Testing Tools Review Flashcards
Arachni
spider like and more complex
Is an open-source web scanner
CLI and GUI
Focused on HTML, JSON and XML
Finding are in Input Section
Dispatcher Tab lists instances and Load balancing
Burp Suite
Commercial tool
Similar to ZAP for exploiting webapp vulnerabilities
Intruder and Repeater Tabs are present.
Highlights in green an vulnerable elements
Extender Section
Zed Attack Proxy - By OWASP
Tabs:
Alerts Tab - Findings
Advisory Tab - Issue Details
Event - previous task
Spider Tab - Scans target URL
Nikto
WebApp Scanner CLI Only
Prowler
CLI Based Cloud Security Auditing/Assessment Tool (maps to CIS)
Security Posture
Report - Extended Column -
Metasploit
for BruteForce attacks
Powerful collection of tools for exploiting vulnerabilities
has a module library for paths for vendors such as Cisco
Statistics section shows compromised targets
Recon-ng
recon framework tool for mapping. IP Address, subdomains, software versions and other attributes
PACU
AWS Only exploitation framework
APIs/Virtual Machine Instances
also Prowler and ScoutSuite
ZenApp GUI is under what tool
nMAP
ScoutSuite
Open Source multi Cloud security posture tool
Prowler and PACU are AWS Only
Legion
Uses automation around using shodan, whatweb, nikto, etc.