methodology,checklists, tools, vulnerable webapps
et aussi http://resources.infosecinstitute.com/14-popular-web-application-vulnerability-scanners/
nmap tn3270, cics, nje ...
PwnWiki.io is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained.
Tools by PWN Wiki team https://github.com/pwnwiki
rdp-sec-check is a Perl script to enumerate security settings of an RDP Service (AKA Terminal Services)
again, thanks to Laszlo :)
AMES is a tool to parse the new Nessus output files and autogenerate an easy to copy and paste command line exploit using Metasploit CLI.
Thanks Laszlo for the link
encore une VM pour s'entrainer
une solution, pas à pas http://resources.infosecinstitute.com/drunk-admin-web-hacking-challenge/
Hackersh ("Hacker Shell") is a free and open source (license) shell (command interpreter) written in Python with Pythonect-like syntax, builtin security commands, and out of the box wrappers for various security tools. It is like Unix pipeline, but for processing security information and metadata rather than bytes.
https://discussions.nessus.org/servlet/JiveServlet/download/4615-1194/Nessus_Question.doc
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/uploads/documents/whitepapers/Tenable_Web_App_Scanning_0.pdf
http://www.tenable.com/sites/drupal.dmz.tenablesecurity.com/files/uploads/documents/whitepapers/Using%20Nessus%20in%20Web%20Application%20Vulnerability%20Assessments.pdf
https://www.owasp.org/images/4/4f/Web_Application_Vul_Testing_with_Nessus_2012.02.01.pdf
Playgrounds For Your Web App Assessments
• Virtual Machines
– DVL (Damn Vulnerable Linux) • http://www.damnvulnerablelinux.org/
– Moth • http://www.bonsai-sec.com/en/research/moth.php
- metasploitable http://sourceforge.net/projects/metasploitable/ https://community.rapid7.com/docs/DOC-1875
- OWASP BWA https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
- LAMPsecurity http://sourceforge.net/projects/lampsecurity/ - http://www.madirish.net/
• Stand-alone Applications
– Stanford SecuriBench • http://suif.stanford.edu/~livshits/securibench/
– WebGoat • http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
– Mutillidae • http://www.irongeek.com/i.php?page=security/mutillidae-deliberatelyvulnerable-php-owasp-top-10&mode=print
• Remote Sites
– Acunetix: • http://testphp.acunetix.com/ - Vulnhub: https://www.vulnhub.com/ donkeydocker et plein de VM et autres ressources
• Scanning Multiple Apache VirtualHosts With Nessus – http://blog.tenablesecurity.com/2009/05/scanning-multiple-virtual-hosts-withnessus.html
• Tips For Using Nessus In Web Application Testing – http://blog.tenablesecurity.com/2009/04/tips-for-using-nessus-in-web-applicationtesting.html
• Auditing PHP Settings to OWASP Recommendations with Nessus
– http://blog.tenablesecurity.com/2009/03/auditing-php-settings-to-owasprecommendations-with-nessus.html
• Detecting Base64 Encoded Authentication Requests
– http://blog.tenablesecurity.com/2009/03/detecting-base64-encoded-authenticationrequests.html
http://lab.lonerunners.net/blog/virtual-host-and-dns-names-enumeration-techniques et hostmap réécrit en ruby https://github.com/jekil/hostmap