Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: Application Security

RE: Application Security

From: Rivest, Philippe <PRivest_at_transforce.ca>
Date: Mon, 7 Jul 2008 13:46:52 -0400

I don't know exactly what kind of application you may want to use.

So heres my own tool box list :)
(Note you should consider this a draft)

Have fun

Tools for
Foot printing
1. Nmap (Linux) http://nmap.org/download.html
2. THC Amap (Linux) http://www.thc.org/thc-amap/
3. OpenSSH
1. SSH (linux) (built-in)
2. Putty (windows) http://www.openssh.org/windows.html
4. Netstumbler http://www.netstumbler.com/
5. Sysinternal (pstools suite)
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
6. P0f (Linux) http://lcamtuf.coredump.cx/p0f.shtml
7. Firewalk (Linux) http://www.packetfactory.net/projects/firewalk/
8. ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
9. whois http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
10. psloglist
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
11. Tor http://www.torproject.org/
12. Web-harvest (http://web-harvest.sourceforge.net/)
13. Sam Spade
http://64.233.167.104/search?q=cache:UXhTem4ujdUJ:www.softpedia.com/get/Netwo
rk-Tools/Network-Tools-Suites/Sam-Spade.shtml+sam+spade&hl=fr&ct=clnk&cd=19&g
l=ca
14. Maltego

Vulnerability
1. Nessus (Linux) http://www.nessus.org/nessus/
2. Nikto (Linux) http://www.cirt.net/nikto2
3. Paros proxy (Linux) http://www.parosproxy.org/index.shtml
4. ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5. SARA (Security Auditor's Research Assistant) (Linux)
http://www-arc.com/sara/
6. MBSA (not too sure I should use this)
http://technet.microsoft.com/en-us/security/cc184923.aspx

Exploit
1. Metasploit (Linux) http://www.metasploit.com/
2. Netcat (Linux) http://netcat.sourceforge.net/
3. Cain and abel http://www.oxid.it/cain.html
4. Sysinternal (pstools suite)
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
5. Perl, python
6. Bloodshed c++ http://www.bloodshed.net/devcpp.html

Sniffing
1. Wireshark http://www.wireshark.org/
2. Cain and abel http://www.oxid.it/cain.html
3. Airsnort (Linux) http://airsnort.shmoo.com/
4. aircrack (Linux)

Cracker
1. John the ripper (Linux) http://www.openwall.com/john/
2. THC Hydra (Linux) http://www.thc.org/thc-hydra/
3. LC4 (l0phtcrack)
4. pwdump (the new version fgdump and pwdump7)
5. Tcpdump (Linux) http://www.tcpdump.org/

Other
1- Cam studio (for evidence)

Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest_at_transforce.ca
Téléphone: (514) 331-4417
www.transforce.ca

Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long.
You could print this email, but it does takes a long time to grow trees.
 

-----Message d'origine-----
De : listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] De la
part de GT GERONIMO, Frederick Joseph B.
Envoyé : 7 juillet 2008 05:12
À : pen-test_at_securityfocus.com
Objet : Application Security

Hello,

I have been reading up on Application Security and Software Security
Testing. I am interested tools you use in detecting any security bugs in
business applications, may it be a web application, a C+ GUI, or what
have you.

Any opinion would be greatly appreciated. Thanks

Fred

This e-mail message (including attachments, if any) is intended for the use
of the individual or the entity to whom it is addressed and may contain
information that is privileged, proprietary, confidential and exempt from
disclosure. If you are not the intended recipient, you are notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
the sender and delete this E-mail message immediately.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 07 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos