Showing posts with label PENETRATION TESTING. Show all posts
Showing posts with label PENETRATION TESTING. Show all posts

Thursday, 6 June 2013

CAT BETA 4.0 PENTESTING TOOL

CAT BETA 4.0 PENTESTING TOOL



CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available both commercially and open source, but CAT provides a richer feature set and greater performance, combined with a more intuitive user interface.


Read more »
Posted by at No comments:
Labels:

Tuesday, 4 June 2013

PENETRATION TESTING FULL TUITORIAL+KIT DOWNLOAD

INGUMA PENETRATION TESTING AND VULNERABILITY RESEARCH TOOLKIT



This documents aims to provide a fast introduction to Inguma PyGtk GUI and guide new users on the initial fast steps to perform a basic test agains one target. It will not be a complete guide of all Inguma's features.
First we need to run ginguma.py as root or administrator user so all modules could be launched.
user@laptop:~/Inguma$ sudo ./ginguma.py
[sudo] password for user:
Checking:
        GTK UI dependencies...  OK
WARNING: No route found for IPv6 destination :: (no default route?)
        Scapy...                OK
        Network conectivity...  OK
        GtkSourceView2...       OK
        VTE Terminal...         OK
        /usr/bin/nmap...        OK
        /pentest/web/w3af/w3af_console...       OK
Starting Inguma, running on:
  Python version:
    2.6.4 (r264:75706, Dec  7 2009, 18:45:15)
    [GCC 4.4.1]
  GTK version: 2.18.3
  PyGTK version: 2.16.0
Once the aplication finishes loading there are two main paths to follow in order to start working:
Manually launch the desired modules one by one: discovers->ipaddr, dicovers-> tcptrace, etc...
Use the “Add Target” button so the first non intrusive probes will be done automatically.
We will use the second one. So press the “Add Target” button and a new dialog will appear. Select “domain”, fill the text input with the name of your target like “testphp.acunetix.com”, don't select “Use Nmap” as we want to use Inguma's own modules, and press “Accept”.



For each of the modules launched a new "output dialog" will apperar containing the module output, also at the bottom of the application, the“Actions” tab will have a new entry for each executed module.




Once all modules finish to execute, some new data will be added in the two main information areas of the GUI: the map and the data tree.
On the tree a new node will appear for the new target containing all the information gathered. If you want to see all it at the same time, press the button “Show Log” at the top toolbar to hide the log window.
The main window is dominated by the network map, press the button “Show KB” to hide also the side pannel and give more space to the map. Actually the map shows network trace to the target and we can have it also clustered by ASN information if we right-click on a blank part of the map and press “Get ASN” option:




Read more »
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)