From making the code to breaking it, scanning the vast network to setting the attack vectors, testing the attack vectors to ethical penetration, from damage to remediation, policy formation to implementation and from hardening to rescan, ASI has an impeccable collection and expertise of tools driven by highly competent cyber experts, that are profusely utilized for the benefit of the customers and guide you to leverage your company’s overall cyber security posture.
|Item No||Tools||Description||Uses||Tool Link|
Burp Suite is a comprehensive platform of cybersecurity tools, by PortSwigger. The Burp aids range of users from hands on testers to security experts with scalable automation and CI integration. It also accommodates users with manual and automatic capabilities to discover the vulnerabilities with detailed enumeration and analysis of web applications. Burp can simply intercept HTTP/S requests and act as a middle-man between the user and web pages. To practice attacking, the tool provides a Damn Vulnerable Web Application (DVWA) that comes pre-loaded. Depending on the scope of the tester the tool can prove to be highly a powerful exploit.
|Web Vulnerability Scanning|
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and have pages and applications hidden within. DirBuster comes with a total of 9 different lists; this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide.
|Brute force Directories|
Fiddler is a free web debugging proxy which logs all HTTP(s) traffic between your computer and the Internet. It is used to debug traffic from virtually any application that supports a proxy like IE, Chrome, Safari, Firefox, and Opera. Benefit from a rich extensibility model, ranging from simple FiddlerScript to powerful Extensions which can be developed using any .NET language. It is highly extensible using FiddlerScript or by creating .NET extensions. It is not limited to just Windows, as it can also be configured to capture traces for smartphones, tablets, and non-Windows platforms.
Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerability that malicious hackers could use to gain access to any computer in a network. Nessus tool supports more technologies than competitive solutions, scanning operating systems, network devices, next-generation firewalls, hypervisors, databases, web servers, and critical infrastructure for vulnerabilities, threats, and compliance violations. With the world’s largest continuously updated library of vulnerability and configuration checks, and the support of Tenable’s expert vulnerability research team, Nessus professional sets the standard for vulnerability scanning speed and accuracy.
Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Systems and Network Administrators find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine hosts available on the network, services offered by host, operating system (and OS versions) configuration, type of packet filters/firewalls in use, and dozens of other characteristics. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
OpenSSL is an open-source command line tool that is commonly used to generate private keys, create CSRs, install your SSL/TLS certificate, and identify certificate information. It is also a general-purpose cryptography library. SSL and TLS are methods for using cryptography to secure communication between two parties. Although there are some important differences at a technical level, they both work essentially the same way. OpenSSL is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
|Web security , Private key & CSR generation|
SQLmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, imbibed with features for an ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. The tool provides full support to almost every query languages and extreme database management systems. Importantly, SQLmap is an open source under the terms of the GNU General Public License.
|Detection & Injection of SQL injection flaws|
|8||Wget Crawl Server|
Have you wondered How to download an entire website for offline viewing? Wget Crawl Server is the nearest choice. Unlike other web browsers, Wget is non-interactive utility that allows users to start retrieval and disconnect from the system, letting Wget finish the work. Through recursive downloading, Wget can follow links in HTML, XHTML, and CSS pages, to create local versions of remote web sites, fully recreating the directory structure of the original site. Wget has been designed for robustness over slow or unstable network connections, with binaries built with IPv6 support that work well in both IPv4-only and dual family environments.
|Web content retrieval for offline review|
Wireshark is a software tool used to monitor the network traffic through a network interface. It is the most widely used network monitoring tool today. Wireshark is loved equally by system administrators, network engineers, network enthusiasts, network security professionals and black hat hackers. The extent of its popularity is such, that experience with Wireshark is considered as a valuable/essential trait in a computer networking related professional. Wireshark is often used to identify more complex network issues. For example, if a network experiences too many retransmissions, congestion can occur.
|Analysis of network traffic and monitoring|
|10||Rennhofer Reiter Firefox|
Firefox is a Web browser developed and maintained by Mozilla Foundation –a nonprofit org. The browser is smaller, faster, and in some ways more secure than the Mozilla browser from which much of its code was originally derived. Compared to other browsers in the market, the most popular Web browser, Firefox gives users a cleaner interface and faster download speeds. One feature of Firefox that's vital to some users is that it is a cross-platform application which efficiently supports all versions of Windows after Windows 98, recent versions of Mac OS X and Linux and almost every successful mobile Operating system.
