Académique Documents
Professionnel Documents
Culture Documents
Well this is not quite a default top ten list (based on witch one is the smarter/faster/better) but just a simple list of applications you can use
in a pentest. Free and open source app come first.
1. Arachni
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate
the security of web applications.
Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.
Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling
through the paths of a web applications cyclomatic complexity.
This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
Finally, Arachni yields great performance due to its asynchronous HTTP model (courtesy of Typhoeus).
Thus, youll only be limited by the responsiveness of the server under audit and your available bandwidth.
Note: Despite the fact that Arachni is mostly targeted towards web application security, it can easily be used for general purpose scraping,
data-mining, etc with the addition of custom modules.
Sounds cool, right?
Features:
Helper audit methods:
For forms, links and cookies auditing.
A wide range of injection strings/input combinations.
Writing RFI, SQL injection, XSS etc modules is a matter of minutes if not seconds.
Currently available modules:
Audit:
SQL injection
Blind SQL injection using rDiff analysis
Blind SQL injection using timing attacks
CSRF detection
Code injection (PHP, Ruby, Python, JSP, ASP.NET)
Blind code injection using timing attacks (PHP, Ruby, Python, JSP, ASP.NET)
LDAP injection
Path traversal
Response splitting
OS command injection (*nix, Windows)
Blind OS command injection using timing attacks (*nix, Windows)
Automated scanner
Passive scanner
Brute Force scanner
Spider
Fuzzer
Port scanner
Dynamic SSL certificates
API
Beanshell integration
Some of ZAPs characteristics:
Easy to install (just requires java 1.6)
Ease of use a priority
Comprehensive help pages
Fully internationalized
Under active development
Open source
Free (no paid for Pro version)
Cross platform
Involvement actively encouraged
Download Here | Webiste here
3. w3af
w3af is a Web Application Attack and Audit Framework. The projects goal is to create a framework to find and exploit web application
vulnerabilities that is easy to use and extend. To read our short and long term objectives, please click over the Project Objectives item in
the main menu. This project is currently hosted at SourceForge , for further information, you may also want to visit w3af SourceForge
project page .
The guys from backtrack (well it has connections with metasploit) included this awesome tool in their latest release.
This is only a small list of plugins that are available in w3af, you should really check out this tool.
Audit:
xsrf
htaccessMethods
sqli
sslCertificate
fileUpload
mxInjection
generic
localFileInclude
unSSL
xpath
osCommanding
remoteFileInclude
dav
ssi
eval
buffOverflow
xss
xst
blindSqli
formatString
preg_replace
globalRedirect
LDAPi
phishingVector
responseSplitting
Download here | Project here
4. Vega
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site
Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux,
OS X, and Windows.
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a
powerful API in the language of the web: Javascript.
Vega was developed by Subgraph in Montreal.
Modules
Cross Site Scripting (XSS)
SQL Injection
Directory Traversal
URL Injection
Error Detection
File Uploads
Sensitive Data Discovery
Core:
Automated Crawler and Vulnerability Scanner
Consistent UI
Website Crawler
Intercepting Proxy
SSL MITM
Content Analysis
Extensibility through a Powerful Javascript Module API
Customizable alerts
Database and Shared Data Model
Download here | Website here
5. Acunetix
You heard about this program so many times. Is it good? Well you can download the free edition and test it.
Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.
HTTP Editor Construct HTTP/HTTPS requests and analyze the web server response.
HTTP Sniffer Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application.
HTTP Fuzzer Perform sophisticated fuzzing tests to test web applications input validation and handling of
unexpected and invalid random data. Test thousands of input parameters with the easy to use rule builder of
the HTTP Fuzzer. Tests that would have taken days to perform manually can now be done in minutes.
Script your own custom web vulnerability attacks with the WVS Scripting tool. A scripting SDK documentation
is available from the Acunetix website.
Blind SQL Injector An automated database data extraction tool that is ideal for penetration testers who wish to make further tests
manually
Download here | Website here
This tool has a free version (the above link) but also an advance version (paid)
6. Skipfish
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a
recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully
non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application
security assessments.
High risk flaws (potentially leading to system compromise):
Server-side SQL / PHP injection (including blind vectors, numerical parameters).
Explicit SQL-like syntax in GET or POST parameters.
Server-side shell command injection (including blind vectors).
Server-side XML / XPath injection (including blind vectors).
Format string vulnerabilities.
Integer overflow vulnerabilities.
Locations accepting HTTP PUT.
Medium risk flaws (potentially leading to data compromise):
Stored and reflected XSS vectors in document body (minimal JS XSS support present).
Stored and reflected XSS vectors via HTTP redirects.
Stored and reflected XSS vectors via HTTP header splitting.
Directory traversal / file inclusion (including constrained vectors).
Assorted file POIs (server-side sources, configs, etc).