Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
outils_web [2019/07/04 00:09] M0N5T3R |
outils_web [2019/10/22 12:18] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 2: | Ligne 2: | ||
===== Reconnaissance & Mapping ===== | ===== Reconnaissance & Mapping ===== | ||
+ | |||
+ | |||
+ | === webtech === | ||
+ | * Identify technologies used on websites. | ||
+ | * https://github.com/ShielderSec/webtech | ||
+ | |||
=== Burp Suite === | === Burp Suite === | ||
Ligne 82: | Ligne 88: | ||
===== Découverte ===== | ===== Découverte ===== | ||
+ | |||
+ | |||
+ | |||
+ | === ACSTIS === | ||
+ | * Automatedclient-side template injection (sandboxescape/bypass)detection for AngularJS. | ||
+ | |||
=== Burp Suite === | === Burp Suite === | ||
* Voir la définition de Burp Suite dans la section Reconnaissance & Mapping. | * Voir la définition de Burp Suite dans la section Reconnaissance & Mapping. | ||
+ | |||
+ | === cms-explorer === | ||
+ | * Revealthe specific modules,plugins,components and themes that various websites powered by content management systems are running. | ||
=== Flare === | === Flare === | ||
Ligne 100: | Ligne 115: | ||
* https://www.owasp.org/index.php/JBroFuzz | * https://www.owasp.org/index.php/JBroFuzz | ||
+ | |||
+ | |||
+ | |||
+ | === joomscan === | ||
+ | * Joomla vulnerability scanner. | ||
+ | |||
=== ProxyStrike === | === ProxyStrike === | ||
Ligne 115: | Ligne 136: | ||
* http://sqlmap.org/ | * http://sqlmap.org/ | ||
+ | |||
+ | |||
+ | |||
+ | === SQLmate === | ||
+ | * Afriend of sqlmap that identifies sqli vulnerabilities based on a given dork and website | ||
=== w3af === | === w3af === | ||
Ligne 140: | Ligne 166: | ||
===== Exploitation ===== | ===== Exploitation ===== | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | === Commix === | ||
+ | * [comm]and [i]njection e[x]ploiter) est pour réaliser des attquies d'injection de commande | ||
+ | * https://github.com/commixproject/commix | ||
+ | |||
=== Durzosploit === | === Durzosploit === | ||
Ligne 160: | Ligne 194: | ||
* N/A | * N/A | ||
+ | |||
+ | |||
+ | |||
+ | === Netsparker Application Security Scanner === | ||
+ | * Application security scanner to automatically find security flaws | ||
=== SQLBrute === | === SQLBrute === | ||
Ligne 193: | Ligne 232: | ||
=== arachni === | === arachni === | ||
* Pour détecter des XSS | * Pour détecter des XSS | ||
+ | |||
+ | |||
+ | === SecApps === | ||
+ | * In-browserweb application security testing suite. | ||
+ | |||
+ | |||
+ | === w3af === | ||
+ | * Webapplication attack and audit framework. | ||
+ | |||
+ | === Wapiti === | ||
+ | * Blackbox web application vulnerability scanner with built-in fuzzer. | ||
=== WAScan === | === WAScan === | ||
* Web Application Scanner | * Web Application Scanner | ||
+ | |||
+ | === WPScan === | ||
+ | * Blackbox WordPress vulnerability scanner. | ||
+ | |||
=== ImmuniWeb Self-Fuzzer Addon for Firefox === | === ImmuniWeb Self-Fuzzer Addon for Firefox === | ||
Ligne 206: | Ligne 260: | ||
* Voir la définition de Zed Attack Proxy dans la section Reconnaissance & Mapping | * Voir la définition de Zed Attack Proxy dans la section Reconnaissance & Mapping | ||
+ | === Zoom === | ||
+ | * Powerfulwordpress username enumerator with infinite scanning. | ||
===== Méthodologies ===== | ===== Méthodologies ===== |