Options

Top tools for web pen testing

CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
in Off-Topic
I am trying to compile a list of the top tools to be familiar with for web testing enumeration.

So far I have burpsuite, dirbuster, net cat, dnsrecon, the harvester and fierce.

What top tools do you use for your enumeration phase?
· Share on FacebookShare on Twitter

Comments

  • Options
    CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    I forgot online sources like Google dorks, net craft etc..
    · Share on FacebookShare on Twitter
  • Options
    KalabasterKalabaster Member Posts: 86 ■■□□□□□□□□
    nmap, yo
    also, doing zone transfers

    Too many webapp guys forget that's it's more than just how the web app presents to the users.
    Certifications: A+, Net+, Sec+, Project+, Linux+/LPIC-1/SUSE CLA, C|EH, eWPT, GMON, GWAPT, GCIH, eCPPT, GPEN, GXPN, OSCP, CISSP.
    WGU, BS-IT, Security: C178, C255, C100, C132, C164, C173, C172, C480, C455, ORA1, C182, C168, C394, C393, C451, C698, C697, C176, C456, C483, C170, C175, C169, C299, C246, C247, C376, C179, C278, C459, C463, C435, C436.
    Legend: Completed, In-Progress, Next
    · Share on FacebookShare on Twitter
  • Options
    winona_ryderwinona_ryder Member Posts: 42 ■□□□□□□□□□
    nikto, w3af, burp, nmap, sqlmap, b33f, openvas, sslscan
    · Share on FacebookShare on Twitter
  • Options
    yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    I'd start with a bigger list. Here's what Kali uses out of the box:

    Just browse http://tools.kali.org/tools-listing
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
    · Share on FacebookShare on Twitter
Sign In or Register to comment.