique (Fri, 2004-10-01 01:00. SysAdmin) – http://www.linuxjournal.com/article/7314
- Nmap Technical Guide/ by Michael Cobb (2006.10.17; SeachSecurity) – http://searchsecurity.techtarget.com/general/0,295582,sid14_gci1224310,00.html
- short blurb on nmap by Eric Lubow (2006.08.21) – http://www.linuxsecurity.com/content/view/124599/177/
- TAZ Tutorials:
- NMAP Lesson 1 – The Basics – http://www.thetazzone.com/tutorial-nmap-lesson-1-the-basics/
- NMAP Lesson 2 – More Basics – http://www.thetazzone.com/edit-post-report-this-post-warn-user-information-reply-with-quote-tutorial-nmap-348-lesson-2-more-basics/
- NMAP Lesson 3 – Common Output – http://www.thetazzone.com/tutorial-nmap-348-lesson-3-common-output/
- NMAP Lesson 4 – Stealth Scans – http://www.thetazzone.com/tutorial-nmap-348-lesson-4-stealth-scans/
- NMAP Lesson 5 – Fingerprinting & scannin – http://www.thetazzone.com/tutorial-nmap-348-lesson-5-fingerprinting-scannin/
- Scanning network for open ports with nmap command (nixcraft) – http://www.cyberciti.biz/tips/linux-scanning-network-for-open-ports.html
- Nmap Online – http://nmap-online.com/
- nmap Cookbook’s blog – http://nmapcookbook.blogspot.com/
- nmap Cheatsheet – http://nmapcookbook.blogspot.com/2010/02/nmap-cheat-sheet.html
- HERE (=at this blog): Nmap options, swtiches and uses – https://eikonal.wordpress.com/2010/09/20/nmap-options-swtiches-and-uses/
- HERE (=at this blog): Memory of things disappearing > nmap stuff > getports.awk – https://eikonal.wordpress.com/2010/06/23/memory-of-things-disappearing-nmap-stuff-getports-awk/ – an awk script listing open ports coming from nmap.
- SuperScan
- scanline
- dsniff by Dug Song – http://monkey.org/~dugsong/dsniff/ – a collection of scanning and sniffing tools:
- dsniff –
- filesnarf –
- mailsnarf –
- msgsnarf –
- urlsnarf –
- webspy –
- arpspoof –
- dnsspoof –
- macof –
- sshmitm –
- webmitm
Articles:
- “Passwords Found on a Wireless Network”, D. Song, USENIX Technical Conference WIP, June 2000. – http://monkey.org/%7Edugsong/talks/usenix00.ps [PS]
- “Network Monitoring with Dsniff, LinuxSecurity.com, May 2001. – http://biblio.l0t3k.net/sniffers/en/dsniff_netmon.txt
- “On the lookout for dsniff, part 2, IBM DeveloperWorks, February 2001. – http://www.ibm.com/developerworks/library/s-sniff2.html
- “On the lookout for dsniff”, IBM DeveloperWorks, January 2001. – http://www.ibm.com/developerworks/library/s-sniff.html
- “dsniff and SSH : Reports of My Demise are Greatly Exaggerated” by Richard E. Silverman (O’Reilly Sys Admin Networking; 2000.12.22) – http://www.oreillynet.com/pub/a/oreilly/networking/news/silverman_1200.html
- “Attacks Against SSH 1 and SSL”, Slashdot, December 2000. – http://slashdot.org/it/00/12/18/0759236.shtml
- “The End of SSL and SSH?” by Kurt Seifried (2000.12.17) – http://www.seifried.org/security/cryptography/20011108-end-of-ssl-ssh.html | “The End of SSL and SSH? Follow-up.” (2000.12.22) – http://www.seifried.org/security/cryptography/20011108-sslssh-followup.html
- “Catch Hackers in the Act”, CNET Web Builder, December 2000. – [GONE]
- “Why Your Switched Network Isn’t Secure”, SANS Institute, September 2000. – http://www.sans.org/security-resources/idfaq/switched_network.php
- “Switched networks lose their security advantage due to packet-capturing tool”, InfoWorld magazine, May 2000. – http://www.packet-sniffer.net/packet-capturing.htm | at Google books
- “Think you’re safe from sniffing?”, Windows 2000 magazine, June 2000. – http://www.windowsitpro.com/article/internet/think-you-re-safe-from-sniffing-.aspx
- “Finding dsniff on Your Network” (SANS) – http://www.sans.org/reading_room/whitepapers/testing/finding-dsniff-network_262
Compiling dsniff on Cygwin:
- Download the latest tar.gz archive od dsniff. Unpack it. Enter the created directory.
