📜  Kali Linux漏洞分析工具

📅  最后修改于: 2021-01-05 04:57:44             🧑  作者: Mango

漏洞分析工具

”漏洞分析工具”

Tools Description
BBQSQL It is a SQL injection exploitation tool useful when attacking tricky SQL injection vulnerabilities. It eases the triggering of hard to trigger SQL injection findings.
BED It stands for Brute-force Exploit Detector. It is a network protocol fuzzer that checks daemons for potential buffer overflow.
Cisco-auditing-tool It checks cisco routers for common vulnerabilities.
Cisco-global-exploiter It is an advanced, simple, and fast security testing tool.
Cisco-ocs It exploits Cisco devices in the given IP range.
Cisco-torch It is Cisco device scanning, fingerprinting, and exploitation tool that is used when we need to discover remote Cisco host, which is running Telnet, SSH, Web, NTP, and SNMP services and launch a dictionary attack against the service discovered.
Copy-router-config This tool is used to copy the configuration file from Cisco Devices via SNMP to the server.
Doona It is a network fuzzer extracted from Brute-force Exploit Detector.
DotDotPwn It is a fuzzer used to discover traversal directory vulnerabilities in the software of HTTP/FTP/TFTP servers
HexorBase This tool is used for administrating and auditing multiple database servers simultaneously form a centralized location, and it is used to perform SQL queries and brute-force attacks against common database servers.
jSQL InjectionThis tool is used to find database information from a distant server.
Lynis It is an open source security auditing tool used to audit and harden Unix and Linux based systems.
Nmap This utility is used for network discovery and security auditing. It uses raw IP packets in simple ways to determine what hosts are available on the network.
Ohrwurn It is an RTP fuzzer that reads SIP messages to get information about the RTP port numbers.
openvas It is a framework that offers a comprehensive and powerful vulnerability scanning and management solution.
Oscanner It is an Oracle assessment framework used for Sid Enumeration, Passwords tests, Enumerate database links, etc
Powerfuzzer It is a highly automated and fully customizable web fuzzer used for Cross Site Scripting, Injections, CRLF, and HTTP 500 statuses.
Sfuzz It is a Black Box testing utilities used to create test cases.
SidGuesser It guesses sids or instance against an Oracle database according to a predefined dictionary file.
SIPArmyKnife It is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflow, etc..
Sqlmap Sqlmap is a pen-testing tool that automates the process of detecting and exploiting of SQL injection drawbacks and taking over of database servers.
Sqlninja It is a tool to exploit SQL injection vulnerabilities on a web application. It also provides remote access to the vulnerable DB server.
Sqlsus It is a MySQL injection and takeover tool used to retrieve the database structure, injecting your own SQL queries, downloading files from the web server, crawl the website for writable directories using command line interface.
THC-IPV6 It is a set of tools to attack the inherent weakness of IPV6 and ICMP6. It converts a MAC or IPv4 address to an IPv6 address.
Tnscmd10g It is a tool to communicate with the Oracle TNS listener on port 1521/tcp on a simple level, such as sending ping commands.
Unix-privesc-check It is used to find misconfigurations that could allow local, unprivileged users to escalate privileges to other users.
Yersinia It is a framework for performing layer 2 attacks. It takes advantages of the weakness in the protocol.