Penetration Testing mailing list archives

RE: Application Security

From: "Rivest, Philippe" <PRivest () transforce ca>
Date: Mon, 7 Jul 2008 13:46:52 -0400
I don't know exactly what kind of application you may want to use.

So heres my own tool box list :)
(Note you should consider this a draft)

Have fun


Tools for 
Foot printing
1.      Nmap (Linux) http://nmap.org/download.html
2.      THC Amap (Linux) http://www.thc.org/thc-amap/
3.      OpenSSH
1.      SSH (linux) (built-in)
2.      Putty (windows) http://www.openssh.org/windows.html
4.      Netstumbler http://www.netstumbler.com/
5.      Sysinternal (pstools suite)
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
6.      P0f (Linux) http://lcamtuf.coredump.cx/p0f.shtml
7.      Firewalk (Linux) http://www.packetfactory.net/projects/firewalk/
8.      ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
9.      whois http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
10.     psloglist
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
11.     Tor http://www.torproject.org/
12.     Web-harvest (http://web-harvest.sourceforge.net/)
13.     Sam Spade
http://64.233.167.104/search?q=cache:UXhTem4ujdUJ:www.softpedia.com/get/Netwo
rk-Tools/Network-Tools-Suites/Sam-Spade.shtml+sam+spade&hl=fr&ct=clnk&cd=19&g
l=ca
14.     Maltego


Vulnerability
1.      Nessus (Linux) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux) http://www.parosproxy.org/index.shtml
4.      ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux)
http://www-arc.com/sara/
6.      MBSA (not too sure I should use this)
http://technet.microsoft.com/en-us/security/cc184923.aspx


Exploit
1.      Metasploit (Linux) http://www.metasploit.com/
2.      Netcat (Linux) http://netcat.sourceforge.net/
3.      Cain and abel http://www.oxid.it/cain.html
4.      Sysinternal (pstools suite)
http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
5.      Perl, python
6.      Bloodshed c++ http://www.bloodshed.net/devcpp.html

Sniffing
1.      Wireshark http://www.wireshark.org/
2.      Cain and abel http://www.oxid.it/cain.html
3.      Airsnort (Linux) http://airsnort.shmoo.com/
4.      aircrack (Linux)

Cracker
1.      John the ripper (Linux) http://www.openwall.com/john/
2.      THC Hydra (Linux) http://www.thc.org/thc-hydra/
3.      LC4 (l0phtcrack)
4.      pwdump (the new version fgdump and pwdump7)
5.      Tcpdump (Linux) http://www.tcpdump.org/

Other
1-      Cam studio (for evidence)


Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest () transforce ca
Téléphone: (514) 331-4417
www.transforce.ca

Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long.
You could print this email, but it does takes a long time to grow trees.
 

-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la
part de GT GERONIMO, Frederick Joseph B.
Envoyé : 7 juillet 2008 05:12
À : pen-test () securityfocus com
Objet : Application Security

Hello,

I have been reading up on Application Security and Software Security
Testing. I am interested tools you use in detecting any security bugs in
business applications, may it be a web application, a C+ GUI, or what
have you.

Any opinion would be greatly appreciated. Thanks


Fred

This e-mail message (including attachments, if any) is intended for the use
of the individual or the entity to whom it is addressed and may contain
information that is privileged, proprietary, confidential and exempt from
disclosure. If you are not the intended recipient, you are notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
the sender and delete this E-mail message immediately.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Current thread:

Application Security GT GERONIMO, Frederick Joseph B. (Jul 07)
- Re: Application Security kevin horvath (Jul 07)
- RE: Application Security Rivest, Philippe (Jul 07)
  - Re: Application Security Meenal Mukadam (Jul 08)
- <Possible follow-ups>
- Re: Application Security abhishek . luck (Jul 08)