Jump to content
  • Revista PROGRAMAR: Já está disponível a edição #60 da revista programar. Faz já o download aqui!


Boot CD Samurai Web Testing Framework

Recommended Posts



Samurai Web Testing Framework

pessoalmente prefiro fazer as minhas distros (a partir de uma base já compilada... já lá vão os tempos de se compilar o kernel  :) ) e "rampas de lançamento", mas fica aqui um excelente boot CD a ter sempre no bolso..

excelente colecção de ferramentas da secção

Live CD's for penetration testing are becoming more prevalent these days, with a wider diversity of offerings. Live CD's allow testers the ability to run pre configured tools from operating systems they might not otherwise have easy access to. A live CD comes with a full operating system and several tools already installed on them. Of course, with virtualization technology becoming available, it is easy to run multiple virtual environments specifically crafted for certain tasks. Utilizing live CD's to either directly boot your machine or from a virtual environment, gives penetration testers maximum flexibility in operating systems and tools at their disposal.

The best know live CD for penetration testing is Backtrack (now at version 3). Backtrack is a wonderful CD that includes lots of tools for all sorts of penetration testing. Backtrack followed closely on the heels of other special purpose live CD's, such as Helix - a live CD aimed at forensic analysis and Knoppix STD, which was one of the first information security centric live CDs.

Samurai comes with a host of useful applications.  These include many of the regular Linux tools but also include:

    * Burp Suite, a web application attacking tool

  * DirBuster, an application file and directory enumeration and brute forcing tool from OWASP

  * Fierce Domain Scanner a target ennumeration utility

  * Gooscan an automated Google querying tool that is useful for finding CGI vulnerabilities without scanning the target directly, but rather querying Google's caches

  * Grendel-Scan, just released, an open source web application vulnerability testing tool

    * HTTP_Print a web server fingerprinting tool

    * Maltego CE, an open source intelligence and forensics application that does data mining to find information from the internet and link it together (great for background research on a target).

    * Nikto, an open source web server scanner

  * Paros, one of my favorite, Java based, cross platform, web application auditing and proxy tools

    * Rat Proxy, a semi-automated, passive web application security audit tool.

    * Spike Proxy, an extensible web application analyzer and vulnerability scanner.

    * SQLBrute, a SQL injection and brute forcing tool.

  * w3af (and the GUI), a web application attack and audit framework.

    * Wapiti, a web application security auditor and vulnerability scanner

    * WebScarab, an HTTP application auditing tool from OWASP

  * WebShag, a web server auditing tool

  * ZenMap, a NMAP graphical front end

Additionally Samurai includes several utilities that aren't available from the GUI menu.  These include:

  * dnswalk, a DNS query and zone transfer tool

    * httping, a ping like utility for HTTP requests

  * httrack, a website copying utility.

  * john the ripper, a password cracking program

    * netcat, a TCIP/IP swiss army knife

  * nmap, a port scanner and OS detection tool

    * siege, an HTTP stress tester and benchmarking tool.

  * snarf, a lightweight URL fetching utility"



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.