Pentest utilities

D

d3ZORg2013-02-05 15:05:28

XSS

d3ZORg, 2013-02-05 15:05:28

Pentest utilities - reviews?

I would like to hear feedback on commercial solutions for automated site penetration testing.
A dry squeeze from foreign blogs is of course also not bad, but the experience of living people will also be interesting to listen to.

Reply

Answer the question

In order to leave comments, you need to log in

8 answer(s)

S

Sergey Galkin, 2013-02-05
@Larrikin

good portswigger.net/burp/

R

Restore, 2013-02-05
@Restore

For me, the following tools are not bad at all:
from open source:
w3af
OWASP ZAP
And if it is commercial, then:
Acunetix Web Vulnerability Scanner , but it is under Windows.

S

sud3n, 2013-02-06
@sud3n

nessus, nexpose

P

Pushkind, 2013-02-07
@Pushkind

Qualys

I

icoz, 2013-02-05
@icoz

I recommend paying attention to BackTrack .
This is a distribution for security auditing.

S

StrongServer, 2015-08-26
@StrongServer

The already mentioned Burp Suite is the best open source solution.

I

Ivan Zhuravlev, 2013-02-12
@InteractiveTechnology

And of course xspider from positive technology )

M

MrGroovy, 2020-12-02
@MrGroovy

I worked on one site that was regularly attacked and had to be constantly "raised". I used scanners from Positive Technologies and METASCAN , both are good, but I liked METASCAN more, it had a more understandable interface and a fairly detailed scan report. In addition, I scanned not only for web vulnerabilities, I also checked system vulnerabilities and even, for the sake of interest, tried to brute SSH. In general, I scanned the entire infrastructure and found vulnerabilities in OpenSSH and a couple of pages with XSS, after I corrected everything, the site stopped "falling".