Introduction

Most of the information provided in this book up to this point has been manual, step-by-step procedures for finding vulnerabilities in Web applications and fixing them. However, many automated tools can perform nearly the same functions, at ten times the speed and a hundredth of the headache.

We've already discussed (or mentioned in passing) a few of these tools in previous chapters. In this chapter we cover some tools that we may not have covered (or covered fully) in the earlier chapters but that are important nonetheless.

Netcat, written by Hobbit the Swiss Army knife of hacking.

Whisker, written by Rain Forest Puppy (http://www.wiretrip.net/rfp) one of the first complete Web checking tools.

Brutus, written by the folks at HooBie Inc. (http://www.hoobie.net/brutus/) one of the most robust Web authentication brute forcers.

Achilles, written by Roberto Cardona (http://www.digizen-security.com) one of the first usable HTTP proxy servers to insert commands in the HTTP stream dynamically.

Cookie Pal, written by Kookaburra Software (http://www.kburra.com/) one of the best programs for monitoring the cookies being created/deleted on a system.

Teleport Pro, written by Tennyson Maxwell Information Systems, Inc. (http://www.tenmax.com) performs automated and scheduled crawling and inventorying of Web servers.