begood Posted March 6, 2010 Report Posted March 6, 2010 The Samurai Web Testing Framework is focused on web application testing. It is a web penetration testing live CD built on open source software. With the latest release, the Inguardians (livecd creators) have added a VM image. It will also work in any version of VMWare Fusion. It has a lot of tools inbuilt in it. We will mention some so, that you know how the livecd is assembled for optimum web app pentest. For reconnaissance, we have tools such as the Fierce domain scanner and Maltego. For mapping, we have tools such WebScarab and ratproxy. For discovery, we have w3af and burp. For exploitation, the final stage, we included BeEF and AJAXShell. There are a lot more tools than the ones mentioned above. They are: * Burp Suite, a web application attacking tool * DirBuster, an application file and directory enumeration and brute forcing tool from OWASP * Fierce Domain Scanner a target ennumeration utility * Gooscan an automated Google querying tool that is useful for finding CGI vulnerabilities without scanning the target directly, but rather querying Google’s caches * Grendel-Scan, just released, an open source web application vulnerability testing tool * HTTP_Print a web server fingerprinting tool * Maltego CE, an open source intelligence and forensics application that does data mining to find information from the internet and link it together (great for background research on a target). * Nikto, an open source web server scanner * Paros, one of my favorite, Java based, cross platform, web application auditing and proxy tools * Rat Proxy, a semi-automated, passive web application security audit tool. * Spike Proxy, an extensible web application analyzer and vulnerability scanner. * SQLBrute, a SQL injection and brute forcing tool. * w3af (and the GUI), a web application attack and audit framework. * Wapiti, a web application security auditor and vulnerability scanner * WebScarab, an HTTP application auditing tool from OWASP * WebShag, a web server auditing tool * ZenMap, a NMAP graphical front endAdditionally Samurai includes several command line utilities such as: * dnswalk, a DNS query and zone transfer tool * httping, a ping like utility for HTTP requests * httrack, a website copying utility. * john the ripper, a password cracking program * netcat, a TCIP/IP swiss army knife * nmap, a port scanner and OS detection tool * siege, an HTTP stress tester and benchmarking tool. * snarf, a lightweight URL fetching utilityand many others. You also have wine pre-installed.Download latest release v0.8 1 Quote
Un.Neuron Posted September 4, 2011 Report Posted September 4, 2011 update>Samurai-0.9.9update>Download Samurai from SourceForge.net Quote
