Other Tools                                                                Chapter 11

            nmap and python-nmap

            Most of this book has revolved around testing web applications within the context of their
            browser-based attack surfacebform fields, unsecured endpoints, and things you can
            generally view within a browser or browser extension.

            But if you're looking to do more network analysisbchecking for open ports, probing
            firewalls, and looking for connections beyond the standard HTTP/ TCPbONBQ is a popular
            weapon of choice and an industry standard.

            QZUIPO ONBQ is exactly what it soundsba Python-based port of the software. This can be
            extremely useful if you'd like to hack on ONBQ. Whether you're adding checks to the
            existing port discovery of  ONBQ or grafting on layers of custom alert logic, the QZUIPO
            ONBQ package is a great starting point that frees you from re-implementing the bread-and-
            butter features of the standard ONBQ functionality.


            Aircrack-ng

            Aircrack-ng is another network scanning tool that's become almost a standard for Wi-Fi
            cracking and packet capture. As before, though we didn't cover general network analysis
            that much in this book, there's a great suite of tools for anyone looking to get started.

            And critically, unlike something such as social engineering, which is an element of
            pentesting we specifically did not cover since it's so often out-of-bounds for most programs,
            companies will reward researchers for pointing out holes in their network.


            Wireshark

            Continuing with network scanners, Wireshark is another battle-tested network analysis
            program, with deep packet inspection and other low-level data capture functionality that
            can be crucial for understanding an app's cryptographic security posture. If you develop a
            greater emphasis on network-level security issues, Wireshark should be on your radar, if
            not a part of your toolset.


            SpiderFoot


            SpiderFoot (IUUQ   XXX TQJEFSGPPU OFU ) is a scanner that specializes in Open Source
            Intelligence (OSINT), combing through social media networks, DNS records, and other
            publicly available information to assemble a picture of the target application's attack
            surface and possible vulnerabilities.


                                                    [ 177 ]