Showing posts from December, 2010

toolsmith: SamuraiWTF

December's toolsmith covers SamuraiWTF.
I'll repeat myself as stated in the article:
SamuraiWTF rocks, plain and simple.
It’d be my 2010 Toolsmith Tool of the Year but alas, I am letting you, dear reader, make that “Tool of the Year” decision for 2010 (poll details to follow as 2010 draws to a close).

SamuraiWTF is a LiveCD Linux release designed to serve you for your web pen-testing needs. Kevin Johnson of Secure Ideas and Justin Searle of InGuardians included what they believe are the best of the open source and free tools that focus on testing and attacking websites, selections based on the tools they use as part of their job duties. SamuraiWTF includes tools useful in all four steps of a web pen-test:
• Reconnaissance – Fierce domain scanner, Maltego (be sure to check out the Shodan Maltego add-on)
• Mapping – WebScarab, ratproxy
• Discovery – w3af and burp
• Exploitation – BeEF, AJAXShell

The article walks through using SamuraiWTF for each phase, but as always, I had the most fun…