In my previous tutorial, i was explaning about Penetration Testing Tools.
So here we continue...
6. Cain & Abel :
Cain and abel is one of best Tool that is commonly used to Poison the
network
If cracking encrypted passwords or network keys is what you need, then
Cain& Abel is the tool for you. It uses network sniffing, Dictionary,
Brute-Force and Cryptanalysis attacks, cache uncovering and routing
protocol analysis methods to achieve this.
Features :
Brute Force Attack
Dictionary attack
Crypt Analysis attack
recording VoIP conversations
sniffing the network
decoding scrambled passwords
recovering wireless network keys
revealing password boxes
uncovering cached passwords
analyzing routing protocols
Dictionary attack
Crypt Analysis attack
recording VoIP conversations
sniffing the network
decoding scrambled passwords
recovering wireless network keys
revealing password boxes
uncovering cached passwords
analyzing routing protocols
Cain and abel is mainly developed in order to help for security
professionals,Network admins. The new version of cain label supports
APR (Arp Poison Routing) attacks.
7. Acunetix:
Acunetix is essentially a web vulnerability scanner targeted at web
applications. It provides SQL injection, cross site scripting testing,
PCI compliance reports etc. along with identifying a multitude of
vulnerabilities.
Hacking is on the rise and the number of victims is increasing every
day. See how firewalls, SSL and locked-down servers can't stop your
web applications and websites from being hacked but how Acunetix
protects them with:
AcuSensor Technology
Industry's most advanced and in-depth SQL injection and Cross site
scripting testing
Full HTML5 Support with Acunetix DeepScan Technology
Comprehensive scanning of Single Page Applications and JavaScript-
based websites
Mobile Website Support
Detection of Blind XSS vulnerabilities with AcuMonitor service
Automated detection of DOM-based XSS vulnerabilities
Advanced penetration testing tools, such as the HTTP Editor and the
HTTP Fuzzer
Extensive reporting facilities including PCI compliance reports
Multi-threaded and lightning fast scanner crawls hundreds of
thousands of pages with ease.
Industry's most advanced and in-depth SQL injection and Cross site
scripting testing
Full HTML5 Support with Acunetix DeepScan Technology
Comprehensive scanning of Single Page Applications and JavaScript-
based websites
Mobile Website Support
Detection of Blind XSS vulnerabilities with AcuMonitor service
Automated detection of DOM-based XSS vulnerabilities
Advanced penetration testing tools, such as the HTTP Editor and the
HTTP Fuzzer
Extensive reporting facilities including PCI compliance reports
Multi-threaded and lightning fast scanner crawls hundreds of
thousands of pages with ease.
8. John The Ripper :
This is the most powerful password cracker tool.
This tool works on most of the environments, although it’s primarily
for UNIX systems. It is considered one of the fastest tools in this
genre. Password hash code and strength-checking code are also made
available to be integrated to your own software/code.
Attack types:
One of the modes John can use is the dictionary attack. It takes text
string samples (usually from a file, called a wordlist, containing
words found in a dictionary or real passwords cracked before),
encrypting it in the same format as the password being examined
(including both the encryption algorithm and key), and comparing the
output to the encrypted string. It can also perform a variety of
alterations to the dictionary words and try these. Many of these
alterations are also used in John's single attack mode, which modifies
an associated plaintext (such as a username with an encrypted password)
and checks the variations against the hashes.
John also offers a brute force mode. In this type of attack, the
program goes through all the possible plaintexts, hashing each one and
then comparing it to the input hash. John uses character frequency
tables to try plaintexts containing more frequently used characters
first. This method is useful for cracking passwords which do not
appear in dictionary wordlists, but it does take a long time to run.
string samples (usually from a file, called a wordlist, containing
words found in a dictionary or real passwords cracked before),
encrypting it in the same format as the password being examined
(including both the encryption algorithm and key), and comparing the
output to the encrypted string. It can also perform a variety of
alterations to the dictionary words and try these. Many of these
alterations are also used in John's single attack mode, which modifies
an associated plaintext (such as a username with an encrypted password)
and checks the variations against the hashes.
John also offers a brute force mode. In this type of attack, the
program goes through all the possible plaintexts, hashing each one and
then comparing it to the input hash. John uses character frequency
tables to try plaintexts containing more frequently used characters
first. This method is useful for cracking passwords which do not
appear in dictionary wordlists, but it does take a long time to run.
9. W3AF :
w3af (short for web application attack and audit framework) is an
open-source web application security scanner. The project provides a
vulnerability scanner and exploitation tool for Web applications.
It provides information about security vulnerabilities and aids in
penetration testing efforts.
Some of the features are:
fast HTTP requests,
integration of web and proxy servers into the code,
injecting payloads into various kinds of HTTP requests etc.
10.Netsparker:
Netsparker comes with a robust web application scanner that will
identify vulnerabilities, suggest remedial action etc. This tool can
also help exploit SQL injection and LFI (local file induction). It has
a command-line and GUI interface. It works only on Microsoft Windows.
No comments:
Post a Comment