Tools used in Application Security & Penetration Testing

In this article I’ll tell you, what tools are typically used in Application Security (in short AppSec) & Penetration Testing (in short PenTest).

1. Foot-printing Tools : SamSpade, NSlookup, dig, whois, Netcraft, ike-scan, ping, tracert / traceroute, HTTPrint,P0f etc.

2. Port Scanning Tools : Nmap, Super Scan.

3. Packet Crafting Tools : Hping 2.

4. Web Application Scanning Tools : Acunetix, HP WebInspect, AppScan, Nikto,wikto, NStaker,Core-impact.

5. Application/Network Vulnerability Scanning Tools : Retina, Nessus, Core-impact, ike-probe, GFI-Languard, IPLocks VA (DataBase), App Detective (for DataBase servers), SARA.

6. OS Finger printing Tools : Nmap, Xprobe2.

7. Password Sniffing Tools : WireShark, Tcpdump, Ettercap, CAIN & Able.

8. Password Cracking Tools : Brutus, John the Ripper, Rainbow table, L0phtCrack, CAIN & Able.

9. Network Enumeration : DumSec, Winfo, nbtscan, SolarWinds, MegaPing.

10. Penetration testing Framework : Metasploit framework, Immunity Canvas.

11. Web-proxy : Paros, WebScarab.

12. Firewall ACL checking tool : Firewalk.

Leave a Reply

Your email address will not be published. Required fields are marked *