- Run ./configure
- You will need WinPcap (http://www.winpcap.org/) installed on your Windows system, as well as elements of the Winpcap developer package (http://www.winpcap.org/devel.htm) distributed to various cygwin directories, according to the instruction given at http://mathieu.carbou.free.fr/wiki/index.php?title=Winpcap_/_Libpcap
- Also needed in libnet (http://libnet.sourceforge.net/), with instructions how to copmpile it presented at http://mathieu.carbou.free.fr/wiki/index.php?title=How_to_compile_Libnet_under_Cygwin
Vulnerability Scanners, Integrated VA (Vulnerability Assessment) scanners
- Acunetix WVS by Acunetix: http://www.acunetix.com/ (Commercial)
- ClickToSecure by Cenzic: http://www.cenzic.com/products/saas/ctsARC/ (SAAS = Software-as-a-Service)
- Grabber by Romain Gaucher: http://rgaucher.info/beta/grabber/ (Free / Open Source)
- Hailstorm by Cenzic: http://www.cenzic.com/products/software/overview/ (Commercial)
- MileScan Web Security Auditor by MileSCAN Technologies: http://www.milescan.com/hk/ (Commercial)
- N-Stalker by N-Stalker: http://nstalker.com/products/ (Commercial)
- NTOSpider by NTObjectives: http://www.ntobjectives.com/products/ntospider.php (Commercial)
- NeXpose by Rapid7: http://www.rapid7.com/products/ (Commercial) – includes Metasploit
- Nessus by Tenable Network Security: http://www.nessus.org (Commercial, formerly free and open source)
- Tutorial & Update:Nessus server setup and NASL modding – http://www.thetazzone.com/tutorial-updatenessus-server-setup-and-nasl-modding/#
- Tutorial – Step-by-step setup of Nessus (TAZ = The Tazzonde Network; 2009.09.05) – http://www.thetazzone.com/tutorial-step-by-step-setup-of-nessus/
- “Demonstrating Compliance with nessus Web Applicaiton Scans” by Ron Gula and Michel Arbol (Tenable; 2010.09.27) – http://www.tenablesecurity.com/whitepapers/customer_page/nesssus-web-based-auditing.pdf
- “Web Application Scanning with Nessus (Detecting Web Applciaiton Vulnerabilities and Environmental Weaknesses)” (revision 3) by Brian martin and Carole Fennelly (Tenable; 2010.09.02) – http://www.nessus.org/whitepapers/Tenable_Web_App_Scanning.pdf
- Nessus Web Application Scanning – New plugins & Configuration – http://blog.tenablesecurity.com/web-app-auditing/
- Tenable/Nessus blog – http://blog.tenablesecurity.com/ | RSS – http://blog.tenablesecurity.com/rss.xml
- Tenabke podcasts RSS – http://www.tenable.com/TenablePodcast.xml
- Tenable YouTube channel – http://www.youtube.com/user/tenablesecurity
- “Bob’s Great Adventure: Attacking & Defending Web Applications” by Paul Asadoorian – http://www.nessus.org/whitepapers/BobsGreatAdventure-AttackDefendWebApplications.pdf
- “Using Nessus In Web Application Vulnerability Assessments” by paul Asadoorian – http://www.nessus.org/whitepapers/NessusWebAppTesting.pdf
- Tenable white papers – http://www.nessus.org/whitepapers/
- NetSparker by Mavituna Security: http://www.mavitunasecurity.com/ (Commercial)
- OpenVAS (openvas.org): Free and open source splinter of the previous free and open source version Nessus. See also: freshmeat.net/projects/openvas | wald.intevation.org/projects/openvas
- Powerfuzzer by Marcin Kozlowski: http://www.powerfuzzer.com/ (Free / Open Source)
- ProFeed
- QualysGuard Web Application Scanning by Qualys: http://www.qualys.com/products/qg_suite/was/ (SAAS = Software-as-a-Service)
- Retina Web Security Scanner by eEye Digital Security: http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx (Commercial)
- SecurityQA Toolbar by iSEC Partners: https://www.isecpartners.com/SecurityQAToolbar.html (Free / Open Source)
- Sentinel by WhiteHat: http://whitehatsec.com/home/services/services.html (SAAS = Software-as-a-Service)
- Veracode Web Application Security by Veracode: http://www.veracode.com/solutions/web-application-security-dynamic-testing.html (SAAS = Software-as-a-Service)
- Wapiti by Nicolas Surribas: http://wapiti.sourceforge.net/ (Free / Open Source)
Windows Auditing
GOTO: https://eikonal.wordpress.com/2011/01/05/auditing-ms-windows/
