Other Tools                                                                Chapter 11

            A Quick Overview of Other Options ` Nikto,

            Kali, Burp Extensions, and More


            There's such a profusion of tools in security that it can be difficult to know what's worth
            testing for your own workflow. This section includes short descriptions of different types of
            tools, categorized by the function they serve the pentester.


            Scanners

            There are many options for scanners that specialize in gathering or testing a wide range of
            vulnerability-related information. The few we've used in this work represent just a small
            portion of the overall market. Here are a few options; some are command line-only while
            others have both a CLI and a GUI, though all offer at least some degree of CLI control, and
            all are free.


            Nikto

            Nikto is an established scanner known for its server fingerprinting capabilities. Beyond that
            though, it's a good choice in general for scanning for OWASP Top 10 vulnerabilities.


            Zed Attack Proxy

            The Zed Attack Proxy (ZAP) proxy and scanner is a tool created by OWASP, the non-profit
            organization dedicated to web application vulnerability research. ZAP is often held up as
            the free analog to the scanner included in Burp Suite Pro versions.


            w3af

            X BG is an open source, Python-powered scanner that features both an interactive CLI shell
            and a GUI dashboard. X BG started out as the brainchild of Andres Riancho in 2006 and in
            subsequent years has grown to include thousands of public contributors from across the
            world.










                                                    [ 176 ]