Tuesday, April 19, 2011

More Recon Tools and A New Vulnerable Web App!

In our last post, we discussed the enormous potential of reconnaissance tools and their importance in the Recon phase of any penetration test. In my readings so far this week, I've come across two new (as in, new to me) tools that we should add to our toolkit.
The first tool is one that's fairly new and may be incredibly useful for internal teams, more than us, as an external pen tester. This tool, Pastenum, enumerates and searches pastebin and pastie.org for any sensitive information an organization might have out on those services. For a closer look at it and an in-depth run through, check out the link below.

Pastenum – Pastebin/pastie enumeration tool

The second tool we should add to our toolkit is rather similar to the WLAuthor script we talked about in our last post. It's a word list generator called L517. From taking a look at it, it's Windows-based, which may help some of our new testers stay in their comfort zone and it's quick.

Check out L517 - WORDLIST GENERATOR below (thanks to Rob Fuller, aka Mubix for the link):

And lastly, if you've gotten your feet wet on a couple of security evaluations or you've been reading some heavy-duty web application books and want to take a swing at your own web app hacking, then check out "BodgeIT Store" below. It's always a good idea for a pen tester to maintain a library of vulnerable applications, servers, vms, etc. (Just ask Chris, whom I continually plague with requests like "hey, do you still have that VM of Windows XP SP 0?") Here's a chance to get a fairly easy web application to evaluate on your own:

BodgeIt Store – Vulnerable Web Application For Penetration Testing



    Am Mark Oscar,I want to testify about Jack Robert blank ATM cards which can withdraw money from any ATM machines around the world. I was very poor before and have no hope then I saw so many testimony about how Jack Robert send them the ATM blank card and use it to collect money in any ATM machine and become rich. I also email him and he sent me the blank card. I have use it to get 70,000 dollars. withdraw the maximum of $5,000 daily. Jack Robert is giving out the card just to help the poor. Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email Him on how to get it now via: blankatmhaker@gmail.com or call/Text on +1(406) 350-4986

  2. If you need to boost your credit score permanently, hack your spouse or employees' cell remotely, I would suggest you visit the contact info below:

    Email: finessehackers1@gmail.com
    Website: finessehackers.com

    They were very helpful in boosting my score and this gave me access to a mortgage, they're highly recommendable.