Testing Tools Review

Question 1

Arachni

spider like and more complex

Answer 1

Is an open-source web scanner
CLI and GUI
Focused on HTML, JSON and XML
Finding are in Input Section
Dispatcher Tab lists instances and Load balancing

Question 2

Burp Suite

Commercial tool

Answer 2

Similar to ZAP for exploiting webapp vulnerabilities
Intruder and Repeater Tabs are present.
Highlights in green an vulnerable elements
Extender Section

Question 3

Zed Attack Proxy - By OWASP

Answer 3

Tabs:
Alerts Tab - Findings
Advisory Tab - Issue Details
Event - previous task
Spider Tab - Scans target URL

Question 4

Nikto

Answer 4

WebApp Scanner CLI Only

Question 5

Prowler

Answer 5

CLI Based Cloud Security Auditing/Assessment Tool (maps to CIS)
Security Posture
Report - Extended Column -

Question 6

Metasploit

Answer 6

for BruteForce attacks
Powerful collection of tools for exploiting vulnerabilities

has a module library for paths for vendors such as Cisco

Statistics section shows compromised targets

Question 7

Recon-ng

Answer 7

recon framework tool for mapping. IP Address, subdomains, software versions and other attributes

Question 8

PACU

Answer 8

AWS Only exploitation framework

APIs/Virtual Machine Instances

also Prowler and ScoutSuite

Question 9

ZenApp GUI is under what tool

Answer 9

nMAP

Question 10

ScoutSuite

Answer 10

Open Source multi Cloud security posture tool

Prowler and PACU are AWS Only

Question 11

Legion

Answer 11

Uses automation around using shodan, whatweb, nikto, etc.