Recopilación Online Pentesting Tools

Iniciado por snakingmax, Septiembre 16, 2012, 01:55:16 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Septiembre 16, 2012, 01:55:16 PM Ultima modificación: Septiembre 17, 2012, 10:47:41 AM por snakingmax


Buenas,

Os propongo realizar, entre todos, una recopilación de herramientas online para pentesting. Si os interesa participar, simplemente consiste en googlear buscando tools que añadir y decir en qué parte de un pentesting pueden encajar (las voy añadiendo según vais posteando).
Por otra parte, si creéis que alguna herramienta está mal aparcada, mal colocada, que hay que abrir una sección nueva para ella... también podéis comentarlo.

De momento solo he recopilado unas pocas ya que es trabajo de *******. Espero que participéis:

Citar********************************
*  RECOLECCIÓN DE INFORMACIÓN  *
********************************


1- Bloques de Red

2- DNS
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Varias cosas: Whois Lookup, traceroute, IP information...
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Herramienta Whois
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Con la opción Express te da mucha información sobre el host/ip
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Detector de proxys
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Traceroute online

3- Nombres de Dominios
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Busca dominios y subdominios en la opción: "What's that site running?"

4- Rango Red y Subred
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Calcula el rango de subred.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Calcula la máscara de red.

5- Direcciones Ips Específicas

6- Maquinas Activas
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Scanner de Rango IP - Puerto

7- Puertos Abiertos y Aplicaciones
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Documentación aquí: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

8- Detectar SO
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Documentación: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

9- Info Contactos (Mails, Telefonos, Etc)
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Buscador de personas y teléfonos.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Buscar datos personales de personas en Argentina.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Herramienta de análisis de metadatos.

10- País y Ciudad donde están los servidores
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login País, Ciudad... de cierta IP.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login IP information
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Localizar geograficamente una ip



********************************
*        ESCANEO E IDENTIFICACIÓN   *
********************************

1- Check for live system
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Ver como hacer barrido de ping: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Pings

2- Check for open ports
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login PortScanner online que te va diciendo qué es cada puerto.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Detecta si un puerto dado está o no abierto.

3- Service Identification
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Más información aquí: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

4- Banner Grabbing / OS Fingerprinting
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Más info aquí: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Editando el dork: apache country:CH port:80 hostname:underc0de.org

5- Vulnerability Scanning
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Scanner de vulnerabilidades online

6- Draw Network Diagram
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Para dibujar diagramas online.


***************************
*                ENUMERACIÓN       *
***************************



***************************
*                  ATAQUE               *
***************************
1 - Herramientas de ocultación durante el ataque:
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Listas de proxys.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Más Proxys.

2 - Exploits:
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Sitio con exploits actualizados a diario.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Sitio con exploits actualizados a diario.
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Open Source Vulnerability Database
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Common Vulnerabilities and Exposures
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Bugtraq
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Common Vulnerability Scoring System
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Packet storm
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login BugReport

3 - Decompiladores:
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login Decompilador de flash.


***************************
*  ESCALADA DE PRIVILEGIOS  *
***************************



***************************
*        MANTENER EL ACCESO   *
***************************



***************************
*               OCULTACIÓN          *
***************************




Aportes de:
SnakingMax - ANTRAX -
Septiembre 16, 2012, 02:41:59 PM #1
Snakinmax si me lo permites lo llevo para mi blog.. para hacer difusión y que se incremente mas :)
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login


Llaman traidor a la persona que evito que caiga el foro, gente bruta!


Septiembre 16, 2012, 03:29:47 PM #2
Muy buena bro!
+Karma!

Aca dejo mi granito de arena:

Buscar datos personales de personas en Argentina: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Y este para localizar geograficamente una ip: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Septiembre 16, 2012, 03:51:29 PM #3
Publícalo donde quieras @Snifer  De hecho se agradece la difusión del post.
Gracias por el aporte @ANTRAX ahora mismo lo añado a la lista  ;D
Septiembre 16, 2012, 11:55:06 PM #4
Con permiso de los amigos de You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login, aqui van unas cuantas mas herramientas de auditorias de seguridad:

Footprinting y Fingerprinting: búsqueda de información

Anubis (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Maltego (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Nslookup (Información: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Dig (Información: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Visualroute (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Whois (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Nsauditor (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Foca (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Httprint (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Ldap Browser (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Archieve.org (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Yougetsignal (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Netcraft.com (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Dnsstuff (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Wfuzz (Información y programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Nmap (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Zenmap (Interfaz gráfica de Nmap You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Shodan (Información y servicio: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Unicorn Scan (Información y programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)

Aplicaciones para descargar webs

HTTrack (You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
FileStream Web Boomerang (You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Website Ripper Copier (You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)

