I noticed that Tom has done a list of the most common tools he used on a pentest. I want to follow up on this and do one for web application testing since this is more my background.
So the tools I will use in every web application tests are:
I tend to use firefox as my main testing browser this is because it had lots of plugins that make life easy and also does not have a built in feature like xss filtering like chrome. I then use Google chrome as another web browser that allows me to search and use the internet without having any of the search results show up in burpsuit or any other tools.
Burpsuit is the main tool I use, simply put it’s the best one to use. It has loads of features and if you have the pro version you can sometimes identify low hanging fruit. It allows you to scan the site, intercept requests and modify paramaters. You can use tampa data to modify requests but burpsuit has many more features that really does make life easier.
The next tool is sqlmap. I use this then when I need it, mainly if I identify an sql injection point. This allows me to easy dump the database without knowing every sql statement off by heart.
Hoppy and Nikto I tend to run after each other to try and gather more information about the web application. Hoppy is a fansatic little tool written in python and is a http options prober which checks the availability of http methods as well as probing them to see if they can be forced to disclose system information. Nikto again tries to identify directories and other information about the web applications. On many occasions it has helped me to find webdav directories which allows me to upload contents to the site.
Last but not least sslscan, this is great to determine the ciphers that are supported on a website. It identifes if it’s using sslv1 or sslv2 as well as if it is using encryption equal too or greater than 128b.
So what do you think am I missing? Anything you would add to the list? Most of the tools are free apart from burpsuit but you can get a free version of that too.