Tools used by security professionals
This can include
- scanners
- exploits
- hardware
- software
- checklists
- scripts
- Live CD's
etc
Questions tagged [tools]
202 questions
13
votes
3 answers
Tools and methodologies to share pentest and/or source code analysis results
I would like to hear from you which tools (commercial and open source) do you use to share results during collaborative penetration test or source code/binary analysis. Well-known Dradis framework helps at some level, but it would be nice to see…
anonymous
10
votes
2 answers
Tools to scan for PII
I'm looking for well known tools that will scan for any PII within a network. For example, I would like to be able to use a plug and play method, meaning I drive to a client, plug my laptop in, and scan for all sensitive material, such as SSN,…
Pentest
- 153
- 1
- 1
- 6
6
votes
3 answers
What CVE identifier will follow after CVE-2012-9999?
I am writing an application which uses CVE identifiers to cross-reference vulnerabilities. I would like to make it compatible with future CVE identifiers.
If it happens that there are more than 9999 CVE identifiers in a year, what number will follow…
snap
- 163
- 4
4
votes
4 answers
Conky for PenTesters
I have been working on a conky configuration to help me manage penetration tests, but after much research, I cannot find anyone else speaking of their configs in any way other than the glitz.
Currently, I have:
CPU load
Memory load
top…
schroeder
- 129,372
- 55
- 299
- 340
3
votes
3 answers
What sites are still vulnerable to FireSheep?
Am doing a Firesheep Demo in a few weeks as a security awareness project. However I can't seem to get it working, and I'm wondering if it's just because the handlers it ships with are now outdated because everyone has fixed their sites.
I am going…
scuzzy-delta
- 9,343
- 3
- 36
- 55
2
votes
1 answer
Diagnosing possible svchost.exe thread on Windows 7
I used win64dd.exe to get a memory image on a 64-bit computer running Windows 7 and had Mandiant Redline analyze the image. One of the things marked red was one of the svchost.exe processes. Redline says
This process has a module which imports a…
user11978
2
votes
1 answer
Is information gathering usually authorized?
Is it usually authorized to run systematic information gathering tools ?
I'm talking about tools like nmap, knock, dirb and so on. I'm obviously talking about running them on public websites without consent.
Hedam
- 121
- 2
1
vote
4 answers
Completely wiping a HDD (i.e. nothing is recoverable)
Possible Duplicate:
How can I reliably erase all information on a hard drive?
I'm looking to see if there's a method that can completely wipe out the content of a HDD, so that nothing previously on it can be recovered by any means, even by a…
laketuna
- 113
- 6
0
votes
2 answers
How to use WinObj for detecting security issues?
The description of WinObj says:
WinObj is a must-have tool if you are a system administrator concerned about security
What kind of security issues can it detect and what is the rough usage?
Thomas Weller
- 3,392
- 3
- 24
- 40
0
votes
1 answer
How to automate Nikto output?
When I run Nikto, its output details all the tests it ran, but I just want the bits where it found problems. How can I set it to only show errors?
JohnFF
JohnFF
- 144
- 6
0
votes
0 answers
Difference between update and upgrade in ptf
What is the difference between update and upgrade when using a module in ptf (Penetration Testers Framework) ?
Sidahmed
- 679
- 3
- 10
- 27
-3
votes
1 answer
Getting started with sn1per scanning
I just pulled down the repository for an elite penetration testing tool call sn1per I want to use this tool to scan a list of websites. My goal is to automate the steps of a manual penetration test.
The steps to reach the point where I am at is to…
Evan Gertis
- 95
- 1