Escáneres de vulnerabilidades

GFI (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
MBSA (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
SSS (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
WIKTO (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
ACUNETIX (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
NESSUS (Web oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
OpenVAS (Escaner de vulnerabilidades libre derivado de Nessus: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
RETINA (Información y programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
WEBCRUISER (Información y programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
NIKTO (Información y programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
FLUNYMOUS (Escáner de vulnerabilidades para WordPress y Moodle: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
WP-SCAN (Información y programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)

Exploits

Metasploit (Web oficial:You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
WinAUTOPWN (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Olly Dbg (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Radare (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Exploit-DB [Base de datos de exploits] (You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)

Malware

FLU – By Flu Project Team (Troyano Open Source): (You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Hacker defender (Tutorial (rootkit): You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Netcat (Tutorial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Crypcat (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Rootkit Revealer (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
AVG AntiRootkit 1.0.0.13 (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Ice Sword (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Fu.exe (Rootkit: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Ikklogger 0.1 (Keylogger You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
File Mon (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Kgb Spy (Programa beta (troyano): You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Subseven (Troyano: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)

Distribuciones de Linux orientas a auditoría

Wifislax (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Wifiway (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Backtrack (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Samurai (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Helix (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Caine (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Bugtraq (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)

Sniffers

Cain (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Wireshark (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Ettercap (Sustituto de Cain para Linux: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Tshark (Sniffer en modo consola del proyecto Wireshark: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)

Ingeniería social

SET (You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Ofuscadores de código
Eazfuscator
Salamander .Net Protector
Dotfuscator Community Edition
Smartassembly
Reactor de .NET

Analizadores de vulnerabilidades en código fuente

FindBugs
Lapse
PMD

Complementos para Firefox

Firesheep (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Blacksheep (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Torbutton (Programa: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login)
Firecat (Página oficial: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Information Gathering
Whois
Shazou
Active Whois
DomainFinder
Location Info
HostIP.info
ShowIP
ASnumber
Router Status
Enumeration and Fingerprint
Header Spy
Header Monitor
Passive Recon
Data Mining
People Search
Gnosis
Who is this person
FaceBook ToolBar
Googling and Spidering
Advanced dork
SpiderZilla
View Dependencies
GSI Google Site Indexer
All in one
Bibirmer toolbar
Proxying / Web Utilities
FoxyProxy
SwitchProxy
Pow (Plain Old WebServer
Editors
Jsview
Cert Viewer Plus
FireBug
XML developer Toolbar
Security auditing
HackBar
RESTTest
Selenium IDE
Acunetix Application Scan
FireWATIR
Scripts 1 Ruby
Scripts 2 Ruby
ChickenFoot
Commands
Tamper Data
HeaderMonitor
LiveHTTPHeaders
RefControl
User Agent Switcher
Add n Edit Cookies
Cookies Swap
HttpOnly
Web Developer
AllCookies
DOM Inspector
Could be used with InspectThis
FormFox
Poster
Exploit-Me Suite
XSS-Me
SQL Inject-Me
Access-Me
Network tools
Intrusion Detection System
FireKeeper
Sniffer
ffsniff
Wi-Fi
Hotspots
JiWire
Passwords
Unhide Passwords
Protocols / Application
FTP
Client and Server
CrossFTP
Client
FireFTP
DNS
DNS Unpinning
ORACLE
Oracle DBA ToolBar
Oracle OraDB Error Code Look-up
SQL
SQL Connection
SQLite
SQLite Manager
MySQL
MySQL Client
Misc
Hacks for fun
Greasemonkey
Scripts
Technika
Encryption / Hashing
FileEncrypter
Net-force tools
FireGPG
MDHashTool
Malware Scanner
QArchive.org web files checker
Dr.Web anti-virus link checker
ClamWin Antivirus Glue for Firefox
Anti Spoof
Refspoof
Anti-phishing / Pharming / Jacking
TraceAssure
Surf Jacking Cookie Security Inspector
Automation
iMacros
Logs / History
Enhanced History Manager
Slogger
IT Security Related
Open Source Vulnerability Database Search
US Homeland Security Threat
milw0rm Exploits Search
Best Security Tips

fuente: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Saludos
Septiembre 17, 2012, 04:18:29 AM #5
baron.power, veo que has investigado tools pero recuerda que buscamos "herramientas online". Es decir, herramientas que no haya que instalar en nuestro equipo.
Noviembre 26, 2012, 12:03:20 PM #6
pido disculpas a hdbreaker por meterme en su sección pero en mi opinión esto debería estar fijado. (no lo fijo porque no me corresponde)

saludos!
Imprimir
Ir Arriba Páginas1
Acciones del Usuario