1.

1 T OOLS AND T ECHNIQUES WE USE

1.1.1 O P EN S O U R C E OR C O M M ER CI A L T O O L S

“Common Security Vulnerabilities in E-commerce systems”.

Description: This article discusses typical security issues with many e-commerce systems that we
have come across during our various penetration testing assignments. It also discusses the tools
that we have used to discover such vulnerabilities.
More Information: http://www.securityfocus.com/infocus/1768

Nmap
Description:
Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or
security auditing. Many systems and network administrators also find it useful for tasks such as
network inventory, managing service upgrade schedules, and monitoring host or service uptime.
More Information: http://nmap.org/

Nessus
Description:
Nessus is a free comprehensive vulnerability scanning software. Its goal is to detect potential
vulnerabilities on the tested systems. For example:
Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
Misconfiguration (e.g. open mail relay, missing patches, etc).
Default passwords, a few common passwords, and blank/absent passwords on some system
accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
Denials of service against the TCP/IP stack by using mangled packets

More Information: http://www.nessus.org/

Wireshark
Description:
Wireshark (previously known as Ethereal) is a fantastic open source network protocol analyzer for
Unix and Windows. It allows you to examine data from a live network or from a capture file on disk.
More Information: http://www.wireshark.org/

Netcat
Description:
This simple utility reads and writes data across TCP or UDP network connections.
More Information: http://www.vulnwatch.org/netcat/
Metasploit Framework
Description:
The Metasploit Framework is a development platform for creating security tools and exploits. The
framework consists of tools, libraries, modules, and user interfaces. The basic function of the
framework is a module launcher, allowing the user to configure an exploit module and launch it at
a target system. If the exploit succeeds, the payload is executed on the target and the user is
provided with a shell to interact with the payload.
More Information: http://www.metasploit.com/

HPing
Description:
This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays
any replies. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a
firewall that blocks attempts using the standard utilities.
More Information: http://www.hping.org/
Cain and Abel
Description:
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of
various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary,
Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled
passwords, recovering wireless network keys, revealing password boxes, uncovering cached
passwords and analyzing routing protocols.
More Information: http://www.oxid.it/cain.html

Nikto
Description:
Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web
servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over
625 servers, and version specific problems on over 230 servers.
More Information: http://www.cirt.net/code/nikto.shtml

THC Hydra
Description:
A Fast network authentication cracker which support many different services
When you need to brute force crack a remote authentication service, Hydra is often the tool of
choice. It can perform rapid dictionary attacks against more than 30 protocols, including telnet, ftp,
http, https, smb, several databases, and much more.
More Information: http://www.thc.org/thc-hydra/

Paros Proxy
Description:
A Java based web proxy for assessing web application vulnerability. It supports editing/viewing
HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web
traffic recorder, web spider, hash calculator, and a scanner for testing common web application
attacks such as SQL injection and cross-site scripting.
More Information: http://www.parosproxy.org/

Dsniff
Description:
This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf,
msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail,
files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally
unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active
monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings
in ad-hoc PKI.
More Information: http://www.monkey.org/~dugsong/dsniff/

THC Amap
Description:
Amap is a great tool for determining what application is listening on a given port. Their database
isn't as large as what Nmap uses for its version detection feature, but it is worth trying for a 2nd
opinion or if Nmap fails to detect a service. Amap even knows how to parse Nmap output files.
More Information: http://www.thc.org/thc-amap/

SuperScan
Description:
SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes
a variety of additional networking tools such as ping, traceroute, http head, and whois.
More Information: http://www.foundstone.com/resources/proddesc/superscan.htm
Kali Linux
Description:
An Innovative Penetration Testing live Linux distribution. an Advanced Penetration Testing Linux
distribution used for Penetration Testing, Ethical Hacking and network security assessments.
More Information: https://www.kali.org/

WebScarab
Description:
A framework for analyzing applications that communicate using the HTTP and HTTPS protocols. In
its simplest form, WebScarab records the conversations (requests and responses) that it observes,
and allows the operator to review them in various ways. WebScarab is designed to be a tool for
anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the
developer to debug otherwise difficult problems, or to allow a security specialist to identify
vulnerabilities in the way that the application has been designed or implemented.
More Information: http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

Pwdump
Description:
Pwdump can extract NTLM and LanMan hashes from a Windows target, regardless of whether
Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs
the data in L0phtcrack-compatible form, and can write to an output file.
More Information: http://www.foofus.net/fizzgig/pwdump/

Firewalk
Description:
Firewalk employs traceroute-like techniques to analyze IP packet responses to determine gateway
ACL filters and map networks. This classic tool was rewritten from scratch in October 2002. Note
that much or all of this functionality can also be performed by the Hping2 --traceroute option.
More Information: http://www.packetfactory.net/projects/firewalk/

Angry IP Scanner
Description:
Angry IP Scanner can perform basic host discovery and port scans on Windows. Its binary file size is
very small compared to other scanners and other pieces of information about the target hosts can
be extended with a few plug-ins.
More Information: http://www.angryziber.com/ipscan/

Ike-Scan
Description:
Ike-scan exploits transport characteristics in the Internet Key Exchange (IKE) service, the mechanism
used by VPNs to establish a connection between a server and a remote client. It scans IP addresses
for VPN servers by sending a specially crafted IKE packet to each host within a network.
More Information: http://www.nta-monitor.com/tools/ike-scan/

Ike-Probe
Description:
IKEProbe can be used to determine vulnerabilities in the PSK implementation of the VPN server. It
tries out various combinations of ciphers, hashes and Diffie-Helman groups and attempts to force
the remote server into aggressive mode.
More Information: http://www.securityfocus.com/infocus/1821
IkeCrack
Description:
IKECrack is an open source IKE/IPSec authentication crack tool. This tool is designed to bruteforce
or dictionary attack the key/password used with Pre-Shared-Key [PSK] IKE authentication. The open
source version of this tool is to demonstrate proof-of-concept, and will work with RFC 2409 based
aggressive mode PSK authentication.
More Information: http://ikecrack.sourceforge.net/

Fport
Description:
Fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what
application opened each port. So, it can be used to quickly identify unknown open ports and their
associated applications.
More Information: http://www.foundstone.com/knowledge/proddesc/fport.html

Burpsuite
Description:
Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyze,
attack and exploit web applications.
More Information: http://portswigger.net/suite/

Brutus
Description:
A Windows-only network brute-force authentication cracker that bangs against network services
of remote systems trying to guess passwords by using a dictionary and permutations thereof. It
supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more
More Information: http://www.hoobie.net/brutus/

FPing
Description:
fping is a ping (1) like program which uses the Internet Control Message Protocol (ICMP) echo
request to determine if a host is up. fping is different from ping in that you can specify any number
of hosts on the command line, or specify a file containing the lists of hosts to ping.
More Information: http://www.fping.com/

Wikto
Description:
Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as Nikto
but adds various interesting pieces of functionality, such as a Back-End miner and close Google
integration. Wikto is written for the MS .NET environment and registration is required to download
the binary and/or source code.
More Information: http://www.sensepost.com/research/wikto/

HTTrack
Description:
HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. It allows you to
download a World Wide Web site from the Internet to a local directory, building recursively all
directories, getting HTML, images, and other files from the server to your computer.
More Information: http://www.httrack.com/