0x30.io Notes

Things that might worth remember

User Tools

Site Tools


cybersec:pentest

PenTesting toolchain

Generic uses

  • Arachni: a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.
  • BurpSuite: a graphical tool for testing Web application security. In addition to basic functionality, such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer.
  • OWASP ZAP: an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using https.

Specific uses

Ruby webapps

  • Brakeman: a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.
This website uses cookies for visitor traffic analysis. By using the website, you agree with storing the cookies on your computer.More information
cybersec/pentest.txt ยท Last modified: 2019/03/06 21:46 by jon