Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Pen Testing .

  • 26-12-2014 5:45pm
    #1
    L.Jenkins
    Moderators, Computer Games Moderators, Technology & Internet Moderators Posts: 19,241 Mod ✭✭✭✭


    I was wondering, what are the best applications to run on a server and pen test against? I have no issue setting up web and sql servers and php on my machine. I was also wondering what are the best tools to use to find vulnerabilities, crack them as a proof of concept then patch any holes?

    At the moment I'm using simple browser extensions in fire fox such as xss me, sql injection me and hackbar to name but a few. I also use wireshark, nmap and kismet for network testing and sniffing.


Comments

  • #2
    Kinet1c
    Closed Accounts Posts: 824 ✭✭✭Kinet1c


    Check out Kali Linux, tools galore


  • #3
    L.Jenkins
    Moderators, Computer Games Moderators, Technology & Internet Moderators Posts: 19,241 Mod ✭✭✭✭L.Jenkins


    Grabbing a copy of the distro now.


  • #4
    harney
    Registered Users Posts: 1,215 ✭✭✭harney


    Using Kali you could save yourself configuring servers and point your self at the following VM's:

    Metasploitable
    http://www.offensive-security.com/metasploit-unleashed/Main_Page

    Web Goat
    https://code.google.com/p/webgoat/

    They are designed vulnerable to test yourself.


  • #5
    Blowfish
    Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    harney wrote: »
    Using Kali you could save yourself configuring servers and point your self at the following VM's:

    Metasploitable
    http://www.offensive-security.com/metasploit-unleashed/Main_Page

    Web Goat
    https://code.google.com/p/webgoat/

    They are designed vulnerable to test yourself.
    there's also vulnhub for a whole load more intentionally vulnerable VM's to play around with.


  • #6
    Stuxnet
    Registered Users, Registered Users 2 Posts: 3,735 ✭✭✭Stuxnet


    +1 for Kali & Metasploitable, lots of YT vids on both.


  • Advertisement
  • #7
    BrianDug
    Registered Users, Registered Users 2 Posts: 163 ✭✭BrianDug


    De-ICE VM's are also worth keeping in mind
    http://hackingdojo.com/pentest-media/


  • #8
    tolosenc
    Registered Users, Registered Users 2 Posts: 6,889 ✭✭✭tolosenc


    You probably want an intercepting proxy for web/app testing. We use Burp Pro in work, but the free version and also ZAP are very good too.


  • #9
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    tolosenc wrote: »
    You probably want an intercepting proxy for web/app testing. We use Burp Pro in work, but the free version and also ZAP are very good too.

    I prefer ZAP myself (but have both). I'm not slagging Burp, just prefer ZAP and analysis that we did with both when running through our acceptance test suite indicated that they were about as good as each other.


  • #10
    syklops
    Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Khannie wrote: »
    I prefer ZAP myself (but have both). I'm not slagging Burp, just prefer ZAP and analysis that we did with both when running through our acceptance test suite indicated that they were about as good as each other.

    I chain Burp and Zap together and sometimes, Zap finds stuff burp didnt.

    Been playing a lot with w3af recently and really like it. It may become my new go-to attack tool. Its written in python so extending it becomes very easy, compared to the other 2 which are Java based.


  • #11
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    syklops wrote: »
    Zap finds stuff burp didnt

    Yeah, I found that too. It's good to have both.


  • Advertisement
Advertisement