Vulnerability Analysis Tools

Vulnerability Analysis Tools

ToolsDescription
BBQSQLIt is a SQL injection exploitation tool useful when attacking tricky SQL injection vulnerabilities. It eases the triggering of hard to trigger SQL injection findings.
BEDIt stands for Brute-force Exploit Detector. It is a network protocol fuzzer that checks daemons for potential buffer overflow.
Cisco-auditing-toolIt checks cisco routers for common vulnerabilities.
Cisco-global-exploiterIt is an advanced, simple, and fast security testing tool.
Cisco-ocsIt exploits Cisco devices in the given IP range.
Cisco-torchIt is Cisco device scanning, fingerprinting, and exploitation tool that is used when we need to discover remote Cisco host, which is running Telnet, SSH, Web, NTP, and SNMP services and launch a dictionary attack against the service discovered.
Copy-router-configThis tool is used to copy the configuration file from Cisco Devices via SNMP to the server.
DoonaIt is a network fuzzer extracted from Brute-force Exploit Detector.
DotDotPwnIt is a fuzzer used to discover traversal directory vulnerabilities in the software of HTTP/FTP/TFTP servers
HexorBaseThis tool is used for administrating and auditing multiple database servers simultaneously form a centralized location, and it is used to perform SQL queries and brute-force attacks against common database servers.
jSQLInjection This tool is used to find database information from a distant server.
LynisIt is an open source security auditing tool used to audit and harden Unix and Linux based systems.
NmapThis utility is used for network discovery and security auditing. It uses raw IP packets in simple ways to determine what hosts are available on the network.
OhrwurnIt is an RTP fuzzer that reads SIP messages to get information about the RTP port numbers.
openvasIt is a framework that offers a comprehensive and powerful vulnerability scanning and management solution.
OscannerIt is an Oracle assessment framework used for Sid Enumeration, Passwords tests, Enumerate database links, etc
PowerfuzzerIt is a highly automated and fully customizable web fuzzer used for Cross Site Scripting, Injections, CRLF, and HTTP 500 statuses.
SfuzzIt is a Black Box testing utilities used to create test cases.
SidGuesserIt guesses sids or instance against an Oracle database according to a predefined dictionary file.
SIPArmyKnifeIt is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflow, etc..
SqlmapSqlmap is a pen-testing tool that automates the process of detecting and exploiting of SQL injection drawbacks and taking over of database servers.
SqlninjaIt is a tool to exploit SQL injection vulnerabilities on a web application. It also provides remote access to the vulnerable DB server.
SqlsusIt is a MySQL injection and takeover tool used to retrieve the database structure, injecting your own SQL queries, downloading files from the web server, crawl the website for writable directories using command line interface.
THC-IPV6It is a set of tools to attack the inherent weakness of IPV6 and ICMP6. It converts a MAC or IPv4 address to an IPv6 address.
Tnscmd10gIt is a tool to communicate with the Oracle TNS listener on port 1521/tcp on a simple level, such as sending ping commands.
Unix-privesc-checkIt is used to find misconfigurations that could allow local, unprivileged users to escalate privileges to other users.
YersiniaIt is a framework for performing layer 2 attacks. It takes advantages of the weakness in the protocol.





Latest Courses