Wednesday, December 01, 2010

toolsmith: SamuraiWTF



December's toolsmith covers SamuraiWTF.
I'll repeat myself as stated in the article:
SamuraiWTF rocks, plain and simple.
It’d be my 2010 Toolsmith Tool of the Year but alas, I am letting you, dear reader, make that “Tool of the Year” decision for 2010 (poll details to follow as 2010 draws to a close).

SamuraiWTF is a LiveCD Linux release designed to serve you for your web pen-testing needs. Kevin Johnson of Secure Ideas and Justin Searle of InGuardians included what they believe are the best of the open source and free tools that focus on testing and attacking websites, selections based on the tools they use as part of their job duties. SamuraiWTF includes tools useful in all four steps of a web pen-test:
Reconnaissance – Fierce domain scanner, Maltego (be sure to check out the Shodan Maltego add-on)
Mapping – WebScarab, ratproxy
Discovery – w3af and burp
Exploitation – BeEF, AJAXShell

The article walks through using SamuraiWTF for each phase, but as always, I had the most fun exemplifying exploit methodology with BeEF.
Browser zombies rule! ;-)



If you seek to learn a ton about web application security testing, or consolidate all the tools you’ll likely need on one system, SamuraiWTF is for you.
As Kevin indicated for the article, you can use SamuraiWTF as your base install, then enhance with Burp Suite Pro if you happen to be a commercial Burp user.
Stay tuned for the SamuraiWTF 1.0 release, and contribute to the project if so motivated.

Cheers.

del.icio.us | digg | Submit to Slashdot

Please support the Open Security Foundation (OSVDB)