A tool for User Agent WAF, IDS/IPS, and Redirection testing.UA-tester is a tool to check whether a website provides different pages for different user agents like for mobile, desktop bots etc. Well, this tool also delivers a lot of information. It is basically a python script which runs through various user-agents on a specified site. It also tries various options like setting cookie, redirection, URL-stability(whether the URL expires or not) and a lot more.
Effective Web Discovery & Web Vulnerability Analysis tool.Whatweb is the perfect name for this tool. Simply it answers the question, “What is that Website?” Whatweb can identify all sorts of information about a live website, like:
Type of Script
IP address, Country
900+ Plugins & their libraries used
Server Headers, Cookies and a lot more.
Whatweb offers both passive scanning and aggressive testing. Passive scanning, just extracts data from http headers simulating a normal visit. Aggressive options get more deeper with recursion & various types of queries & identifies all technologies just like a vulnerability scanner. So a pentester can use this tool as both a recon tool & vulnerability scanner. There are a various other features like proxy support, scan tuning, scanning a range of IPs, spidering etc.
Nmap – Network Mapper
Network Mapper is an open source and a very versatile tool for Linux system/network administrators. Nmap is used for exploring networks, perform security scans, network audit and finding open ports on remote machine. It scans for Live hosts, Operating systems, packet filters and open ports running on remote hosts.
Lynis -Vulnerability Analysis
Lynis is a security tool for audit and hardening Linux / Unix systems.Lynis is a security tool for audit and hardening Linux / Unix systems.
OWASP-ZAP – Web Application Analysis
Quick and Easy Website Vulnerability Scans with OWASP-ZAPOWASP ZAP is a web application penetration testing tool that has some great features. It is a very easy to use scanner that allows you to do manual or automatic website security checks. In this tutorial we will learn how to use the automatic attack feature.
Metasploit Framework – Exploitation Tools
“Gather publicly available email-ids from search engines.”Metasploit is a framework of exploits, shellcodes, fuzzing tools, payloads,encoders etc. More over we can regard it as a collection of exploitation tools bundled into a single framework. It is avaliable in all major Linux, Windows, OS X platforms. It’s main objective is to test your/company’s/organization’s defences by attacking them. Something like “Offense for Defense”. This is actually where a penetration tester/Security Analyst begins attacking the victim after a huge recon. Metasploit has a wide range of tools & utilities to perform attacks agianst all operating systems including Android & iOS.