sábado, 10 de dezembro de 2011

Ferramentas para Web Pentesting

É muito difícil para iniciante interessados na área de pentesting, encontrar bons materiais para estudo, levando em conta que essa área de pentesting e muito complexa e abrange outras áreas de estudo, segue uma lista de ferramentas essenciais para inicio dos estudos.

EnigmaGroup - http://enigmagroup.org/
XSS Encoding Skills – x5s (Casaba Watcher) - http://www.nottrusted.com/x5s/
Exploit- DB - http://www.exploit-db.com/webapps
The Bodgeit Store - http://code.google.com/p/bodgeit/
LampSecurity http://sourceforge.net/projects/lampsecurity/
hackxor - http://hackxor.sourceforge.net/cgi-bin/index.pl
WackoPicko - https://github.com/adamdoupe/WackoPicko
RSnake’s Vulnerability Lab - http://ha.ckers.org/weird/

Web Security DOJO - http://www.mavensecurity.com/web_security_dojo/
Gruyere (antigo Codelab / Jalsberg) - http://google-gruyere.appspot.com/
Hacme Game - http://hacmegame.org/
SPI Dynamics - http://zero.webappsecurity.com/
Acunetix 1 - http://testphp.vulnweb.com/
Acunetix 2 - http://testasp.vulnweb.com/
Acunetix 3 - http://testaspnet.vulnweb.com/
PCTechtips Challenge - http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
Damn Vulnerable Web Application - http://dvwa.co.uk/
Mutillidae - http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
The Butterfly Security Project - http://sourceforge.net/projects/thebutterflytmp/
Hacme Casino - http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Hacme Bank 2.0 - http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Updated HackmeBank - http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
Hacme Books - http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Hacme Travel - http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Hacme Shipping - http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Moth - http://www.bonsai-sec.com/en/research/moth.php
Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/
SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/
BadStore - http://www.badstore.net/
WebMaven/Buggy Bank - http://www.mavensecurity.com/webmaven
OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP Vicnum - http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
OWASP InsecureWebApp - http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project



Lista de laboratórios:

http://remote-execution.blogspot.com/2011/01/lista-de-servidores-e-aplicativos.html


Bônus:  http://www.4shared.com/document/90Dv4kLF/Hacking_Exposed_chapter_11.html

0 comentários:

Postar um comentário

 

SECURITY MASTER Copyright © 2011 -- Template created by Security Master -- Powered by Blogger