In our last post, we discussed the enormous potential of reconnaissance tools and their importance in the Recon phase of any penetration test. In my readings so far this week, I've come across two new (as in, new to me) tools that we should add to our toolkit.
The first tool is one that's fairly new and may be incredibly useful for internal teams, more than us, as an external pen tester. This tool, Pastenum, enumerates and searches pastebin and pastie.org for any sensitive information an organization might have out on those services. For a closer look at it and an in-depth run through, check out the link below.
Pastenum – Pastebin/pastie enumeration tool
The second tool we should add to our toolkit is rather similar to the WLAuthor script we talked about in our last post. It's a word list generator called L517. From taking a look at it, it's Windows-based, which may help some of our new testers stay in their comfort zone and it's quick.
Check out L517 - WORDLIST GENERATOR below (thanks to Rob Fuller, aka Mubix for the link):
And lastly, if you've gotten your feet wet on a couple of security evaluations or you've been reading some heavy-duty web application books and want to take a swing at your own web app hacking, then check out "BodgeIT Store" below. It's always a good idea for a pen tester to maintain a library of vulnerable applications, servers, vms, etc. (Just ask Chris, whom I continually plague with requests like "hey, do you still have that VM of Windows XP SP 0?") Here's a chance to get a fairly easy web application to evaluate on your own:
BodgeIt Store – Vulnerable Web Application For Penetration Testing