In this post, we are gonna look on Pen-test friendly browser and how effective we can make our penetration test with and without the automated tools. so below are some newbie tips that’ll get you started. Do the study of penetration testing execution standard from http://www.pentest-standard.org for complete seven steps of PTES, intelligence gathering to reporting. The Metasploit and Nmap book by Gordon Fyodor will guide you on infrastructure penetration testing from port scanning to web server scanning.
Let’s call it a term pentooling, If you are reliant only upon below automated tools or frameworks then you’ll point just as a scanner guy.
- Netsparker etc.
No doubt that tools make the operations easier but if you’ll get the idea of “How that automated works” it’ll worth it. Vulnerabilities listed for the Opensource application projects like OWASP or WASC can be easily assessed with the above tools.
Let’s look on the basic toolset of windows to perform the penetration test of the website. Proper browser and assessment tools make the test easier. The best browser by far good for the penetration is MANTRA browser by OWASP. It is cross platform so it’s available on all three major operating system like linux, windows, OS X. You can download both portable and executable version from http://www.getmantra.com/.Below is a detailed snap of the browser with the extension box. Most of the extensions are covered in this browser like cookie manager,DOM inspector, FireSSH, HTTPFox, HTTPRequester, In built XSS Scanner and XSSMe for XSS vulnerability, Greasemonkey, Fexif tool, Referer,user agents spoofing which might help in text injection or content spoofing in the HTTP Request, Selenium IDE, SQLInject me for SQL injection, SQLite manager for database forensics. The best thing is the inbuilt bookmark manager of the browser called ‘Hackery’ which includes thousands of links and blog reference of all sections like OSINT, Exploitation, cheat sheets CTFs link, Malware analysis and much more.