This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:Penetration Testing Tools"

From OWASP
Jump to: navigation, search
(Fixed dead links and added additional information.)
 
(18 intermediate revisions by 7 users not shown)
Line 6: Line 6:
  
 
=== Information Gathering Tools ===
 
=== Information Gathering Tools ===
*Spiders, Robots, and Crawlers
+
*'''Fingerprinting'''
*Search Engine Discovery / Reconnaissance
 
*Fingerprinting
 
  
 +
{{:Template:OWASP Tool Headings}}
 +
{{OWASP Tool Info | tool_name = [http://www.net-square.com/httprint.html httprint]
 +
| tool_owner = NetSquare Inc
 +
| tool_licence = no cost for personal, educational and non-commercial use.
 +
| tool_platforms = Win, Lin, Mac, FreeBSD
 +
}}
 +
{{OWASP Tool Info | tool_name = [http://www.computec.ch/projekte/httprecon/ httprecon]
 +
| tool_owner = Marc Ruef
 +
| tool_licence = GPL
 +
| tool_platforms = Win
 +
}}
 +
{{OWASP Tool Info | tool_name = [http://www.netcraft.com Netcraft]| tool_owner = Netcraft Inc
 +
| tool_licence = N/A | tool_platforms = WebBased
 +
}}
 +
{{OWASP Tool Info | tool_name = [http://yehg.net/q WebRecon]| tool_owner = Aung Khant
 +
| tool_licence =GPL | tool_platforms = WebBased
 +
}}
 +
|}
  
 
=== Configuration Management Testing Tools ===
 
=== Configuration Management Testing Tools ===
*SSL Testing
+
*'''SSL Testing'''
  
 +
{{:Template:OWASP Tool Headings}}
 +
{{OWASP Tool Info || tool_name = [http://www.openssl.org/ OpenSSL]
 +
| tool_owner = [http://openssl.com/who.html OpenSSL Software Foundation]
 +
| tool_licence = [https://www.openssl.org/source/license.txt Apache-style license]
 +
| tool_platforms = Win, Lin, Mac, FreeBSD
 +
}}
 +
{{OWASP Tool Info || tool_name = [http://www.mcafee.com/us/downloads/free-tools/ssldigger.aspx SSL Digger]
 +
| tool_owner = Intel Corporation
 +
| tool_licence = [http://www.mcafee.com/br/resources/legal/mcafee-software-free-eula.pdf McAfee Software royalty-Free License]
 +
| tool_platforms = Win, Windows .NET Framework
 +
}}
 +
|}
  
=== Business Logic Testing Tools ===
+
*''' DB Listener Testing'''
  
 +
{{:Template:OWASP Tool Headings}}
 +
{{OWASP Tool Info || tool_name = [http://www.jammed.com/%7Ejwa/hacks/security/tnscmd/tnscmd-doc.html TNS Listener]}}
 +
{{OWASP Tool Info || tool_name = [http://www.quest.com/toad Toad]
 +
| tool_owner = [https://software.dell.com Dell Inc.]
 +
}}
 +
|}
  
 
=== Authentication Testing Tools ===
 
=== Authentication Testing Tools ===
*Password Brute Force Testing
+
*'''Password Brute Force Testing'''
  
 +
{{:Template:OWASP Tool Headings}}
 +
{{OWASP Tool Info || tool_name = [http://portswigger.net/intruder/ Burp Intruder]}}
 +
{{OWASP Tool Info || tool_name = [http://www.hoobie.net/brutus/ Brutus]}}
 +
{{OWASP Tool Info || tool_name = [http://www.oxid.it/cain.html Cain & Abel] | tool_owner = oxid
 +
| tool_licence = Freeware | tool_platforms = Windows}}
 +
{{OWASP Tool Info || tool_name = [http://www.openwall.com/john/ John the Ripper]}}
 +
{{OWASP Tool Info || tool_name = [http://ophcrack.sourceforge.net/ Ophcrack]}}
 +
{{OWASP Tool Info || tool_name = [http://www.thc.org/thc-hydra/ THC Hydra] | tool_owner= The Hacker's Choise | tool_platforms = Lin}}
 +
|}
  
=== Authorization Testing Tools ===
+
 
 +
=== Session Management Testing Tools ===
 +
 
 +
{{:Template:OWASP Tool Headings}}
 +
{{OWASP Tool Info || tool_name = [http://www.foundstone.com/us/resources/proddesc/cookiedigger.htm CookieDigger]}}
 +
|}
  
  
=== Session Management Testing Tools ===
+
=== Authorization Testing Tools ===
  
  
 
=== Data Validation Testing Tools ===
 
=== Data Validation Testing Tools ===
*Fuzzers
+
*'''Fuzzers'''
*SQL Injection Testing
+
*'''SQL Injection Testing'''
*XSS Testing
+
*'''XSS Testing'''
*Buffer Overflow Testing
+
*'''Buffer Overflow Testing'''
 +
{{:Template:OWASP Tool Headings}}
 +
{{OWASP Tool Info | tool_name = [http://code.google.com/p/skipfish/ Skipfish]
 +
| tool_owner = N/A
 +
| tool_licence = Apache
 +
| tool_platforms = Linux
 +
}}
 +
{{OWASP Tool Info || tool_name = [http://w3af.sourceforge.net/ w3af] | tool_owner = NA
 +
| tool_licence = GPL v2 | tool_platforms = Python required (cross platform)
 +
}}
 +
|}
  
