This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:Penetration Testing Tools"
From OWASP
Vishal Garg (talk | contribs) (→HTTP Traffic Monitoring) |
(Fixed dead links and added additional information.) |
||
| (15 intermediate revisions by 7 users not shown) | |||
| Line 6: | Line 6: | ||
=== Information Gathering Tools === | === Information Gathering Tools === | ||
| − | * | + | *'''Fingerprinting''' |
| − | |||
| − | |||
| + | {{:Template:OWASP Tool Headings}} | ||
| + | {{OWASP Tool Info | tool_name = [http://www.net-square.com/httprint.html httprint] | ||
| + | | tool_owner = NetSquare Inc | ||
| + | | tool_licence = no cost for personal, educational and non-commercial use. | ||
| + | | tool_platforms = Win, Lin, Mac, FreeBSD | ||
| + | }} | ||
| + | {{OWASP Tool Info | tool_name = [http://www.computec.ch/projekte/httprecon/ httprecon] | ||
| + | | tool_owner = Marc Ruef | ||
| + | | tool_licence = GPL | ||
| + | | tool_platforms = Win | ||
| + | }} | ||
| + | {{OWASP Tool Info | tool_name = [http://www.netcraft.com Netcraft]| tool_owner = Netcraft Inc | ||
| + | | tool_licence = N/A | tool_platforms = WebBased | ||
| + | }} | ||
| + | {{OWASP Tool Info | tool_name = [http://yehg.net/q WebRecon]| tool_owner = Aung Khant | ||
| + | | tool_licence =GPL | tool_platforms = WebBased | ||
| + | }} | ||
| + | |} | ||
=== Configuration Management Testing Tools === | === Configuration Management Testing Tools === | ||
| − | *SSL Testing | + | *'''SSL Testing''' |
| + | {{:Template:OWASP Tool Headings}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.openssl.org/ OpenSSL] | ||
| + | | tool_owner = [http://openssl.com/who.html OpenSSL Software Foundation] | ||
| + | | tool_licence = [https://www.openssl.org/source/license.txt Apache-style license] | ||
| + | | tool_platforms = Win, Lin, Mac, FreeBSD | ||
| + | }} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.mcafee.com/us/downloads/free-tools/ssldigger.aspx SSL Digger] | ||
| + | | tool_owner = Intel Corporation | ||
| + | | tool_licence = [http://www.mcafee.com/br/resources/legal/mcafee-software-free-eula.pdf McAfee Software royalty-Free License] | ||
| + | | tool_platforms = Win, Windows .NET Framework | ||
| + | }} | ||
| + | |} | ||
| + | |||
| + | *''' DB Listener Testing''' | ||
| + | |||
| + | {{:Template:OWASP Tool Headings}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.jammed.com/%7Ejwa/hacks/security/tnscmd/tnscmd-doc.html TNS Listener]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.quest.com/toad Toad] | ||
| + | | tool_owner = [https://software.dell.com Dell Inc.] | ||
| + | }} | ||
| + | |} | ||
=== Authentication Testing Tools === | === Authentication Testing Tools === | ||
| − | *Password Brute Force Testing | + | *'''Password Brute Force Testing''' |
| + | |||
| + | {{:Template:OWASP Tool Headings}} | ||
| + | {{OWASP Tool Info || tool_name = [http://portswigger.net/intruder/ Burp Intruder]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.hoobie.net/brutus/ Brutus]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.oxid.it/cain.html Cain & Abel] | tool_owner = oxid | ||
| + | | tool_licence = Freeware | tool_platforms = Windows}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.openwall.com/john/ John the Ripper]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://ophcrack.sourceforge.net/ Ophcrack]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.thc.org/thc-hydra/ THC Hydra] | tool_owner= The Hacker's Choise | tool_platforms = Lin}} | ||
| + | |} | ||
| − | === | + | === Session Management Testing Tools === |
| + | |||
| + | {{:Template:OWASP Tool Headings}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.foundstone.com/us/resources/proddesc/cookiedigger.htm CookieDigger]}} | ||
| + | |} | ||
| − | === | + | === Authorization Testing Tools === |
=== Data Validation Testing Tools === | === Data Validation Testing Tools === | ||
| − | *Fuzzers | + | *'''Fuzzers''' |
| − | *SQL Injection Testing | + | *'''SQL Injection Testing''' |
| − | *XSS Testing | + | *'''XSS Testing''' |
| − | *Buffer Overflow Testing | + | *'''Buffer Overflow Testing''' |
| + | {{:Template:OWASP Tool Headings}} | ||
| + | {{OWASP Tool Info | tool_name = [http://code.google.com/p/skipfish/ Skipfish] | ||
| + | | tool_owner = N/A | ||
| + | | tool_licence = Apache | ||
| + | | tool_platforms = Linux | ||
| + | }} | ||
| + | {{OWASP Tool Info || tool_name = [http://w3af.sourceforge.net/ w3af] | tool_owner = NA | ||
| + | | tool_licence = GPL v2 | tool_platforms = Python required (cross platform) | ||
| + | }} | ||
| + | |} | ||
| Line 48: | Line 109: | ||
{{OWASP Tool Info || tool_name = [http://www.parosproxy.org/download.shtml Paros Proxy]}} | {{OWASP Tool Info || tool_name = [http://www.parosproxy.org/download.shtml Paros Proxy]}} | ||
