I have seen People ask How to hack website without any basic knowledge about hacking. You should know how hacks work - If you want to hack anything in this world you have to find out their weakness and then try to exploit them. Web site security is very important because the website contain relevant information about a company and now a days website defacement is very common even a script kiddies and a new born hackers can do this. The most common vulnerability like SQL-Injection and cross site scripting lead towards the defacement. So you want to secure your web application than find vulnerabilities on it before a hacker find it.
Below are Top tools for finding vulnerabilities :
1. W3AF - w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. This cross-platform tool is available in all of the popular operating systems such as Microsoft Windows, Linux, Mac OS X, FreeBSD and OpenBSD and is written in the Python programming language. Users have the choice between a graphic user interface and a command-line interface. w3af identifies most web application vulnerabilities using more than 130 plug-ins. After identification, vulnerabilities like (blind) SQL injections, OS commanding, remote file inclusions (PHP), cross-site scripting (XSS), and unsafe file uploads, can be exploited in order to gain different types of access to the remote system.
How to use w3af
2. Vega - Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. It is available on Kali Linux and Backtrack.
How to use Vega
3. Nikto - Nikto is one of the most popular web security application when you are beginning a web pentesting project. Nikto is a web application scanning tool that searches for misconfigurations, openly accessible web directories and a host of web application vulnerabilities. This is available on the famous Linux distribution like Kali Linux, Backtrack, Gnacktrack, Backbox and others.
How to use Nikto
4. Zed Attack Proxy (ZAP) - OWASP or Open Web Application Security Project is a non profit organisation world wide that are focusing on improving the security of web application. The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has an automatic scanning functionality and it has a set of tools that allow you to find vulnerability manually.
5. Skipfish - Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Like it ? Share it.