  
Line 45: Line 103:
  
 
=== HTTP Traffic Monitoring ===
 
=== HTTP Traffic Monitoring ===
*Web Proxies
+
*'''Web Proxies'''
*Sniffers
+
 
 +
{{:Template:OWASP Tool Headings}}
 +
{{OWASP Tool Info || tool_name = [http://portswigger.net/proxy/ Burp Suite]}}
 +
{{OWASP Tool Info || tool_name = [http://www.parosproxy.org/download.shtml Paros Proxy]}}
 +
{{OWASP Tool Info || tool_name = [[OWASP_WebScarab_Project|Webscarab]]}}
 +
{{OWASP Tool Info || tool_name = [http://www.bayden.com/TamperIE/ TamperIE]}}
 +
{{OWASP Tool Info || tool_name = [https://addons.mozilla.org/en-US/firefox/addon/966 Tamper Data]}}
 +
{{OWASP Tool Info || tool_name = [http://www.immunitysec.com/resources-freesoftware.shtml SPIKE Proxy]}}
 +
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/suru/ Suru Web Proxy]}}
 +
{{OWASP Tool Info || tool_name = [http://www.charlesproxy.com/ Charles]}}
 +
{{OWASP Tool Info || tool_name = [http://www.bindshell.net/tools/odysseus Odysseus]}}
 +
{{OWASP Tool Info || tool_name = [http://jscmd.rubyforge.org/ JS Commander]}}
 +
{{OWASP Tool Info || tool_name = [http://code.google.com/p/ratproxy/ ratproxy]}}
 +
|}
 +
 
 +
*'''Sniffers'''
 +
 
 +
=== Encoders / Decoders ===
 +
*'''CAPTCHA Decoders'''
 +
 
 +
{{:Template:OWASP Tool Headings}}
 +
{{OWASP Tool Info || tool_name = [http://caca.zoy.org/wiki/PWNtcha PWNtcha]}}
 +
{{OWASP Tool Info || tool_name = [http://churchturing.org/captcha-dist/ The Captcha Breaker]}}
 +
|}
 +
 
 +
=== Web Testing Frameworks ===
 +
 
 +
{{:Template:OWASP Tool Headings}}
 +
{{OWASP Tool Info | tool_name = [http://w3af.sourceforge.net/ w3af]
 +
| tool_owner = Andres Riancho and w3af team
 +
| tool_licence = GPLv2
 +
| tool_platforms = Windows, Linux
 +
}}
 +
{{OWASP Tool Info | tool_name = [http://www.websecurify.com Websecurify]
 +
| tool_owner = GNUCITIZEN / Websecurify
 +
| tool_licence = GPLv2
 +
| tool_platforms = Windows, Mac OS, Linux
 +
}}
 +
{{OWASP Tool Info | tool_name = [http://www.zerodayscan.com/ ZeroDayScan]
 +
| tool_owner =
 +
| tool_licence = Free
 +
| tool_platforms = Online, Cloud
 +
}}

Latest revision as of 20:42, 14 June 2016

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

Penetration Testing Tools

Information Gathering Tools

  • Fingerprinting
Name Owner Licence Platforms
httprint NetSquare Inc no cost for personal, educational and non-commercial use. Win, Lin, Mac, FreeBSD
httprecon Marc Ruef GPL Win
Netcraft Netcraft Inc N/A WebBased
WebRecon Aung Khant GPL WebBased

Configuration Management Testing Tools

  • SSL Testing
Name Owner Licence Platforms
OpenSSL OpenSSL Software Foundation Apache-style license Win, Lin, Mac, FreeBSD
SSL Digger Intel Corporation McAfee Software royalty-Free License Win, Windows .NET Framework
  • DB Listener Testing
Name Owner Licence Platforms
TNS Listener
Toad Dell Inc.

Authentication Testing Tools

  • Password Brute Force Testing
Name Owner Licence Platforms
Burp Intruder
Brutus
Cain & Abel oxid Freeware Windows
John the Ripper
Ophcrack
THC Hydra The Hacker's Choise Lin


Session Management Testing Tools

Name Owner Licence Platforms
CookieDigger


Authorization Testing Tools

Data Validation Testing Tools

  • Fuzzers
  • SQL Injection Testing
  • XSS Testing
  • Buffer Overflow Testing
Name Owner Licence Platforms
Skipfish N/A Apache Linux
w3af NA GPL v2 Python required (cross platform)


Denial of Service Testing Tools

Web Services Testing Tools

Ajax Testing Tools

HTTP Traffic Monitoring

  • Web Proxies
Name Owner Licence Platforms
Burp Suite
Paros Proxy
Webscarab
TamperIE
Tamper Data
SPIKE Proxy
Suru Web Proxy
Charles
Odysseus
JS Commander
ratproxy
  • Sniffers

Encoders / Decoders

  • CAPTCHA Decoders
Name Owner Licence Platforms
PWNtcha
The Captcha Breaker

Web Testing Frameworks

Name Owner Licence Platforms
w3af Andres Riancho and w3af team GPLv2 Windows, Linux
Websecurify GNUCITIZEN / Websecurify GPLv2 Windows, Mac OS, Linux
ZeroDayScan Free Online, Cloud

This category currently contains no pages or media.