• 5 Tools For Bug Huting and Penetration Testing


    Aslam-o-Alaikum, This is a While I am Writing a Article I Got Many Messages on Facebook and on My WhatsApp Number That Which tools i use for pentesting?/What are the Best Tools Hacking? etc.So i decided to post an Article of 10 Tools That i use.

    5.Knock(Subdomian-Finder).

    Knockpy is an automated SubDomain Enumeration Tools Which is currently maintained by Gianni 'guelfoweb' Amato.This Tool Helps to Find SubDomians of a Domain.It is also designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file.

    4.Nmap

    Nmap is an abbreviation for ‘Network Mapper.’ It is an open source, free application used for network scanning. It makes use of IP packets for auditing the network. Nmap offers a multitude of options to scan a single IP, port, or host to a range of IPs, ports, and hosts. It can also be used to scan a subnet, identify the services that are running on hosts, determine the OS versions in which the remote hosts are running, and discover vulnerabilities and security holes. It is a very powerful tool. The output and information can serve as a precursor to penetration testing efforts. 

    3.Nikto

    Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
    Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).
    Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

     2.BurpSuite

    The Most inportant thing in bug hunting and Penetration Testing is BurpSuite.BurpSuite is one of the Famous tool used by almost every Researcher.It also helps user in Site Scan From Vulnerabilities.One primary use of the Burp Suite is to intercept all requests and responses between the browser and the target application. The free version is also useful for generating a proof-of-concept cross-site request forgery (CSRF) attack for a given request. There’s also the application-aware crawler that can be used to map out application contents. A paid version unlocks even more features.

    1.Uniscan

    I am Taking This Tool to Number 1 Because i use this tool the most.This tool helps User to Fetch all Dirs and Files of Webserver and Test Them From Following Vulnerabilities:-
    • RCE
    • LFI
    • XSS
    • SQLI
    • Backup Files
    • Config Files and Many More
  • 1 comment:

    1. Upload video how to hack cc , old video dead already..

      ReplyDelete

    Powered by Blogger.