Penetration Test - Selecting_Pen_Testing_Tools(5)
Code cracking tools
Debuggers
| Tool | Notes | URL |
|---|---|---|
| OLLYDBG | Windows 32-bit | http://www.ollydbg.de/ |
| Immunity debugger | Write exploits, analyze malware, and reverse engineer binary files | https://www.immunityinc.com/products/debugger/ |
| GDB | GNU project debugger | https://www.gun.org/software/gdb/ |
| WinDBG | Windows debugger | https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools |
| IDA | Cross platform debugger | https://www.hex-rays.com/products/ida/ |
Software Assurance Tools
| Tool | Notes | URL |
|---|---|---|
| Findbugs/findsecbugs | Auditor of Java web application | https://find-sec-bugs.github.io |
| Peach | Fuzzer - automated testing | https://www.peach.tech/products/peach-fuzzer/ |
| AFL | American Fuzzy Lop - fuzzer | https://lcamtuf.coredump.cx/afl/ |
| SonarQube | Continuous inspection - automated testing | https://www.sonarqube.org/ |
| YASCA | Yet Another Source Code Analyzer | https://github.com/scovetta/yasca |
QUICK REVIEW
- Debuggers are advanced tools and can reveal how a program works.
- Debuggers can also allow testers to modify data as the program is running
- Software assurance tools can help to identify vulnerabilities in applications
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