Unix Auditing
GOTO: https://eikonal.wordpress.com/2011/07/08/auditing-unix/
Database auditing
GOTO: https://eikonal.wordpress.com/2011/02/24/database-security/
Web Applications and Web Services assessment
Lists of tools:
- Phoenix’ list of webapp security tools at OWASP – https://www.owasp.org/index.php/Phoenix/Tools
Application Assessment:
- Acunetix [COMERCIAL] – http://www.acunetix.com/
- AppScan [COMERCIAL] – http://www-306.ibm.com/software/awdtools/appscan/ | http://www-01.ibm.com/software/awdtools/appscan/
- AppScan OnDemand by IBM: http://www-01.ibm.com/software/awdtools/appscan/ondemand/ [SAAS = Software-as-a-Service]
- Burp Proxy – http://portswigger.net/proxy/
- Burp Suite by PortSwigger: http://portswigger.net/suite/ (Commercial)
- CAT The manual Web Application Audit – http://cat.contextis.co.uk/
- Charles [COMMERICAL] – http://www.charlesproxy.com/ – an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
- DFF scanner – http://netsec.rs/70/tools.html – find files and folders on server
- Exploit-me – http://labs.securitycompass.com/index.php/exploit-me/
- Fiddler2 – http://www.fiddler2.com/fiddler2/
- Watcher – http://websecuritytool.codeplex.com/ – passive Web-security scanner, an addon to the Fiddler
- x5s – XSS security testing assistant – http://xss.codeplex.com/, an addon to the Fiddler
- Other extensions – http://www.fiddler2.com/Fiddler2/extensions.asp
- FunkLoad – http://funkload.nuxeo.org/: functional and load web tester
- Grendel-Scan by David Byrne and Eric Duprey: http://grendel-scan.com/ (Free / Open Source) | blog – http://grendel-scan.com/blog
- IBM AppSCAN
- Nikto – http://www.cirt.net/nikto2 – [GPL] {Perl} – web server scanner. Infrequent updates of plugins. | mail list: https://attrition.org/mailman/listinfo/nikto-discuss and its archive – http://attrition.org/pipermail/nikto-discuss/
- N-Stalker [COMERCIAL] – http://www.nstalker.com/products/
- Netsparker
- NTOSpider [COMERCIAL] – http://www.ntobjectives.com/products/ntospider.php
- OWA (Outlook Web Access) attack tool – http://netsec.rs/70/tools.html – testing owa accounts
- Pantera (OWASP Pantera Web Assessment Studio Project) – http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
- Paros proxy by Chinotec: http://parosproxy.org/ (Free / Open Source)
- ProxyMon (formerly ScarabMon) – http://code.google.com/p/proxmon/ | https://www.isecpartners.com/proxmon.html – monitors proxy logs and reports on security issues it discovers.
- Ratproxy – http://code.google.com/p/ratproxy/
- A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.
Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.
Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments. - Samurai WTF – http://samurai.inguardians.com/
- Skipfish – http://code.google.com/p/skipfish/
- Tamper data – http://tamperdata.mozdev.org/
- Twill – http://twill.idyll.org/: browse the Web from a command-line interface. Supports automated Web testing
- W3AF by Andres Riancho: http://w3af.sourceforge.net/ [Free / Open Source]
- WebApp360 by nCircle: http://www.ncircle.com/index.php?s=products_webapp360 (Commercial)
- WebInspect by HP [COMERCIAL] – https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200%5E9570_4000_100__ [SAAS = Software-as-a-Service]
- WebKing by Parasoft: http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=319 (Commercial)
- WebSaint
- WebScanService by Elanize KG: http://www.german-websecurity.com/en/products/webscanservice/ (SAAS = Software-as-a-Service)
- WebScarab – http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project by OWASP
- WebSecurify – http://www.websecurify.com/: Websecurify is an integrated web security testing environment, which can be used to identify web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The platform is designed to perform automated as well as manual vulnerability tests and it is constantly improved and fine-tuned by a team of world class web application security penetration testers and the feedback from an active open source community.
