We has written about a similar livecd that is aimed at web application penetration testing. The name is OWASP Livecd. The Samurai Web Testing Framework is a similar livecd. This livecd is in its version 0.6 and was released on 16th May 2009.
The Samurai Web Testing Framework is focused on web application testing. It is a web penetration testing live CD built on open source software. With the latest release, the Inguardians (livecd creators) have added a VM image. It will also work in any version of VMWare Fusion. It has a lot of tools inbuilt in it. We will mention some so, that you know how the livecd is assembled for optimum web app pentest. For reconnaissance, we have tools such as the Fierce domain scanner and Maltego. For mapping, we have tools such WebScarab and ratproxy. For discovery, we have w3af and burp. For exploitation, the final stage, we included BeEF and AJAXShell. There are a lot more tools than the ones mentioned above. They are:
- Burp Suite, a web application attacking tool
- DirBuster, an application file and directory enumeration and brute forcing tool from OWASP
- Fierce Domain Scanner a target ennumeration utility
- Gooscan an automated Google querying tool that is useful for finding CGI vulnerabilities without scanning the target directly, but rather querying Google’s caches
- Grendel-Scan, just released, an open source web application vulnerability testing tool
- HTTP_Print a web server fingerprinting tool
- Maltego CE, an open source intelligence and forensics application that does data mining to find information from the internet and link it together (great for background research on a target).
- Nikto, an open source web server scanner
- Paros, one of my favorite, Java based, cross platform, web application auditing and proxy tools
- Rat Proxy, a semi-automated, passive web application security audit tool.
- Spike Proxy, an extensible web application analyzer and vulnerability scanner.
- SQLBrute, a SQL injection and brute forcing tool.
- w3af (and the GUI), a web application attack and audit framework.
- Wapiti, a web application security auditor and vulnerability scanner
- WebScarab, an HTTP application auditing tool from OWASP
- WebShag, a web server auditing tool
- ZenMap, a NMAP graphical front end
Additionally Samurai includes several command line utilities such as:
- dnswalk, a DNS query and zone transfer tool
- httping, a ping like utility for HTTP requests
- httrack, a website copying utility.
- john the ripper, a password cracking program
- netcat, a TCIP/IP swiss army knife
- nmap, a port scanner and OS detection tool
- siege, an HTTP stress tester and benchmarking tool.
- snarf, a lightweight URL fetching utility
and many others. You also have wine pre-installed.
A small screenshot:
Download this livecd from here.
Related External Links
- Samurai Web Testing Framework – Web Application Security LiveCD …
- Web penetration testing live CD | DigTrace – Internet Security Source
- Samurai Web Testing Framework Live CD announced | Pingree on Security
samurai default password, samurai vm, samurai vmware, samurai web testing password, samurai pentest, samurai web testing platform, inguardians samurai password, Samurai Web Testing Framework, samurai linux default password, samurai web testing framework tutorial, web scanner framework, owasp samurai, samurai owasp, samurai web testing framework administrative password, samurai vmware tools, Samurai vs OWASP, samurai vvmware, Samurai Web Assessment Framework, Samurai Web Assessment Framework vm, samurai web testing default pasword
You must log in to post a comment.