Ir para o conteúdo
  • Revista PROGRAMAR: Já está disponível a edição #60 da revista programar. Faz já o download aqui!

herakty

Boot CD Samurai Web Testing Framework

Mensagens Recomendadas

herakty

samurai_boot.jpg

Samurai Web Testing Framework

pessoalmente prefiro fazer as minhas distros (a partir de uma base já compilada... já lá vão os tempos de se compilar o kernel  :)) e "rampas de lançamento", mas fica aqui um excelente boot CD a ter sempre no bolso..

excelente colecção de ferramentas da secção

Live CD's for penetration testing are becoming more prevalent these days, with a wider diversity of offerings. Live CD's allow testers the ability to run pre configured tools from operating systems they might not otherwise have easy access to. A live CD comes with a full operating system and several tools already installed on them. Of course, with virtualization technology becoming available, it is easy to run multiple virtual environments specifically crafted for certain tasks. Utilizing live CD's to either directly boot your machine or from a virtual environment, gives penetration testers maximum flexibility in operating systems and tools at their disposal.

The best know live CD for penetration testing is Backtrack (now at version 3). Backtrack is a wonderful CD that includes lots of tools for all sorts of penetration testing. Backtrack followed closely on the heels of other special purpose live CD's, such as Helix - a live CD aimed at forensic analysis and Knoppix STD, which was one of the first information security centric live CDs.

Samurai comes with a host of useful applications.  These include many of the regular Linux tools but also include:

    * Burp Suite, a web application attacking tool

  * DirBuster, an application file and directory enumeration and brute forcing tool from OWASP

  * Fierce Domain Scanner a target ennumeration utility

  * Gooscan an automated Google querying tool that is useful for finding CGI vulnerabilities without scanning the target directly, but rather querying Google's caches

  * Grendel-Scan, just released, an open source web application vulnerability testing tool

    * HTTP_Print a web server fingerprinting tool

    * Maltego CE, an open source intelligence and forensics application that does data mining to find information from the internet and link it together (great for background research on a target).

    * Nikto, an open source web server scanner

  * Paros, one of my favorite, Java based, cross platform, web application auditing and proxy tools

    * Rat Proxy, a semi-automated, passive web application security audit tool.

    * Spike Proxy, an extensible web application analyzer and vulnerability scanner.

    * SQLBrute, a SQL injection and brute forcing tool.

  * w3af (and the GUI), a web application attack and audit framework.

    * Wapiti, a web application security auditor and vulnerability scanner

    * WebScarab, an HTTP application auditing tool from OWASP

  * WebShag, a web server auditing tool

  * ZenMap, a NMAP graphical front end

Additionally Samurai includes several utilities that aren't available from the GUI menu.  These include:

  * dnswalk, a DNS query and zone transfer tool

    * httping, a ping like utility for HTTP requests

  * httrack, a website copying utility.

  * john the ripper, a password cracking program

    * netcat, a TCIP/IP swiss army knife

  * nmap, a port scanner and OS detection tool

    * siege, an HTTP stress tester and benchmarking tool.

  * snarf, a lightweight URL fetching utility"

http://www.madirish.net/?article=218

teckV

Partilhar esta mensagem


Ligação para a mensagem
Partilhar noutros sites

Crie uma conta ou ligue-se para comentar

Só membros podem comentar

Criar nova conta

Registe para ter uma conta na nossa comunidade. É fácil!

Registar nova conta

Entra

Já tem conta? Inicie sessão aqui.

Entrar Agora

×

Aviso Sobre Cookies

Ao usar este site você aceita os nossos Termos de Uso e Política de Privacidade. Este site usa cookies para disponibilizar funcionalidades personalizadas. Para mais informações visite esta página.