- Wikto – http://www.sensepost.com/labs/tools/pentest/wikto – Very similar to Nikto, but with a few more features
- Windmill – http://trac.getwindmill.com/: web testing tool designed to let you painlessly automate and debug your web application
- Wmap – http://www.metasploit.com/redmine/projects/framework/wiki/WMAP: WMAP is a general purpose web application scanning framework for Metasploit 3. The architecture is simple and its simplicity is what makes it powerful. It’s a different approach compared to other open source alternatives and commercial scanners, as WMAP is not build around any browser or spider for data capture and manipulation.
- WMAT – http://netsec.rs/70/tools.html – web mail attack tool | Readme file – http://replay.web.archive.org/20090630080119/http://security-net.biz/wmat/readme.txt
- WMAT is Web Mail Auth Tool that provide some essential functions for testing web mail logins, written in python with support of pyCurl. It takes a file containing usernames, file with passwords, URL of web mail app and chose pattern for attack. Patterns are XML files that define post/get fields, http method, referer, success tag, etc … for each web mail applications.
- WSMap – https://www.isecpartners.com/wsmap.html: find web service endpoints and discovery files
Web services testing:
- SOAPClient – a generic SOAP client – http://www.soapclient.com/soaptest.html
- Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0 (Microsoft’s MSDL) – http://msdn.microsoft.com/en-us/library/ff648183.aspx
Fuzzing:
- Sulley – http://code.google.com/p/sulley/: fuzzer development and fuzz testing framework consisting of multiple extensible components
- Peach Fuzzing Platform – http://peachfuzz.sourceforge.net/: extensible fuzzing framework for generation and mutation based fuzzing
- antiparser – http://antiparser.sourceforge.net/: fuzz testing and fault injection API
- ProxyFuzz – TAOF: including http://theartoffuzzing.com”>TAOF: including <a href="http://theartoffuzzing.com/joomla/index.php?option=com_content&task=view&id=21&Itemid=40: a man-in-the-middle non-deterministic network fuzzer
- untidy – http://untidy.sourceforge.net/: general purpose XML fuzzer
- Powerfuzzer – http://www.powerfuzzer.com/: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer)
- FileP – https://www.isecpartners.com/file_fuzzers.html: file fuzzer. Generates mutated files from a list of source files and feeds them to an external program in batches
- SMUDGE – http://www.fuzzing.org/wp-content/SMUDGE.zip
- Mistress – http://www.packetstormsecurity.org/fuzzer/mistress.rar: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns
- Fuzzbox – https://www.isecpartners.com/fuzzbox.html: multi-codec media fuzzer
- Forensic Fuzzing Tools – https://www.isecpartners.com/forensic_fuzzing_tools.html: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems
- Windows IPC Fuzzing Tools – https://www.isecpartners.com/windows_ipc_fuzzing_tools.html: tools used to fuzz applications that use Windows Interprocess Communication mechanisms
- WSBang – https://www.isecpartners.com/wsbang.html: perform automated security testing of SOAP based web services
- Construct – http://construct.wikispaces.com/: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner
- fuzzer.py (feliam) – http://sites.google.com/site/felipeandresmanzano/fuzzer.py?attredirects=0: simple fuzzer by Felipe Andres anzano
Using browsers as the webapp testing tools:
- Turning Firefox to an Ethical Hacking Platform (Security Database Tools Watch; 2007.02.12) – http://www.security-database.com/toolswatch/Turning-Firefox-to-an-Ethical.html
- Turning Firefox to an auditing platform (Security Database Tools Watch; 2007.01.07) – http://www.security-database.com/toolswatch/Turning-Firefox-to-an-auditing.html
Misc info:
- Book: “The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws” by Dafydd Stuttard and Marcus Pinto – http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/0470170778/
- The Web Application Security Consortium (WASC): http://www.webappsec.org/ | http://projects.webappsec.org/
- Web Application Security Scanner List: http://projects.webappsec.org/Web-Application-Security-Scanner-List
- The Web Security Glossary: http://projects.webappsec.org/The-Web-Security-Glossary
- Script Mapping – http://projects.webappsec.org/Script-Mapping
- Threat Classification – http://projects.webappsec.org/Threat-Classification
- Web Application Security Scanner Evaluation Criteria – http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
- OSSTMM – “Open Source Security Testing Methodology Manual” by Pete Herzog – http://www.isecom.org/osstmm/
