Tag Archives: Penetration Testing

(Introducing) Nishang : PowerShell for Penetration Testing

Source: Nikhil “SamratAshok” Mittal blog In this article “I have been using PowerShell in penetration tests for some time now. It is a really powerful shell and scripting language which gives you access to interesting things on a Windows machine. There are many PowerShell scripts involved in Kautilya. In fact, these PowerShell scripts are the reason behind power of Windows payloads… Read More »

OWASP ZAP Tool

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as… Read More »

Prads

Is a `Passive Real-time Asset Detection System`. It passively listen to network traffic and gathers information on hosts and services it sees on the network. This information can be used to map your network, letting you know what services and hosts are alive/used, or can be used together with your favorite IDS/IPS setup for “event to host/service” correlation. Features PRADS… Read More »

Shodan, A Device Search Engine

Shodan SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners. Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in finding computers… Read More »

Burp Suite

Burp Suite is a set of tools in a single application that can be an aid to discovery in pen testing or even to help in the development of web services and web applications by working as a proxy (or man in the middle) and providing access to the full http content on the wire. PortSwigger makes available… Read More »