Top tools for web pen testing
I am trying to compile a list of the top tools to be familiar with for web testing enumeration.
So far I have burpsuite, dirbuster, net cat, dnsrecon, the harvester and fierce.
What top tools do you use for your enumeration phase?
So far I have burpsuite, dirbuster, net cat, dnsrecon, the harvester and fierce.
What top tools do you use for your enumeration phase?
Comments
-
Kalabaster
Member Posts: 86 ■■□□□□□□□□
nmap, yo
also, doing zone transfers
Too many webapp guys forget that's it's more than just how the web app presents to the users.Certifications: A+, Net+, Sec+, Project+, Linux+/LPIC-1/SUSE CLA, C|EH, eWPT, GMON, GWAPT, GCIH, eCPPT, GPEN, GXPN, OSCP, CISSP.
WGU, BS-IT, Security: C178, C255, C100, C132, C164, C173, C172, C480, C455, ORA1, C182, C168, C394, C393, C451, C698, C697, C176, C456, C483, C170, C175, C169, C299, C246, C247, C376, C179, C278, C459, C463, C435, C436.
Legend: Completed, In-Progress, Next -
yoba222
Member Posts: 1,237 ■■■■■■■■□□
I'd start with a bigger list. Here's what Kali uses out of the box:
Just browse http://tools.kali.org/tools-listingA+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP