SOFTWARE SECURITY TESTING TOOLS
Metasploit Project
A computer security project that provides information
about security vulnerabilities and
aids in penetration testing and IDS signature development.
Its best-known sub-project is the open-source Metasploit
Framework, a tool for developing and executing exploit code
against a remote target machine. Other important sub-projects include the
Opcode Database, shellcode archive and related
research.
The Metasploit Project includes anti-forensic and evasion
tools, some of which are built into the Metasploit Framework. Metasploit is
pre-installed in the Kali Linux operating system.
Netsparker
A web application security
scanner, with support for both detection and exploitation of vulnerabilities.
It aims to be false positive–free by only reporting confirmed vulnerabilities
after successfully exploiting or otherwise testing them
Netsparker
is an easy to use and fully automated web application security scanner that
uses the advanced Proof-Based Scanning technology to identify SQL
Injection, Cross-site Scripting (XSS) and thousands of other vulnerabilities in
web applications, web services and web APIs. The Netsparker web vulnerability
scanner also has built-in security testing tools, reports generator, and can be
easily integrated in your SDLC, DevOps and other environment.
·
Netsparker’s Exclusive Proof-Based Scanning
Technology allows you to allocate more time to fix the reported flaws.
·
Netparker’s Website Vulnerability
Scanner finds more vulnerabilities.
·
Netsparker allows you to automate more.
Nmap (Network
Mapper)
A free and open-source network scanner created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich). Nmap is used to
discover hosts and services on a computer network by sending packets and analyzing the responses.
Nmap provides a number of features for probing computer
networks, including host discovery and service and operating system detection. These features are extensible
by scripts that provide
more advanced service detection, vulnerability detection and other features.
Nmap can adapt to network conditions including latency and congestion during a
scan.
Nmap started as a Linux utility
and was ported to other systems including Windows, macOS, and BSD.
Linux is the most popular platform, followed by Windows.
Burp or Burp
Suite
A graphical tool for testing Web application security. The
tool is written in Java and
developed by PortSwigger Web Security. The tool has three editions: a Community
Edition that can be downloaded free of charge, a Professional Edition and an
Enterprise Edition that can be purchased after a trial period. The
Community edition has significantly reduced functionality. It intends to
provide a comprehensive solution for web application security checks. In
addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains
more advanced options such as a spider, a repeater, a decoder, a comparer, an
extender and a sequencer.
The company behind Burp Suite has also developed a mobile
application containing similar tools compatible with iOS 8 and above.
Kali
Linux
A Debian-derived Linux
distribution designed for digital forensics and penetration testing. Kali Linux has a
dedicated project set aside for compatibility and porting to specific Android
devices, called Kali Linux NetHunter.
It supports Wireless 802.11 frame injection, one-click
MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as
Bad USB MITM attacks.
Nessus
Nessus scans cover
a wide range of technologies including operating systems, network devices,
hypervisors, databases, web servers, and critical infrastructure.
The results of the
scan can be reported in various formats, such as plain text, XML, HTML and LaTeX.
The results can also be saved in a knowledge base for debugging. On UNIX,
scanning can be automated through the use of a command-line client. There exist
many different commercial, free and open source tools for both UNIX and Windows
to manage individual or distributed Nessus scanners.
Nessus provides
additional functionality beyond testing for known network vulnerabilities. For
instance, it can use Windows credentials to examine patch levels on computers
running the Windows operating system. Nessus can also support configuration and
compliance audits, SCADA audits, and PCI compliance.
Examples of
vulnerabilities and exposures Nessus can scan for include:
·
Vulnerabilities that could allow unauthorized control or access to
sensitive data on a system.
·
Misconfiguration (e.g. open mail relay, missing patches, etc.).
·
Default passwords, a few
common passwords, and blank/absent passwords on some system accounts.
Nessus can also call Hydra (an external tool) to launch a dictionary attack.
·
Denials of service vulnerabilities
SonarQube
An open-source platform for
continuous inspection of code quality to perform automatic reviews with
static analysis of code to
detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security
vulnerabilities.
SonarQube can
record metrics history and provides evolution graphs. SonarQube provides fully
automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools
(Atlassian Bamboo, Jenkins, Hudson, etc.)
SonarQube includes support
for the programming languages Java (including Android), C#, PHP, JavaScript, TypeScript, C/C++, Ruby, Kotlin, Go, COBOL, PL/SQL, PL/I, ABAP, VB.NET, VB6, Python, RPG, Flex, Objective-C, Swift, CSS, HTML,
and XML. Some of these are only available via a commercial
license.
SonarQube is
available for free under the GNU Lesser General Public
License. An enterprise version for paid licensing also exists, as
well as a data center edition that supports high availability.
SonarQube
integrates with Eclipse, Visual Studio, and IntelliJ IDEA development environments through the SonarLint plug-ins,
and also integrates with external tools like LDAP, Active Directory, GitHub, and others. SonarQube is expandable with the use
of plug-ins.
Wireshark
A free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development,
and education.
Wireshark is cross-platform, using the Qt widget toolkit in
current releases to implement its user interface, and using pcap to
capture packets; it runs on Linux, macOS, BSD, Solaris, some
other Unix-like operating systems, and Microsoft Windows. There is also a terminal-based (non-GUI)
version called TShark. Wireshark, and the other programs distributed with it
such as TShark, are free software, released under the terms of
the GNU General Public License.
