Rock book

As per  OWASP Testing Guide v4 , the first phase in security assessment is focused on collecting as much information as possible about a target application. Information Gathering is the most critical step of an application security test. The security test should endeavour to test as much of the code base as possible. Thus mapping all possible paths through the code to facilitate thorough testing is paramount. This task can be carried out in many different ways. By using public tools (search engines), scanners, sending simple HTTP requests, or specially crafted requests, it is possible to force the application to leak information, e.g., disclosing error messages or revealing the versions and technologies used. Below are the list of tools, are used to gather information. acccheck ace-voip Amap Automater bing-ip2hosts braa CaseFile CDPSnarf cisco-torch Cookie Cadger copy-router-config DMitry dnmap dnsenum dnsmap DNSRecon dnstracer dnswalk DotDotPwn enum4linux enumIAX exploitdb Fierce ...

SET stands for   Social Engineering Toolkit , primarily written by David Kennedy ( ReL1K ). The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test. To start SET , either you goto Applications --> Kali Linux --> Exploitation Tools --> Social Engineering Toolkit --> se-toolkit . (This command was valid till Kali Linux ver. 1.0.4, now it changed to setoolkit  in Kali Linux ver 1.0.5 and 1.0.6 ). or else, open terminal window and type se-toolkit ( for Kali Linux ver. 1.0.4 ) or setoolkit ( for Kali Linux ver. 1.0.5 and 1.0.6 ) . When you type this root terminal window, following are steps SET  perform...