Tools

John the Ripper

password cracker tool

OphCrack

for most password with a known hashing scheme its the best tool to use (better than John the Ripper). its a rainbiw table based password cracker that looks up the hashes using a precomouted database of likely passwords

GPG

encryption tool

MD5sum

tool for creating md5 hashes

Qualys

Qualys vulnersbility scanner that can help to build an asset map. is a more recently developed commercial network Vulnerability scanner that offers a unique deployment model using a software as a service (SaaS) management console to run scans

Tenable Nessus

well known and widely respected network Vulnerability scanning product that was one of the earliest products in this field

Rapid7 Nexpose

is another commercial Vulnerability management system that offers capabilities similar to Nessus and Qualys

OpenVAS

its an open source Vulnerability scanners that offers a free alternative to commercial scanning tools

Nikto

popular web application scanning tools. it is an open source tool that is freely available for anyone to use. it uses command-line interface and is somewhat difficult to use

Aranchi

open source web application scanning tool available for Windows, macOS and Linux operating systems

Acunetix

commercial web application scanner

Metasploit

otwarte narzędzie służące do testów penetracyjnych i łamania zabezpieczeń systemów teleinformatycznych.

Tool-Assisted reviews

1. Atlassian's Crucible collaborative code reviesw tool 2. Codacy's static code review tool 3. Phabricators Differential code review tool

Blind content based SQL injection attack

blind SQL injection is when an attacker sends the query and doesnt have the ability to view results directly. The the attacker sends input to the web applicationcthat test wether the app is interpretjnf injected code before attemoting to carry out attack

OpenStego

It simply requires that you specify a text file containung your secret message and an image file that you wish to use to hide the message

Tripwire

a file integrity monitoring tool with both commercial and open source versions