Thursday, December 26, 2013

THE BEST PENTESTING OS



  


BackTrack has a very cool strapline: “The quieter you become, the more you are able to hear.” That just sounds cool…. 
BackTrack is based on the ever-popular Ubuntu. The pentesting distro used to be only available within a KDE environment but Gnome become was added as an option with the release of BackTrack v5. For those working in Information Security or intrusion detection, BackTrack is one of the most popular pentesting distros that can run on a live CD or flash drive. The distribution is ideal for wireless cracking, exploiting, web application assessment, learning, or social-engineering a client.

Here is a list of some of the awesome tools available in BackTrack 5r3 (the latest release).

To identify Live Hosts:

dnmap – Distributed NMap
address6 – (which acts as a IPV6 address conversion)
Information Gathering Analysis (Social Engineering)
Jigsaw – Grabs information about company employees
Uberharvest – Email harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing

Web Crawler

Apache_users – Apache username enumerator
Deblaze – Performs enumeration and interrogation against Flash remote end points

Database Analysis

Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
* If you are interested in Database Security see our Hacker Halted summary here.

Bluetooth Analysis

Blueranger – Uses link quality to locate Bluetooth devices

Vulnerability Assessment

Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer

Exploitation Tools

Netgear-telnetable – Enables Telnet console on Netgear devices
Terminator – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities

Wireless Exploitation Tools

Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Smartphone-Pentest-Framework
Fern-Wifi-cracker – Gui for testing Wireless encryption strength
Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
Wifite – Automated wireless auditor

Password Tools

Creddump
Johnny
Manglefizz
Ophcrack
Phrasendresher
Rainbowcrack
Acccheck
smbexec

No comments:

Post a Comment