Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Application Security
From: "Rivest, Philippe" <PRivest () transforce ca>
Date: Mon, 7 Jul 2008 13:46:52 -0400

I don't know exactly what kind of application you may want to use.

So heres my own tool box list :)
(Note you should consider this a draft)

Have fun

Tools for 
Foot printing
1.      Nmap (Linux) http://nmap.org/download.html
2.      THC Amap (Linux) http://www.thc.org/thc-amap/
3.      OpenSSH
1.      SSH (linux) (built-in)
2.      Putty (windows) http://www.openssh.org/windows.html
4.      Netstumbler http://www.netstumbler.com/
5.      Sysinternal (pstools suite)
6.      P0f (Linux) http://lcamtuf.coredump.cx/p0f.shtml
7.      Firewalk (Linux) http://www.packetfactory.net/projects/firewalk/
8.      ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
9.      whois http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
10.     psloglist
11.     Tor http://www.torproject.org/
12.     Web-harvest (http://web-harvest.sourceforge.net/)
13.     Sam Spade
14.     Maltego

1.      Nessus (Linux) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux) http://www.parosproxy.org/index.shtml
4.      ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux)
6.      MBSA (not too sure I should use this)

1.      Metasploit (Linux) http://www.metasploit.com/
2.      Netcat (Linux) http://netcat.sourceforge.net/
3.      Cain and abel http://www.oxid.it/cain.html
4.      Sysinternal (pstools suite)
5.      Perl, python
6.      Bloodshed c++ http://www.bloodshed.net/devcpp.html

1.      Wireshark http://www.wireshark.org/
2.      Cain and abel http://www.oxid.it/cain.html
3.      Airsnort (Linux) http://airsnort.shmoo.com/
4.      aircrack (Linux)

1.      John the ripper (Linux) http://www.openwall.com/john/
2.      THC Hydra (Linux) http://www.thc.org/thc-hydra/
3.      LC4 (l0phtcrack)
4.      pwdump (the new version fgdump and pwdump7)
5.      Tcpdump (Linux) http://www.tcpdump.org/

1-      Cam studio (for evidence)

Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest () transforce ca
Téléphone: (514) 331-4417

Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long.
You could print this email, but it does takes a long time to grow trees.

-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la
part de GT GERONIMO, Frederick Joseph B.
Envoyé : 7 juillet 2008 05:12
À : pen-test () securityfocus com
Objet : Application Security


I have been reading up on Application Security and Software Security
Testing. I am interested tools you use in detecting any security bugs in
business applications, may it be a web application, a C+ GUI, or what
have you.

Any opinion would be greatly appreciated. Thanks


This e-mail message (including attachments, if any) is intended for the use
of the individual or the entity to whom it is addressed and may contain
information that is privileged, proprietary, confidential and exempt from
disclosure. If you are not the intended recipient, you are notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
the sender and delete this E-mail message immediately.

This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides


This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]