|11||Rennhofer Reiter Hashcat|
Hashcat is a versatile password cracker tool widely used by penetration testers and system administrators as well as unethical hackers for its reverse engineering capability. Basically, this tool guesses a password, hashes it, and then compares it with the one’s to crack. The attempt goes on till the hashes match. It uses a full brute-force attempt, including dictionary attacks, combination attacks; mask attacks, and rule-based attacks. The real consequence is that both illegal attackers and legit defenders use hashcat. The best way to prevent an attacker from using hashcat against you is to test your own defenses against these attacks.
|Password cracking through reverse engineering|
|12||Rennhofer Reiter Hydra|
Hydra is a brute forcing tool mostly used in the field of penetration testing. It can cause dictionary attacks over numerous protocols such as Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTPS, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, VMware-Auth, VNC and XMPP and so on. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotelyand make it a part of penetration testing distros.
|Brute force through dictionary attack|
|13||Rennhofer Reiter Masscan|
Masscan is an internet port scanner that can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. Masscan produces the same results as Nmap, but it operates more like Zmap, Unicornscan, using asynchronous transmission. Apart from being faster, it is more flexible, allowing arbitrary address ranges and port ranges, a feature, still lacked by many. This tool is also widely used for banner grabbing and offers various saving formats. Ironically, for the amount of data it spits, you need Intel’s 10-gbps Ethernet adapter and ‘PF_RING DNA’ driver to handle such speeds in a network.
|IP port scanning|
|14||Rennhofer Reiter OWASP Zap|
|web application security scanning|
|15||Rennhofer Reiter SSL Labs|
SSL Labs is a collection of documents, tools and thoughts related to SSL. It's an attempt to better understand how SSL is deployed, and an attempt to make it better. It brings you the world of SSL to effectively test your site’s certificate, configuration and your browser’s SSL implementation against vulnerabilities. It provides clear and concise instructions to help administrators and programmers to deploy a secure site or web application. It also provides rating through its SSL Server Rating Guide which establishes a straightforward assessment methodology, allowing administrators to assess their SSL server configuration confidently without the need to become SSL experts.
|SSL/TLS and PKI testing tools and documentation|
|16||John the Ripper|
John the Ripper is a feature-rich and fast password cracking software tool. It delivers combinational cracking modes which can be configured based on particular need. The tool supports several platforms which enables cross platforms implementations. John supports various UNIX crypt hash types such as traditional DES-based, “bigcrypt”, BSDI extended DES-based, FreeBSD MD5-based, OpenBSD Blowfish-based, Kerberos/AFS and Windows LM (DES-based) hashes, and DES-based tripcodes. Unlike older crackers, John has its own highly optimized modules for different hash types and processor architectures. Additionally, there are also assembly language routines for several processor architectures, most importantly for x86-64 and x86 with SSE2.
|password security auditing and password recovery|
Netsparker is a web application security scanner, which also supports detection and exploitation of vulnerabilities. Upon identifying an exploitable vulnerability, regardless of the underlying architecture or platform, the tool uses unique Proof-Based Scanning™ technology to generate a proof of exploit that confirms against the false positives. Netsparker is available in several variations: Netsparker Standard for SMBs, Netsparker Team for large organizations and Netsparker Enterprise for large-scale enterprise. The tool offers better coverage of vulnerabilities and combination of dead accurate scanning with proprietary automatic exploitation technology that makes it a recognized leading player in the web application security industry.
|Proof based Web vulnerability scanning|
Brutus is a fast and flexible password-cracking tool to crack authentications such as: FTP, HTTP, POP3, SMB, and Telnet and custom protocols. It is also capable of supporting multi-stage authentication protocols and can attack up to sixty different targets in parallel. Brutus performs Dictionary attack, Brute force and Hybrid or all together to crack the password and with options to pause, resume and import the attack. The only drawback being the tool had not been updated for several years. But that did not deter its popularity for its wide coverage of authentication protocols and ability to add custom modules.
|Remote Web password cracking|
|Web vulnerability scanner|
If you have questions or comments, please use this form to reach us, and you will receive a response within one business day. Your can also call us directly at any of our global offices.