- Fierce is one of the best DNS enumeration tools I’ve ever used. It’s great for DNS servers that do not allow anonymous zone transfer as it includes dictionary-based hostname enumeration.
- A Perl script that enumerates an HTTPS instances supported SSL versions and ciphers.
- The best FireFox extension, hands down, for manual web application security assessments. Quick access to client-side information such as forms, cookies, images, links, JavaScript, CSS, etc.
- Quickly switch from the default Firefox user agent, to any string you like. It’s good for testing certain mobile web interfaces when you’re not using a mobile simulator. It’s also good to trick sites that “think” that you need IE but work 98% with Firefox.
- FireBug is a great JavaScript debugger implemented as a Firefox extension.
- A small, simple, light-weight web server that supports SJS dynamic pages and even database connections if you need them. It’s great for quick, web-based proof-of-concept exploits. I know, I know, “Do you really want a web server running in your browser?” Well, it’s enabled/disabled with a single click and, no I don’t recommend you build your enterprise client portal site based on it.
- DirBuster is a web spider and file/directory enumerator from the fine folks at OWASP. It’s a Java utility that will run in Windows, OSX, Linux, whatever. It comes with some decent dictionaries and has a slick GUI interface.
- My favorite web application security assessment tool. BurpSuite Pro is not only cheap and extensible, it has the best web proxy I’ve used plus a suite of other great tools. The Scanner, when used properly, is on par with the best commercial web application scanners. The Intruder tool is an easy-to-use web fuzzing tool with very powerful features. Spider is a simple web spider. Repeater is a tool to manually edit and send HTTP requests and evaluate their responses. Sequencer is a quick way of grabbing session tokens and evaluating their entropy. Decoder has common encoding/decoding/hash functions that are essential. Comparer is a tool to do a byte or word diff on two different HTTP requests or responses. Just don’t be using the Spider or Scanner tool with the default form field values that this tool comes with. You’ll see what I mean if you download it.
- This is a patch for FreeRADIUS that configures it for 802.1x wireless authentication and adds a log that spits out 802.1x usernames plus MSCHAPV2 challenge/response pairs which can be cracked with ASLEAP or JTR. This is a very underrated and powerful tool that, when combine with the appropriate tools and knowledge, is capable of compromising improperly configured wireless 802.1x networks.
- SSLStrip works as a forward web proxy watching HTTP traffic and actively rewriting HTTPS:// links to HTTP://. This allows MiTM tools like EtterCap to compromise SSL HTTP traffic without forging a certificate and creating SSL certificate errors in victims’ browsers.
- DD-WRT enhances the capability of many home wireless routers by replacing their firmware with a more powerful Linux-derived OS. Added features include RADIUS/802.1x/EAP support, virtual wireless interfaces (multiple SSIDs), and much more.