Wireshark is a one among the top sniffing tools used by any network / security analysts. Here are to great videos on the tips and tricks of using Wireshark
Tutorial #1
Tutorial #2
Checkout the original training document here
Backtrack 5 R3 is available for download
Backtrack developers had released a new version of the backtrack penetration testing live CD / VMware version yesterday.
This version adds a number of tools in addition to the bugfixes, several of which were released in BlackHat and Defcon 2012.
A whole new tool category was populated . .Physical Exploitation., which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection. Backtrack shall be used for penetration testing and ethical hacking only.
Primos SQL Injection tool
Primos is web application security testing tool which is capable of performing discovery and exploiting the SQL injection vulnerabilities.
This works with MS SQL Server only and can enumerate databases, tables and data in a very easy to use GUI. It appears to be very fast from a scanning perspective. It requires all requests to be processed as GET requests and might need the use of a proxy to achieve this.
A demo video is available to Primos site.
Download Link: http://www.priamos-project.com/versions.htm
Warning: The tool is identified as Trojan by McAfee Security so use this at your own risk.
Disclaimer: You should only use PRIAMOS or any other tool reviewed here to test the security vulnerabilities of your own web applications.
SQL Injection Tool.The Mole
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.
Features
- Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
- Command line interface. Different commands trigger different actions.
- Auto-completion for commands, command arguments and database, table and columns names.
- Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
- Exploits SQL Injections through GET/POST/Cookie parameters.
- Developed in python 3.
- Exploits SQL Injections that return binary data.
- Powerful command interpreter to simplify its usage.
The detailed documentation is available http://themole.nasel.com.ar/?q=tutorial
Disclaimer: Usage of The Mole for attacking web servers without mutual consent can be considered as an illegal activity. It is the final user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.
10 Vulnerable web applications for security testing
In this post I am listing a set of vulnerable web applications publicly made available for the purpose of security testing and training.
-
Google Gruyere for Web Application Exploits and Defences: A Python application with lots of bugs deliberately setup for web application security training. This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.). Specifically, you’ll learn the following:
-
SPI Dynamics (live): This is primarily setup for showcasing the capabilities of WebInspect web application security scanner. The application simulates a vulnerable online banking Web Application. The platform is ASP
-
Testfire (live): Testfire is an ASP.Net based online banking application for web application security testing. It is setup primarily to demonstrate the capabilities of WatchFire, now IBM, web application security products.
-
Acunetix: Acunetix provides a set of web application security products and they have setup three test sites for performing web application security testing. Acunetix PHP, Acunetix ASP & Acunetix ASPX are the three sites which is used for demonstrating the web application security tools capabilities of Acunetix products.
-
Crack me Bank / Cenzic: Another vulnerable online Banking application for web application security testing. It is a PHP based live script running on a webserver.
-
Foundstone SASS tools: Foundstone, a McAfee company, has a range of tools for web application security. For web application security testing, Hacme Bank, Hacme Casino, Hacme Shopping etc are some of the interesting tools which can be downloaded and installed on your local machine. These tools provide good insights about secure software development as well as secure coding
-
OWASP WebGoat: OWASP is a leader in providing public information about the web application security process. OWASP has a number of streams and products to enhance the Web Application Security posture of any organization. The resources at OWASP provides a great amount of knowledge for any web application security enthusiast.
-
OWASP SiteGenerator: OWASP SiteGenerator allows the creating of dynamic websites based on XML files and predefined vulnerabilities (some simple, some complex) covering .Net languages and web development architectures (for example, navigation: Html, Javascript, Flash, Java, etc…).
-
Stanford SecuriBench: It is an old application based on J2EE, however, still kept active for anyone who are interested to test this out. It should be considered that many of the attack vectors would have been already changed and/fixed. SecuriBench Micro is a series of small test cases designed to exercise different parts of a static security analyser. Each test case in Securibench Micro comes with an answer, which simplifies the comparison process.
-
BadStore: Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Badstore demonstration software is designed to show you common hacking techniques
How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.
These are demo tools and should not be made part of the production systems. Use all these tools at your own risk 
Hope this list of web applications will help you or your team build web application security capabilities.
Burp Tools for Web Application Security
Web Application Security testing is a specialized process in security testing and Burp Suite of tools provides a set of tools which work together to support the end to end security testing process. It allows a security tester from initial mapping and analysis of an application’s attack surface through to finding and exploiting security vulnerabilities
Burp Suite supports both manual and automated security testing. The key components within the Burp Suite includes the following:
- An intercepting proxy, which lets you inspect and modify traffic between your browser and the target application.
- An application-aware spider, for crawling content and functionality.
- An advanced web application scanner, for automating the detection of numerous types of vulnerability.
- An intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
- A repeater tool, for manipulating and resending individual requests.
- A sequencer tool, for testing the randomness of session tokens.
- The ability to save your work and resume working later.
- Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.
Try it yourself to how the tool is shaped up in performing the web application security testing.
To download Burp Suite click here. It comes in two versions, one free and the other one commercial. Choose the version based on your Web Application Security testing needs
Cyber Security Evaluation Tool (CSET)
The Cyber Security Evaluation Tool (CSET) provides users with a systematic and repeatable approach for assessing the cyber security posture of their industrial control system networks. This tool also includes both high-level and detailed questions applicable to all industrial control systems (ICS). CSET was developed under the direction of the Department of Homeland Security (DHS) Control Systems Security Program (CSSP).
What is it?
The CSET is a desktop software tool that enables users to assess their network and ICS security practices against recognized industry and government standards, guidelines, and practices. The completed CSET assessment provides a prioritized list of recommendations for increasing the cyber security posture of an organization.s ICS or enterprise network and identifies what is needed to achieve the desired level of security within the specific standard(s) selected.
Download it from here
Seccubus Vulnerability Scanner
Seccubus is an automated vulnerability scanner with some extra features. One is that the periodic vulnerability assessment capability of the tool. Seccubus was created in order to more effectively analyse the results of regular scans of the same infrastructure by efficiently interpreting results.
How does it work?
Seccubus runs scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The results of this comparison are available in a web GUI
Findings have and can be tagged with one of the following statuses:
New
Finding was detected for the first time
Open
Finding was previously detected and has not been altered by the user
Changed
Flinging has changed since it was last detected. This status remains until it is changed by the user
No Issue
The finding does not pose any security risk and will remain this status until it changes. If the finding changes it will be marked as changed.
Gone
The finding had been found in a previous run, but has done been fixed in this run.
Fixed
The finding has been fixed and should not reappear. If this finding reappears it will be marked as changed.
Hard Masked
The finding is bogus and will not leave this status unless the user changes it.
Because the number of reported findings from Seccubus, especially on the second or later run, is much smaller then the number of findings of a regular scan, there will be much less time involved in the analysis of subsequent runs.