- OWASP: http://www.owasp.org/index.php/Main_Page
- Top 10 Web Vulnerability Scanners – http://sectools.org/web-scanners.html:
- #1 – Nikto : A more comprehensive web scanner:
Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). It uses Whisker/libwhisker for much of its underlying functionality. It is a great tool, but the value is limited by its infrequent updates. The newest and most critical vulnerabilities are often not detected. - #2 – Paros proxy : A web application vulnerability assessment proxy
A Java based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting. - #3 – WebScarab : A framework for analyzing applications that communicate using the HTTP and HTTPS protocols
In its simplest form, WebScarab records the conversations (requests and responses) that it observes, and allows the operator to review them in various ways. WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented. - #4 – WebInspect : A Powerful Web Application Scanner
SPI Dynamics’ WebInspect application security assessment tool helps identify known and unknown vulnerabilities within the Web application layer. WebInspect can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more. - #5 – Whisker/libwhisker : Rain.Forest.Puppy’s CGI vulnerability scanner and library
Libwhisker is a Perl module geared geared towards HTTP testing. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Whisker is a scanner that used libwhisker but is now deprecated in favor of Nikto which also uses libwhisker. - #6 – Burpsuite : An integrated platform for attacking web applications
Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyze, attack and exploit web applications. The various burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another. - #7 – Wikto : Web Server Assessment Tool
Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as Nikto but adds various interesting pieces of functionality, such as a Back-End miner and close Google integration. Wikto is written for the MS .NET environment and registration is required to download the binary and/or source code. - #8 – Acunetix WVS : Commercial Web Vulnerability Scanner
Acunetix WVS automatically checks web applications for vulnerabilities such as SQL Injections, cross site scripting, arbitrary file creation/deletion, weak password strength on authentication pages. AcuSensor technology detects vulnerabilities which typical black box scanners miss. Acunetix WVS boasts a comfortable GUI, an ability to create professional security audit and compliance reports, and tools for advanced manual webapp testing. - #9 – Rational AppScan : Commercial Web Vulnerability Scanner
AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. Appscan was merged into IBM’s Rational division after IBM purchased it’s original developer (Watchfire) in 2007. - #10 – N-Stealth : Web server scanner
N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as Whisker/libwhisker and Nikto, but do take their web site with a grain of salt. The claims of “30,000 vulnerabilities and exploits” and “Dozens of vulnerability checks are added every day” are highly questionable. Also note that essentially all general VA tools such as Nessus, ISS Internet Scanner, Retina, SAINT, and Sara include web scanning components. They may not all be as up-to-date or flexible though. N-Stealth is Windows only and no source code is provided.
- #1 – Nikto : A more comprehensive web scanner:
- Jeremiah Grossman blog on web applicaiton’s security: http://jeremiahgrossman.blogspot.com | RSS – http://feeds.feedburner.com/JeremiahGrossman:
- Web application scan-o-meter – http://jeremiahgrossman.blogspot.com/2007/05/web-application-scan-o-meter.html
- Are web application scanners ***ing useless? – http://jeremiahgrossman.blogspot.com/2007/07/are-web-application-scanners-ing.html
- Attribute-Based Cross-Site Scripting – http://jeremiahgrossman.blogspot.com/2007/07/attribute-based-cross-site-scripting.html
- “Web Application Testing” by Russ Klanke (at Aggressive Virus Defense blog) – http://aggressivevirusdefense.wordpress.com/2009/08/02/web-application-testing/ – has numerous good links and tips.
- Browser Security Handbook – http://code.google.com/p/browsersec/wiki/Main
- Browser Security Handbook is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.
The document currently covers several hundred security-relevant characteristics of Microsoft Internet Explorer (versions 6, 7, and 8), Mozilla Firefox (versions 2 and 3), Apple Safari, Opera, Google Chrome, and Android embedded browser.
