3 replies to this topic

[m.rce]

ok,

I have BT4.

* I currently use w3af for web-scanning - eventually I can pair it with nmap for a more hardcore scanning. What other tools should I use for vulno-research?
* I use metasploit for crafting exploits, CANVAS costs 1K$(!). Is CANVAS good?? What other exploit platform I could use apart metasploit?
* I have a bunch of SQL Injection tools, which one you prefer/suggest me? unfortunately, it seems SQLi are the king of exploitation, today...
* Is it possible to chain proxies using JAP or TOR - that is, adding extra jumps for hardening backtracing?

Regards.

[serrath]

ok,

I have BT4.

* I currently use w3af for web-scanning - eventually I can pair it with nmap for a more hardcore scanning. What other tools should I use for vulno-research?
* I use metasploit for crafting exploits, CANVAS costs 1K$(!). Is CANVAS good?? What other exploit platform I could use apart metasploit?
* I have a bunch of SQL Injection tools, which one you prefer/suggest me? unfortunately, it seems SQLi are the king of exploitation, today...
* Is it possible to chain proxies using JAP or TOR - that is, adding extra jumps for hardening backtracing?

Regards.

BackTrack 5 comes out May 10th, I believe. It might be worthwhile to hold your horses and see what those guys include. They've got pretty good taste, and this time they're going to be cutting the junk out.

[sniper606]

Top 100 Network Security Tools.

http://sectools.org/

You might find this site useful.

[tekio]

Is CANVAS good??

Yes, canvas is awesome! But, they will not sell it anybody off the street. I had to go through a lot of hoops, including sending a written request on company letterhead, and having an email address that matches the letterhead. It would be easy to forge all that stuff though.