{{OWASP Tool Info || tool_name = [[OWASP_WebScarab_Project|Webscarab]]}} | {{OWASP Tool Info || tool_name = [[OWASP_WebScarab_Project|Webscarab]]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.bayden.com/TamperIE/ TamperIE]}} | ||
| + | {{OWASP Tool Info || tool_name = [https://addons.mozilla.org/en-US/firefox/addon/966 Tamper Data]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.immunitysec.com/resources-freesoftware.shtml SPIKE Proxy]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/suru/ Suru Web Proxy]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.charlesproxy.com/ Charles]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://www.bindshell.net/tools/odysseus Odysseus]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://jscmd.rubyforge.org/ JS Commander]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://code.google.com/p/ratproxy/ ratproxy]}} | ||
|} | |} | ||
*'''Sniffers''' | *'''Sniffers''' | ||
| + | |||
| + | === Encoders / Decoders === | ||
| + | *'''CAPTCHA Decoders''' | ||
| + | |||
| + | {{:Template:OWASP Tool Headings}} | ||
| + | {{OWASP Tool Info || tool_name = [http://caca.zoy.org/wiki/PWNtcha PWNtcha]}} | ||
| + | {{OWASP Tool Info || tool_name = [http://churchturing.org/captcha-dist/ The Captcha Breaker]}} | ||
| + | |} | ||
| + | |||
| + | === Web Testing Frameworks === | ||
| + | |||
| + | {{:Template:OWASP Tool Headings}} | ||
| + | {{OWASP Tool Info | tool_name = [http://w3af.sourceforge.net/ w3af] | ||
| + | | tool_owner = Andres Riancho and w3af team | ||
| + | | tool_licence = GPLv2 | ||
| + | | tool_platforms = Windows, Linux | ||
| + | }} | ||
| + | {{OWASP Tool Info | tool_name = [http://www.websecurify.com Websecurify] | ||
| + | | tool_owner = GNUCITIZEN / Websecurify | ||
| + | | tool_licence = GPLv2 | ||
| + | | tool_platforms = Windows, Mac OS, Linux | ||
| + | }} | ||
| + | {{OWASP Tool Info | tool_name = [http://www.zerodayscan.com/ ZeroDayScan] | ||
| + | | tool_owner = | ||
| + | | tool_licence = Free | ||
| + | | tool_platforms = Online, Cloud | ||
| + | }} | ||
Latest revision as of 20:42, 14 June 2016
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
- 1 Penetration Testing Tools
- 1.1 Information Gathering Tools
- 1.2 Configuration Management Testing Tools
- 1.3 Authentication Testing Tools
- 1.4 Session Management Testing Tools
- 1.5 Authorization Testing Tools
- 1.6 Data Validation Testing Tools
- 1.7 Denial of Service Testing Tools
- 1.8 Web Services Testing Tools
- 1.9 Ajax Testing Tools
- 1.10 HTTP Traffic Monitoring
- 1.11 Encoders / Decoders
- 1.12 Web Testing Frameworks
Penetration Testing Tools
Information Gathering Tools
- Fingerprinting
| Name | Owner | Licence | Platforms |
| httprint | NetSquare Inc | no cost for personal, educational and non-commercial use. | Win, Lin, Mac, FreeBSD |
| httprecon | Marc Ruef | GPL | Win |
| Netcraft | Netcraft Inc | N/A | WebBased |
| WebRecon | Aung Khant | GPL | WebBased |
Configuration Management Testing Tools
- SSL Testing
| Name | Owner | Licence | Platforms |
| OpenSSL | OpenSSL Software Foundation | Apache-style license | Win, Lin, Mac, FreeBSD |
| SSL Digger | Intel Corporation | McAfee Software royalty-Free License | Win, Windows .NET Framework |
- DB Listener Testing
| Name | Owner | Licence | Platforms |
| TNS Listener | |||
| Toad | Dell Inc. |
Authentication Testing Tools
- Password Brute Force Testing
| Name | Owner | Licence | Platforms |
| Burp Intruder | |||
| Brutus | |||
| Cain & Abel | oxid | Freeware | Windows |
| John the Ripper | |||
| Ophcrack | |||
| THC Hydra | The Hacker's Choise | Lin |
Session Management Testing Tools
| Name | Owner | Licence | Platforms |
| CookieDigger |
Authorization Testing Tools
Data Validation Testing Tools
- Fuzzers
- SQL Injection Testing
- XSS Testing
- Buffer Overflow Testing
| Name | Owner | Licence | Platforms |
| Skipfish | N/A | Apache | Linux |
| w3af | NA | GPL v2 | Python required (cross platform) |
Denial of Service Testing Tools
Web Services Testing Tools
Ajax Testing Tools
HTTP Traffic Monitoring
- Web Proxies
| Name | Owner | Licence | Platforms |
| Burp Suite | |||
| Paros Proxy | |||
| Webscarab | |||
| TamperIE | |||
| Tamper Data | |||
| SPIKE Proxy | |||
| Suru Web Proxy | |||
| Charles | |||
| Odysseus | |||
| JS Commander | |||
| ratproxy |
- Sniffers
Encoders / Decoders
- CAPTCHA Decoders
| Name | Owner | Licence | Platforms |
| PWNtcha | |||
| The Captcha Breaker |
Web Testing Frameworks
| Name | Owner | Licence | Platforms |
| w3af | Andres Riancho and w3af team | GPLv2 | Windows, Linux |
| Websecurify | GNUCITIZEN / Websecurify | GPLv2 | Windows, Mac OS, Linux |
| ZeroDayScan | Free | Online, Cloud |
This category currently contains no pages or media.