Open-source test cases provided alongside with this document permit any other browser implementations to be quickly evaluated in a similar manner.
- “Web Security Testing Cookbook” by Paco Hope – http://websecuritytesting.com/
(other) Specialized scanners
- netwox (=Network Toolbox) by Laurent Constantin – http://www.laurentconstantin.com/en/netw/netwox/ | Netwag ( a graphical front-end to netwox) – http://www.laurentconstantin.com/en/netw/netwag/
- Network Stuff – http://jacquelin.potier.free.fr/networkstuff/index.php
| Network Stuff – Handy network utility – http://brainfoldb4u.wordpress.com/2010/03/15/network-stuff-handy-network-utility/
IPSec security
- IPSecScan (by NTSecurity.nu) – http://ntsecurity.nu/toolbox/ipsecscan/ – IPSecScan is a tool that can scan either a single IP address or a range of IP addresses looking for systems that are IPSec enabled.
Wireless Hacking and auditing
- OSWA – http://securitystartshere.org/page-training-oswa.htm
- AirCrack-NG Suite – http://www.aircrack-ng.org/
- AiroScript-NG – http://airoscript.aircrack-ng.org/
- Kismet – http://www.kismetwireless.net/
- Inssider – http://www.metageek.net/products/inssider
- Kismac – http://kismac-ng.org/
VoIP & Telephony auditing
- VAST Viper – http://vipervast.sourceforge.net/
- WarVox – http://warvox.org/
Live CDs
- Backtrack 4 – http://www.remote-exploit.org
- PentBox – http://www.pentbox.net/
- Matriux – http://www.matriux.com/
Exploitation Frameworks
Tools:
- Metasploit – http://www.metasploit.org – has both free and commercial (as a part of NeXpose by Rapid7) versions.
- More info here at this site: https://eikonal.wordpress.com/2010/06/24/metasploit/
- Carna0wnage blog – http://carnal0wnage.attackresearch.com/ has a lot of metasploit tricks.
- Exploit DB – http://www.exploit-db.com/
- CANVAS by Immunity Sec – http://www.immunitysec.com/products-canvas.shtml
- Core Impact by Core Security Technologies – http://www.coresecurity.com/content/core-impact-overview [COMMERCIAL, very expensive]
- SaintExploit – http://www.saintcorporation.com/products/software/saintExploit.html [COMMERCIAL]
- Inguma – http://code.google.com/p/inguma/ – a Python based framework
- WXF – https://github.com/WebExploitationFramework/wXf – a Ruby based frameworkt that focuses on Web vulnerability exploitation
- Ronin – http://github.com/ronin-ruby – a Ruby based framework
Articles:
- “Frameworks and how I hack currently (and how I don’t)” by valsmith (Carna0wnage blog; 2011.05.10) – http://carnal0wnage.attackresearch.com/node/453
Penetration Testing and Exploitation
- Python tools for penetration testers (by Dirk Loss)- http://dirk-loss.de/python-tools.htm
Network testers
- Scapy – http://secdev.org/projects/scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library
- pylibpcap – pypcap: Pcapy and http://code.google.com/p/pypcap/”>pypcap: Pcapy and <a href="http://pylibpcap.sourceforge.net/: several different Python bindings for libpcap
- libdnet – http://code.google.com/p/libdnet/: low-level networking routines, including interface lookup and Ethernet frame transmission
- dpkt – http://code.google.com/p/dpkt/: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols
- Impacket – http://oss.coresecurity.com/projects/impacket.html: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB
- pynids – http://jon.oberheide.org/pynids/: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection
- Dirtbags py-pcap – http://dirtbags.net/py-pcap/: read pcap files without libpcap
- flowgrep – http://monkey.org/%7Ejose/software/flowgrep/: grep through packet payloads using regular expressions
- httplib2 – http://code.google.com/p/httplib2/: comprehensive HTTP client library that supports many features left out of other HTTP libraries
See also: list of (other) security tools (in this blog) – https://eikonal.wordpress.com/2010/07/28/security-tools/.
2010.01.07
Book: Enterprise Security For the Executive
One more infosec book for management types. I am not sure yet if it is worth reading – it got favorable SlashDot review by Ben Rothke, whose opinion I usually trust.
Info: