Page History
...
Tool | Notes | Link(s) | |
---|---|---|---|
Virtual Machine Validation Workstation | Due to the small chance that a report will contain malicious a proof-of-concept or Trojan horse, recovery and containment may be easier if analysts use virtual machines for validation workstations. | TODO LINK TO VMWARE, KVM, VirtualBox, etc. | https://www.linux-kvm.org/page/Main_Page (or any other virtualization tool) |
Web Browsers | Analysts should have access to Internet Explorer, Firefox, Chrome, and Edge with any necessary enterprise certificate authorities installed.TODO LINK TO BROWSER DOWNLOADS | Internet Explorer https://www.microsoft.com/en-us/download/internet-explorer.aspx Firefox https://www.mozilla.org/en-US/firefox/ Chrome https://www.google.com/chrome/ Edge | |
Burp Suite | Requires Java JRE. | https://portswigger.net/burp/ | |
OWASP ZAP | Requires Java JRE. | https://github.com/zaproxy/zaproxy/wiki/Downloads | |
Firefox Add-ons | There are several Firefox add-ons which can aid in validating reports. | Web Developer Add-on Firebug Proxy Switcher Tamper Data RESTClient Cookies Manager+ | |
cURL | Command-line interaction with HTTP/HTTPS services. | https://curl.haxx.se/ | |
sqlmap | Requires Python 2.7. | http://sqlmap.org/ | |
Metasploit Framework | https://www.rapid7.com/products/metasploit/download/ | ||
testssl.sh | Requires Linux platform. |
...