Pentest and Vulnerability Scanning – A simple list of useful tools

Posted: May 4, 2013 in Penetration Testing and Vulnerability Scanning

BACKTRACK
BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
METASPLOIT
The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
NEXPOSE
Nexpose proactively scans your environment for misconfigurations, vulnerabilities, and malware and provides guidance for mitigating risks.
MOBILISAFE
Mobilisafe is a mobile risk management solution that automatically performs a mobile risk assessment of all the devices in your organization and provides easy-to-use tools to eliminate these risks.


ARMITAGE
Armitage is a GUI front-end for the Metasploit Framework developed by Raphael Mudge with the goal of helping security professionals better understand hacking and to help them realize the power of Metasploit.
CORTANA
Cortana is a real-time collaborative hacking tools with bots.
SCRIPTING COBALTA STRIKE
Cobalt Strike is a collection of threat emulation tools that work with the Metasploit Framework. Cobalt Strike helps you get a foothold in a network and quietly keep it. Cobalt Strike’s post-exploitation tools help you demonstrate what a sophisticated attacker can do. Cobalt Strike also generates professional reports at the end of your engagements.
ACUNETIX
Acunetix Web Vulnerability Scanner Includes Many Innovative Features:
AcuSensor Technology
An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications
Industries’ most advanced and in-depth SQL injection and Cross site scripting testing
Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
Visual macro recorder makes testing web forms and password protected areas easy
Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
Extensive reporting facilities including PCI compliance reports
Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
Intelligent crawler detects web server type and application language
Acunetix crawls and analyzes websites including flash content, SOAP and AJAX
Port scans a web server and runs security checks against network services running on the server
AMAP DISCOVERY TOOL
Amap is a great tool for determining what application is listening on a given port.
IBM APPSCAN
IBM Security AppScan software automates application security testing by scanning applications, identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation.
BURP SUITE
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
FOUNDSTONE
McAfee Foundstone guides enterprises on the best ways to protect assets and maximize business goals through maintaining a strong security posture
IP360
IP360 is the world’s leading vulnerability and risk management system enabling thousands of enterprises and government agencies to cost-effectively measure and manage their security risk.
MICROSOFT Baseline Security Analyzer
The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations.
NESSUS
Nessus leverages credentialed and uncredentialed scans; patch, configuration, and mobile device managers; external repositories; website reputation; and global threat intelligence to reduce risk and protect sensitive data.
NETSPARKER
Netsparker can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on.
NMAP
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing.
OPENVAS
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
QUALYS
mapping & discovery
network perimeter scans
PCI compliance scanning
Web application security testing
Detection of malware infections and threats
IT security policy creation, scanning & reporting
RETINA
Retina Network Security Scanner identifies the vulnerabilities – missing patches, configuration weaknesses, and industry best practices – to protect an organization’s IT assets. Retina provides cost-effective security risk assessment, as well as enables security best practices, policy enforcement, and regulatory audits.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s