Open source tools for Application Vulnerability Assessment


#1

To start learning vulnerability assessment I may require few tools. Could anyone suggest all the tools which you use and required for Application security analysis?


#2

That really depends on the type of application you will be attacking, and in most situations you will have several tools that you use across a couple of different genres.

The only ones that I am familiar with and current on are OpenVAS which is probably the most in depth assessment platform I have used and Nikto which is a web application and web server scanner.

I haven’t used these a bunch, but I could see how they might be useful in a pentesting environment.


#3

Thanks for sharing your opinion, I have used Nessus Home Edition, though it serves the purpose I’d like to know if there is any new tool in the market. And yes openvas is really a good product.

Let me put in this way,

What tools do you use for web application security assessment?

What tools do you use for binary analysis?

What tools do you use when you gonna test applications hosted on cloud?

These questions makes any sense?


#4

Oh I see, I misunderstood the question, but the answer really is the same. It depends.

There are so many different tools out there, that work for so many different workflows. I good way to go is to not look at hacking as the tools that accomplish any given task. You are the security expert, and when you run into a problem you will either go looking for a specific tool for a specific problem, or you will write one.

I would say, which you have probably heard before, go install Kali. Play with the tools that sound interesting. Go do wargames , go download Metasploitable and beat the shit out of that for a while. You will find that the tools just kind of come to you out of necessity.


#5

I was expecting list of all the available tools so I don’t need to search else where. Just a tool name and link should suffice, later we can make another resource for tools. I am just trying to consolidate all the tools which we know (not every tool but which you use often)

Apologies if I failed to explain my question clearly


#6

I just think that is unrealistic. For example there are hundreds if not more tools in the pentesting distros as well as thousands in the archstrike repos and they all have a purpose.


#7

Are they widely used? Though we have several thousands of tools there are few tools which we definitely need em, like Nmap, burpsuite, sqlmap etc


#8

I like to think of it more from a flowchart perspective.

If I don’t have my target, the tools I start with are more recon stuff to try and gather as many attack surfaces as possible. Public whois data, Subdomain scanners, a few other nifty tricks… Maybe even some automation tools that just run the same scans over and over and alert me if there is a change. (huginn is great)

If I have a target, I usually start with nmap and nikto. Depending on the results, my next step changes.
Mostly it is about knowing where to press and not pressing where you are just going to waste your time.


#9

Github is a GREAT resource. I was trying to find another one specifically for what you wanted (since I know it exists), but I could not find it. Perhaps this will suffice:

Here is another one I found by just Googling “GitHub Vulnerability Scanner List”: