Ferramentas para Web Pentesting

Posted: 06 novembro 2011 by Bhior in Marcadores: , ,
3


É muito difícil para iniciante interessados na área de pentesting, encontrar bons materiais para estudo, levando em conta que essa área de pentesting e muito complexa e abrange outras áreas de estudo, segue uma lista de ferramentas essenciais para inicio dos estudos.

EnigmaGroup - http://enigmagroup.org/
XSS Encoding Skills – x5s (Casaba Watcher) - http://www.nottrusted.com/x5s/
Exploit- DB - http://www.exploit-db.com/webapps
The Bodgeit Store - http://code.google.com/p/bodgeit/
LampSecurity http://sourceforge.net/projects/lampsecurity/
hackxor - http://hackxor.sourceforge.net/cgi-bin/index.pl
WackoPicko - https://github.com/adamdoupe/WackoPicko
RSnake’s Vulnerability Lab - http://ha.ckers.org/weird/

Web Security DOJO - http://www.mavensecurity.com/web_security_dojo/
Gruyere (antigo Codelab / Jalsberg) - http://google-gruyere.appspot.com/
Hacme Game - http://hacmegame.org/
SPI Dynamics - http://zero.webappsecurity.com/
Acunetix 1 - http://testphp.vulnweb.com/
Acunetix 2 - http://testasp.vulnweb.com/
Acunetix 3 - http://testaspnet.vulnweb.com/
PCTechtips Challenge - http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
Damn Vulnerable Web Application - http://dvwa.co.uk/
Mutillidae - http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
The Butterfly Security Project - http://sourceforge.net/projects/thebutterflytmp/
Hacme Casino - http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Hacme Bank 2.0 - http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Updated HackmeBank - http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
Hacme Books - http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Hacme Travel - http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Hacme Shipping - http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Moth - http://www.bonsai-sec.com/en/research/moth.php
Stanford SecuriBench - http://suif.stanford.edu/%7Elivshits/securibench/
SecuriBench Micro - http://suif.stanford.edu/%7Elivshits/work/securibench-micro/
BadStore - http://www.badstore.net/
WebMaven/Buggy Bank - http://www.mavensecurity.com/webmaven
OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP Vicnum - http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
OWASP InsecureWebApp - http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project


Lista de laboratórios:
http://remote-execution.blogspot.com/2011/01/lista-de-servidores-e-aplicativos.html

Bônus:  http://www.4shared.com/document/90Dv4kLF/Hacking_Exposed_chapter_11.html

3 comentários:

  1. Darkbbr says:

    Nossa cara, grandinha essa lista ae O.O
    Vai ajudar muito isso

  1. Anônimo says:

    Seria interessante você explicar a função de cada!

  1. Bhior says:

    Anonimo,

    Você quer meu sangue também?

    A maioria esta acostumo a pega tudo mastigado, sem precisa pagar nada, tudo e interessante.

    Abraços
    []'