I want to collect data (.pcap file) for HTTP based and FTP based attacks. It will be helpful if some names from metasploit list will be suggested.
What type of attacks? Against the protocol? or against an application?
Metasploit has a command line instance (MSFpayload) that has auxiliary modules. Look for "Scanner HTTP Auxiliary Modules" from the MSFpayload.
There you will find some basic scans such as "authentication (basic) brute force", file enumeration, webdav bypass, etc. That will help you to have some attack traces (again very basic).
If you want to proceed with a more sophisticated approach you may want to use a scanner that are oriented towards web applications. (i.e. webinspect) and allows you to have manual attacks. One very good option at a good price will be BURP from Portswigger (or free if you don't want the scanner). The annual license is very low.
You can create your own input validation attacks, cookie manipulation to alter the security of the session, etc. The paid version also has multiple scans that you can use to have traces of malicious activities.
Hope this will help.
- Badges
- Science topic
- Similar topics
- Geoscience
- Cartography
- Mapping