Wireshark lets the
user put network interface controllers into promiscuous mode (if supported by the network interface controller),
so they can see all the traffic visible on that interface including unicast
traffic not sent to that network interface controller's MAC address. However, when capturing with a packet analyzer in promiscuous mode on a port on a network switch, not all traffic through the switch is
necessarily sent to the port where the capture is done, so capturing in promiscuous
mode is not necessarily sufficient to see all network traffic. Port mirroring or various network taps extend capture to any point on the network.
Simple passive taps are extremely resistant to tampering.
On GNU/Linux, BSD,
and macOS, with libpcap 1.0.0 or later, Wireshark 1.4 and later can also
put wireless network
interface controllers into monitor mode.
If a remote
machine captures packets and sends the captured packets to a machine running
Wireshark using the TZSP protocol or the protocol used
by OmniPeek, Wireshark dissects those packets, so it can analyze
packets captured on a remote machine at the time that they are captured.
w3af (Web
Application Attack and Audit Framework)
An open-source web application security scanner.
The project provides a vulnerability scanner and
exploitation tool for Web applications. It provides information about security vulnerabilities for
use in penetration
testing engagements. The scanner offers a graphical user interface and
a command-line interface.
w3af is divided
into two main parts, the core and the plug-ins. The
core coordinates the process and provides features that are consumed by the
plug-ins, which find the vulnerabilities and exploit them. The plug-ins are
connected and share information with each other using a knowledge base.
Plug-ins can be
categorized as Discovery, Audit, Grep,
Attack, Output, Mangle, Evasion or Bruteforce.
sqlmap
An open source
software that is used to detect and exploit database vulnerabilities and
provides options for injecting malicious codes into them.
It is a
penetration testing tool that automates the process of detecting and
exploiting SQL injection flaws providing its
user interface in the terminal.
The software is
run at the command line and is available to download for different operating
systems: Linux distributions, Windows and Mac OS operating systems.
In addition to
mapping and detecting vulnerabilities, the software enables access to the
database, editing and deleting data, and viewing data in tables such as users,
passwords, backups, phone numbers, e-mail addresses, credit cards and other
confidential and sensitive information.
sqlmap has full
support for multiple DBMSs, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird and
SAP MaxDB.
And full support
for all injection techniques: Boolean, Error, Stack, Time, Union.
Proxy
Server
A
server that acts as
an intermediary for requests
from clients seeking
resources from other servers. A client connects to the proxy server,
requesting some service, such as a file, connection, web page, or other resource
available from a different server and the proxy server evaluates the request as
a way to simplify and control its complexity. Proxies were invented
to add structure and encapsulation to distributed
systems.
A proxy can keep
the internal network structure of a company secret by using network address translation,
which can help the security of the internal network. This makes
requests from machines and users on the local network anonymous. Proxies can
also be combined with firewalls.
An incorrectly
configured proxy can provide access to a network otherwise isolated from the
Internet.
Example of how the
Proxy Server works:
Many
schools block access to popular websites such as Facebook. Students can use
proxy servers to circumvent this security. However, by connecting to proxy servers,
they might be opening themselves up to danger by passing sensitive information
such as personal photos and passwords through the proxy server. Some content
filters block proxy servers in order to keep users from using them to bypass
the filter.
John the Ripper
A free password cracking software tool. Initially developed for the Unix
operating system, it now runs on fifteen different platforms (eleven of which
are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the
most popular password testing and breaking programs as it combines
a number of password crackers into one package, autodetects password hash types, and
includes a customizable cracker. It can be run against various encrypted password
formats including several crypt password hash
types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows
NT/2000/XP/2003 LM
hash. Additional modules have extended its ability to include MD4-based password
hashes and passwords stored in LDAP, MySQL, and others.
One of the modes
John can use is the dictionary attack. It takes text string samples (usually from
a file, called a wordlist, containing words found in a dictionary or real passwords cracked before), encrypting
it in the same format as the password being examined (including both the
encryption algorithm and key), and comparing the output to the encrypted
string. It can also perform a variety of alterations to the dictionary words
and try these. Many of these alterations are also used in John's single attack
mode, which modifies an associated plaintext (such as a username with an
encrypted password) and checks the variations against the hashes.
John also offers
a brute force mode. In
this type of attack, the program goes through all the possible plaintexts,
hashing each one and then comparing it to the input hash. John uses
character frequency tables to try plaintexts containing more frequently used
characters first. This method is useful for cracking passwords which do not
appear in dictionary wordlists, but it takes a long time to run.
Ettercap
A free
and open source network security tool for man-in-the-middle
attacks on LAN. It can be used
for computer network protocol analysis and security auditing. It runs on
various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of
intercepting traffic on a network segment, capturing passwords, and conducting active
eavesdropping against a number of common protocols. Its original
developers later founded Hacking Team.
Ettercap
works by putting the network interface into promiscuous mode and by ARP poisoning the target
machines. Thereby it can act as a 'man in the middle' and unleash various
attacks on the victims. Ettercap has plugin support so that the features can be
extended by adding new plugins.
Aircrack-ng
A network software
suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool
for 802.11 wireless LANs. It works with any wireless network
interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. The program runs under Linux, FreeBSD, macOS, OpenBSD, and Windows; the Linux version is packaged for OpenWrt and has also been ported to the Android, Zaurus PDA and Maemo platforms;
and a proof of concept port
has been made to the iPhone.
Security
AppScan
A
family of web security testing and monitoring tools formerly from the Rational Software division of IBM. AppScan is
intended to test Web applications for security vulnerabilities during the
development process, when it is least expensive to fix such problems. The
product learns the behavior of each application, whether an off-the-shelf
application or internally developed, and develops a program intended to test
all of its functions for both common and application-specific vulnerabilities.
No comments:
Post a Comment