This document is a high level introduction to some security testing tools that are commonly available in the linux ecosystem.
vagrant upvagrant ssh
Virtual Machine that can be addressed via hostname security-testing-victim.local.
- Juice Shop
- WebGoat
- Hackazon
- dnsmasq
- 8080
- 53
dnsmap <domain.com> -d 1 -w <dictionary> -r dnsmap-$(date +%F).log
dnsrecon -d example.com -D <dictionary> -t brt --xml $(pwd)/dnsrecon.xml
ncrack -p <port> --user <username> -P <dictionary> <xxx.xxx.xxx.xxx>
nmap -Pn -p- <xxx.xxx.xxx.xxx>
sudo nmap -Pn -sU -F <xxx.xxx.xxx.xxx>
nmap -sP <xxx.xxx.xxx.xxx/24>
slowhttptest -c 65539 -H -g -o $(date +%F) -i 10 -r 200 -t GET -u http://some.domain.com/ -x 24 -p 3
slowhttptest -g -o $(date +%F) -c 65539 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://some.domain.com/ -p 5 -l 350
sudo hping3 --rand-source <xxx.xxx.xxx.xxx> --flood -S -L 0 -p <port>
sudo hping3 --flood --rand-source -F -p <port> <xxx.xxx.xxx.xxx>
sudo hping3 --flood --rand-source --udp -p <port> <xxx.xxx.xxx.xxx>
ab -c 1000 -n 10000 http://xxx.xxx.xxx.xxx/
dig @<xxx.xxx.xxx.xxx> domain.com
sudo /usr/sbin/mz -A rand -B <xxx.xxx.xxx.xxx> -t dns "q=<domain.com>" -c 10000000
mitmproxy -R https://some.domain.com:<port>/
theHarvester -d domain.com -b all -f $(date +%F).html
sudo OPENSSL_CONF=/etc/ssl/ /usr/lib/arachni-2.0dev-1.0dev/bin/arachni "http://some.domain.com" --report-save-path ./$(date +%F).afr --plugin=metrics
sudo /usr/lib/arachni-2.0dev-1.0dev/bin/arachni_reporter --reporter=html:outfile=$(date +%F).html.zip ./$(date +%F).afr
skipfish -o $(date +%F).log http://some.domain.com
htcap crawl -v 'http://some.domain.com/' $(date +%F).db
htcap util report ./$(date +%F).db ./$(date +%F).html
wapiti 'http://some.domain.com/' --output $(date +%F)