rss
twitter
  •  

Online Penetration Testing Tools

| Posted in Security Articles |

5

I saw this post on eLearnSecurity and decided to share. I will be updating as time goes on.

Information gathering:
(multi) http://www.subnetonline.com/
(multi) http://ping.eu/
(multi) http://serversniff.net/
(multi)http://www.yougetsignal.com/
(dig/nslookup,whois,traceroute) http://networking.ringofsaturn.com/Tools/
(whois,dns_tools,service_scan,traceroute) http://centralops.ne…http://centralops.ne…http://centralops.net/co/DomainDossier.aspx
(whois,dns_tools,domain_search) http://www.whois.ws/
(whois,dns_tools) http://www.robtex.com/
(whois) http://www.ripn.net:8080/nic/whois
(domain_search) http://searchdns.netcraft.com/
(iplookup,BGP AS lookup)http://bgp.he.net/
(ASN search) http://fixedorbit.com/search.htm
(dns,whois, network lookup, …) www.network-tools.com

Exploit Search:
(google engine)http://exploitsearch.com/
(nvd,osvdb,metasploit,…)http://www.exploitsearch.net/
(engine) http://shodan.surtri.com/
http://www.hack0wn.com/advisories.php
http://www.1337day.com/
http://www.exploit-db.com/
http://securityvulns.com/
http://www.zerodayin…http://www.zerodayinitiative.com/advisories/published/
http://seclists.org/fulldisclosure/
https://web.nvd.nist…https://web.nvd.nist.gov/view/vuln/search?cid=3
https://www.us-cert….https://www.us-cert.gov/cas/techalerts/
http://www.cvedetails.com/
http://routerpwn.com/

Scanning networks,web structures,..
(nmap,openvas,sqlix,sqlmap,nikto,sub_domain) http://hackertarget….http://hackertarget.com/free-security-vulnerability-scans/
(nmap,traceroute,whois) http://hackerfantastic.com/
(structure) http://madnet.name/tools/madss/
(SQLi,XSS,..)http://hackvertor.co.uk/public
(structure) http://sucuri.net/index.php?page=scan
(Drupal Vulnerability Scanner) http://raz0r.name/drupalscan/
(Joomla scanner) https://www.joomlascan.com/
(Cross Site Scripting Scanner) http://xss-scanner.com/
(SQLi) http://www.be007.gig…http://www.be007.gigfa.com/scanner/scanner.php
(SQLi) http://scanner.drie88.tk/
(SQLi) http://www.localvn.b…http://www.localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan/
(SQLi) http://wolfscps.com/gscanner.php

Hack tools store: http://hackarmoury.com/tools

  XSS Guide:
http://www.owasp.org…http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
http://www.businessi…http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php
http://www.googlebig…http://www.googlebig.com/forum/xss-cheats-t-18771.html
http://ha.ckers.org/xss.html
http://utf-8.jp/public/jjencode.html
http://0x416d73.name/jstb/

SQL Injection Guide
http://ha.ckers.org/sqlinjection/
http://pentestmonkey.net/cheat-sheets/
http://ferruh.mavitu…http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

netcat cheat sheet: http://www.sans.org/…http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
hping3 cheatsheet: http://sbdtools.goog…http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
Nmap5: http://sbdtools.goog…http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
Metasplot meterpreter: http://rmccurdy.com/…http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html

Browser test:
http://www.browserscope.org/

Encode/Decode:
http://www.crypo.com/
http://coderstoolbox.net/string/
http://ostermiller.o…http://ostermiller.org/calc/encode.html
http://www.showmycode.com/
http://home2.paulsch…http://home2.paulschou.net/tools/xlate/
http://passwordforen…http://passwordforensics.com/online-tools.php

Shellcode to exe:
http://tools88.com/s…http://tools88.com/safe/shellcode_2_exe.php
http://freechina.org…http://freechina.org.ru/shellcode_2_exe.php
http://sandsprite.co…http://sandsprite.com/shellcode_2_exe.php

Wordlists:
http://contest-2010….http://contest-2010.korelogic.com/wordlists.html
http://packetstormse…http://packetstormsecurity.org/Crackers/wordlists/
http://www.skullsecu…http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.ericheitz…http://www.ericheitzman.com/passwd/passwords/

Hashcrack:
(lm,ntlm,md5,mysql/3/4) http://hashcrack.com/
(md5,sha1) http://md5.rednoize.com/
(md5,sha1) http://isc.sans.org/…http://isc.sans.org/…http://isc.sans.org/tools/reversehash.html
(md5) http://www.tmto.org/…http://www.tmto.org/pages/passwordtools/hashcracker/
(md5,lm) http://www.c0llision.net/webcrack.php
(md5) http://md5cracker.tk/
(md5) http://www.hashchecker.de/
(md5) http://askcheck.com/
(md5) http://www.kinginfet.net/md5_cracker/
(lm) http://lmcrack.com/
(lm) http://cracker.offensive-security.com/
(md5) http://gdataonline.com/seekhash.php
(md5) http://opencrack.hashkiller.com/
(md5) http://cracker.fox21.at/
(md5) http://md5crack.com/
(md5) http://md5decryption.com/
(md5) http://authsecu.com/…http://authsecu.com/decrypter-dechiffrer-cracker-hash-md5/decrypter-dechiffrer-cracker-hash-md5.php
(md5) http://hash.insidepro.com/
(md5) http://md5decrypter.com/
(md5) http://md5pass.info/
(md5) http://crackfor.me/
(md5) http://www.xmd5.org/
(md5) http://socialware.ru/md5_crack.php
(md5) http://md5.my-addr.c…http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php
(md5) http://www.md5cracker.com/
(md5) http://www.md5decrypter.co.uk/
(md5) http://md5.noisette.ch/
(md5) http://md5.igrkio.in…http://md5.igrkio.info/md5-hash-database.html
(md5) http://www.hashhack.com
(WebSphere) http://www.sysman.nl/wasdecoder/
(SHA1/MD5 hash cracker on ATI and NVIDIA GPUs) http://www.golubev.com/hashgpu.htm
(Default Password List) http://www.phenoelit…http://www.phenoelit-us.org/dpl/dpl.html

Analysis Malware:
(AV) http://www.virustotal.com/
(AV) http://www.virscan.org/
(AV) http://virusscan.jotti.org/
(analysis system)http://mwanalysis.or…http://mwanalysis.org/?site=1&page=submit
(behavior analysis) http://anubis.iseclab.org/
http://www.netscty.com/malware-tool
(behavior analysis) http://mwanalysis.or…http://mwanalysis.org/?site=1&page=submit
(javascript,flash) http://wepawet.cs.ucsb.edu/

Google Pentest BookmarksList : https://code.google….https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList