LiveCDs
Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - www.packetfocus/hackos/
DVL (Damn Vulnerable Linux) - /
Test sites / testing grounds
SPI Dynamics (live) - zero.webappsecurity/
Cenzic (live) - ic/
Watchfire (live) - stfire/
Acunetix (live) - testphp.acunetix/ testasp.acunetix testaspnet.acunetix
WebMaven / Buggy Bank - www.mavensecurity/webmaven
Foundstone SASS tools - www.foundstone/us/resources-free-tools.asp
Updated HackmeBank - www.o2-ounceopen/technical-info/2008/12/8/updated-ve
Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - www.packetfocus/hackos/
DVL (Damn Vulnerable Linux) - /
Test sites / testing grounds
SPI Dynamics (live) - zero.webappsecurity/
Cenzic (live) - ic/
Watchfire (live) - stfire/
Acunetix (live) - testphp.acunetix/ testasp.acunetix testaspnet.acunetix
WebMaven / Buggy Bank - www.mavensecurity/webmaven
Foundstone SASS tools - www.foundstone/us/resources-free-tools.asp
Updated HackmeBank - www.o2-ounceopen/technical-info/2008/12/8/updated-ve
rsion-of-hacmebank.html
OWASP WebGoat - /index.php/OWASP_WebGoat_Project
OWASP SiteGenerator - /index.php/Owasp_SiteGenerator
Stanford SecuriBench - suif.stanford.edu/~livshits/securibench/
SecuriBench Micro - suif.stanford.edu/~livshits/work/securibench-micro/
HTTP proxying / editing
WebScarab - /index.php/Category:OWASP_WebScarab_Project
Burp - www.portswigger/
Paros - /
Fiddler - www.fiddlertool/
Web Proxy Editor - www.microsoft/mspress/companion/0-7356-2187-X/
Pantera - /index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
OWASP WebGoat - /index.php/OWASP_WebGoat_Project
OWASP SiteGenerator - /index.php/Owasp_SiteGenerator
Stanford SecuriBench - suif.stanford.edu/~livshits/securibench/
SecuriBench Micro - suif.stanford.edu/~livshits/work/securibench-micro/
HTTP proxying / editing
WebScarab - /index.php/Category:OWASP_WebScarab_Project
Burp - www.portswigger/
Paros - /
Fiddler - www.fiddlertool/
Web Proxy Editor - www.microsoft/mspress/companion/0-7356-2187-X/
Pantera - /index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
Suru - www.sensepost/research/suru/
httpedit (curses-based) - utralbit/en/rd/httpedit/
Charles - www.xk72/charles/
Odysseus - www.bindshell/tools/odysseus
Burp, Paros, and WebScarab for Mac OS X - saire/downloads/
Web-application scanning tool from `Network Security Tools'/O'Reilly - illy/networkst/
JS Commander - /
Ratproxy - le/p/ratproxy/
RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools
Wfuzz - www.edge-security/wfuzz.php
ProxMon - www.isecpartners/proxmon.html
httpedit (curses-based) - utralbit/en/rd/httpedit/
Charles - www.xk72/charles/
Odysseus - www.bindshell/tools/odysseus
Burp, Paros, and WebScarab for Mac OS X - saire/downloads/
Web-application scanning tool from `Network Security Tools'/O'Reilly - illy/networkst/
JS Commander - /
Ratproxy - le/p/ratproxy/
RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools
Wfuzz - www.edge-security/wfuzz.php
ProxMon - www.isecpartners/proxmon.html
Wapiti - wapiti.sourceforge/
Grabber - rgaucher.info/beta/grabber/
XSSScan - /scanners/XSSscan.py
CAL9000 - /index.php/Category:OWASP_CAL9000_Project
HTMangLe - www.fishnetsecurity/Tools/HTMangLe/publish.htm
JBroFuzz - sourceforge/projects/jbrofuzz
XSSFuzz - /blog/20060921/xssfuzz-released/
WhiteAcid's XSS Assistant - /greasemonkey/
Overlong UTF - www.microsoft/mspress/companion/0-7356-2187-X/
[TGZ] MielieTool (SensePost Research) - /UNIX/utilities/
RegFuzzer: test your regular expression filter - rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter
screamingCobra - www.dachb0den/projects/screamingcobra.html
SPIKE and SPIKE Proxy - immunitysec/resources-freesoftware.shtml
Grabber - rgaucher.info/beta/grabber/
XSSScan - /scanners/XSSscan.py
CAL9000 - /index.php/Category:OWASP_CAL9000_Project
HTMangLe - www.fishnetsecurity/Tools/HTMangLe/publish.htm
JBroFuzz - sourceforge/projects/jbrofuzz
XSSFuzz - /blog/20060921/xssfuzz-released/
WhiteAcid's XSS Assistant - /greasemonkey/
Overlong UTF - www.microsoft/mspress/companion/0-7356-2187-X/
[TGZ] MielieTool (SensePost Research) - /UNIX/utilities/
RegFuzzer: test your regular expression filter - rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter
screamingCobra - www.dachb0den/projects/screamingcobra.html
SPIKE and SPIKE Proxy - immunitysec/resources-freesoftware.shtml
RFuzz - /
WebFuzz - debreakers-journal/index.php?option=com_content&task=view&id=112&Itemid=99999999
TestMaker - www.pushtotest/Docs/downloads/features.html
ASP Auditor - /projects/asp-auditor-v2/
WSTool - wstool.sourceforge/
Web Hack Control Center (WHCC) - ussysadmin/whcc/
Web Text Converter - www.microsoft/mspress/companion/0-7356-2187-X/
HackBar (Firefox Add-on) - /firefox/3899/
Net-Force Tools (NF-Tools, Firefox Add-on) - www-force.nl/library/downloads/
PostIntercepter (Greasemonkey script) - /scripts/show/743
HTTP general testing / fingerprinting
Wbox: HTTP testing tool - /wbox/
WebFuzz - debreakers-journal/index.php?option=com_content&task=view&id=112&Itemid=99999999
TestMaker - www.pushtotest/Docs/downloads/features.html
ASP Auditor - /projects/asp-auditor-v2/
WSTool - wstool.sourceforge/
Web Hack Control Center (WHCC) - ussysadmin/whcc/
Web Text Converter - www.microsoft/mspress/companion/0-7356-2187-X/
HackBar (Firefox Add-on) - /firefox/3899/
Net-Force Tools (NF-Tools, Firefox Add-on) - www-force.nl/library/downloads/
PostIntercepter (Greasemonkey script) - /scripts/show/743
HTTP general testing / fingerprinting
Wbox: HTTP testing tool - /wbox/
ht://Check - htcheck.sourceforge/
Mumsie - www.lurhq/tools/mumsie.html
WebInject - /
Torture.pl Home Page - /~lstein/torture/
JoeDog's Seige - /JoeDog/Siege/
OPEN-LABS: metoscan (http method testing) - /
Load-balancing detector - ge.mine.nu/lbd.html
HMAP - ujeni.murkyroc/hmap/
Net-Square: httprint - net-square/httprint/
Wpoison: http stress testing - wpoison.sourceforge/
Net-square: MSNPawn - net-square/msnpawn/index.shtml
hcraft: HTTP Vuln Request Crafter - /projects/hcraft/
rfp.labs: LibWhisker - www.wiretrip/rfp/lw.asp
Nikto - www.cirt/code/nikto.shtml
twill - /
Mumsie - www.lurhq/tools/mumsie.html
WebInject - /
Torture.pl Home Page - /~lstein/torture/
JoeDog's Seige - /JoeDog/Siege/
OPEN-LABS: metoscan (http method testing) - /
Load-balancing detector - ge.mine.nu/lbd.html
HMAP - ujeni.murkyroc/hmap/
Net-Square: httprint - net-square/httprint/
Wpoison: http stress testing - wpoison.sourceforge/
Net-square: MSNPawn - net-square/msnpawn/index.shtml
hcraft: HTTP Vuln Request Crafter - /projects/hcraft/
rfp.labs: LibWhisker - www.wiretrip/rfp/lw.asp
Nikto - www.cirt/code/nikto.shtml
twill - /
DirBuster - /index.php/Category:OWASP_DirBuster_Project
[ZIP] DFF Scanner - security-net.biz/files/dff/DFF.zip
[ZIP] The Elza project - /web/elza-1.4.7-beta.zip /elza.html
HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled - sf/projects/hackfox
Browser-based HTTP tampering / editing / replaying
TamperIE - www.bayden/Other/
isr-form - www.infobyte.ar/developments.html
Modify Headers (Firefox Add-on) - /
Tamper Data (Firefox Add-on) - /
UrlParams (Firefox Add-on) - /en-US/firefox/addon/1290/
TestGen4Web (Firefox Add-on) - /en-US/firefox/addon/1385/
[ZIP] DFF Scanner - security-net.biz/files/dff/DFF.zip
[ZIP] The Elza project - /web/elza-1.4.7-beta.zip /elza.html
HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled - sf/projects/hackfox
Browser-based HTTP tampering / editing / replaying
TamperIE - www.bayden/Other/
isr-form - www.infobyte.ar/developments.html
Modify Headers (Firefox Add-on) - /
Tamper Data (Firefox Add-on) - /
UrlParams (Firefox Add-on) - /en-US/firefox/addon/1290/
TestGen4Web (Firefox Add-on) - /en-US/firefox/addon/1385/
DOM Inspector / Inspect This (Firefox Add-on) - /en-US/firefox/addon/1806/ /en-US/firefox/addon/1913/
LiveHTTPHeaders / Header Monitor (Firefox Add-on) - / /en-US/firefox/addon/575/
Cookie editing / poisoning
[TGZ] stompy: session id tool - /
Add'N Edit Cookies (AnEC, Firefox Add-on) - /
CookieCuller (Firefox Add-on) - /
CookiePie (Firefox Add-on) - ktra/oss/firefox/extensions/cookiepie/
CookieSpy - deproject/shell/cookiespy.asp
Cookies Explorer - www.dutchduck/Features/Cookies.aspx
LiveHTTPHeaders / Header Monitor (Firefox Add-on) - / /en-US/firefox/addon/575/
Cookie editing / poisoning
[TGZ] stompy: session id tool - /
Add'N Edit Cookies (AnEC, Firefox Add-on) - /
CookieCuller (Firefox Add-on) - /
CookiePie (Firefox Add-on) - ktra/oss/firefox/extensions/cookiepie/
CookieSpy - deproject/shell/cookiespy.asp
Cookies Explorer - www.dutchduck/Features/Cookies.aspx
Ajax and XHR scanning
Sahi - in/
scRUBYt - /
jQuery - jquery/
jquery-include - /projects/jquery-include
Sprajax - www.denimgroup/sprajax.html
Watir - /
Watij - watij/
Watin - watin.sourceforge/
RBNarcissus - uk/2005/rbnarcissus/
SpiderTest (Spider Fuzz plugin) - blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin
Javascript Inline Debugger (jasildbg) - lepages/
Firebug Lite - firebug/lite.html
firewaitr - le/p/firewatir/
RSS extensions and caching
LiveLines (Firefox Add-on) - /en-US/firefox/addon/324/
rss-cache - www.dubfire/chris/projects/rss-cache/
SQL injection scanning
: home of Absinthe, Mezcal, etc - /releases.php
SQLiX - /index.php/Category:OWASP_SQLiX_Project
sqlninja: a SQL Server injection and takover tool - sqlninja.sourceforge/
JustinClarke's SQL Brute - www.justinclarke/archives/2006/03/sqlbrute.html
BobCat - uk/projects/bobcat/bobcat.html
sqlmap - sqlmap.sourceforge/
RSS extensions and caching
LiveLines (Firefox Add-on) - /en-US/firefox/addon/324/
rss-cache - www.dubfire/chris/projects/rss-cache/
SQL injection scanning
: home of Absinthe, Mezcal, etc - /releases.php
SQLiX - /index.php/Category:OWASP_SQLiX_Project
sqlninja: a SQL Server injection and takover tool - sqlninja.sourceforge/
JustinClarke's SQL Brute - www.justinclarke/archives/2006/03/sqlbrute.html
BobCat - uk/projects/bobcat/bobcat.html
sqlmap - sqlmap.sourceforge/
Scully: SQL Server DB Front-End and Brute-Forcer - www.sensepost/research/scully/
FG-Injector - www.flowgate/?lang=en&seccion=herramientas
PRIAMOS - www.priamos-project/
Web application security malware, backdoors, and evil code
W3AF: Web Application Attack and Audit Framework - w3af.sourceforge/
Jikto - busin3ss.name/jikto-in-the-wild/
XSS Shell - ferruh.mavituna/article/?1338
XSS-Proxy - xss-proxy.sourceforge
AttackAPI - /projects/attackapi/
FFsniFF - azurit.elbiahosting.sk/ffsniff/
HoneyBlog's web-based junkyard - /junkyard/web-based/
BeEF - www.bindshell/tools/beef/
FG-Injector - www.flowgate/?lang=en&seccion=herramientas
PRIAMOS - www.priamos-project/
Web application security malware, backdoors, and evil code
W3AF: Web Application Attack and Audit Framework - w3af.sourceforge/
Jikto - busin3ss.name/jikto-in-the-wild/
XSS Shell - ferruh.mavituna/article/?1338
XSS-Proxy - xss-proxy.sourceforge
AttackAPI - /projects/attackapi/
FFsniFF - azurit.elbiahosting.sk/ffsniff/
HoneyBlog's web-based junkyard - /junkyard/web-based/
BeEF - www.bindshell/tools/beef/
Firefox Extension Scanner (FEX) - /projects/fex/
What is my IP address? - reglos.de/myaddress/
xRumer: blogspam automation tool - www.botmaster/movies/XFull.htm
SpyJax - hantos/makebeta/tools/spyjax/
Greasecarnaval - /projects/greasecarnaval
Technika - /projects/technika/
Load-AttackAPI bookmarklet - /projects/load-attackapi-bookmarklet
MD's Projects: JS port scanner, pinger, backdoors, etc - /my-projects/
Web application services that aid in web application security assessment
Netcraft - wwwcraft
AboutURL - www.abouturl/
What is my IP address? - reglos.de/myaddress/
xRumer: blogspam automation tool - www.botmaster/movies/XFull.htm
SpyJax - hantos/makebeta/tools/spyjax/
Greasecarnaval - /projects/greasecarnaval
Technika - /projects/technika/
Load-AttackAPI bookmarklet - /projects/load-attackapi-bookmarklet
MD's Projects: JS port scanner, pinger, backdoors, etc - /my-projects/
Web application services that aid in web application security assessment
Netcraft - wwwcraft
AboutURL - www.abouturl/
The Scrutinizer - www.scrutinizethis/
lkit - clez/
ServerSniff - www.serversniff/
Online Microsoft script decoder - agic/security/tools/decoder/
Webmaster-Toolkit - www.webmaster-toolkit/
myIPNeighbbors, et al - digg/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
PHP charset encoding - h4k.in/encoding
data: URL testcases - h4k.in/dataurl
Browser-based security fuzzing / checking
Zalewski's MangleMe - /i
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - metasploit/users/hdm/tools/
lkit - clez/
ServerSniff - www.serversniff/
Online Microsoft script decoder - agic/security/tools/decoder/
Webmaster-Toolkit - www.webmaster-toolkit/
myIPNeighbbors, et al - digg/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
PHP charset encoding - h4k.in/encoding
data: URL testcases - h4k.in/dataurl
Browser-based security fuzzing / checking
Zalewski's MangleMe - /i
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - metasploit/users/hdm/tools/
Peach Fuzzer Framework - peachfuzz.sourceforge/
TagBruteForcer - /html/tools/RT20060801-3.html
PROTOS Test-Suite: c05-http-reply - ulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html
COMRaider - labs.idefense
bcheck - bcheck.scanit.be/bcheck/
Stop-Phishing: Projects page - www.indiana.edu/~phishing/?projects
LinkScanner - plabs/linkscanner/default.asp
BrowserCheck - uk/services/browsercheck/
Cross-browser Exploit Tests - www.jungsonnstudios/cool.php
Stealing information using DNS pinning demo - www.jumperz/index.php?i=2&a=1&b=7
Javascript Website Login Checker - /weird/javascript-website-login-checker.html
Mozilla Activex - www.iol.ie/~locka/mozilla/mozilla.htm
TagBruteForcer - /html/tools/RT20060801-3.html
PROTOS Test-Suite: c05-http-reply - ulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html
COMRaider - labs.idefense
bcheck - bcheck.scanit.be/bcheck/
Stop-Phishing: Projects page - www.indiana.edu/~phishing/?projects
LinkScanner - plabs/linkscanner/default.asp
BrowserCheck - uk/services/browsercheck/
Cross-browser Exploit Tests - www.jungsonnstudios/cool.php
Stealing information using DNS pinning demo - www.jumperz/index.php?i=2&a=1&b=7
Javascript Website Login Checker - /weird/javascript-website-login-checker.html
Mozilla Activex - www.iol.ie/~locka/mozilla/mozilla.htm
Jungsonn's Black Dragon Project - blackdragon.jungsonnstudios/
Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - /mr-t/
Vulnerable Adobe Plugin Detection For UXSS PoC - www.0x000000/?i=324
About Flash: is your flash up-to-date? - www.macromedia/software/flash/about/
Test your installation of Java software - java/en/download/installed.jsp?detect=jre&try=1
WebPageFingerprint - Light-weight Greasemonkey Fuzzer - /scripts/show/30285
PHP static analysis and file inclusion scanning
: Static analysis for PHP - /PHP/
Unl0ck Research Team: tool for searching in google for include bugs - unl0ck/tools.php
FIS: File Inclusion Scanner - /index.php?cat_id=3&cont_id=25
Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - /mr-t/
Vulnerable Adobe Plugin Detection For UXSS PoC - www.0x000000/?i=324
About Flash: is your flash up-to-date? - www.macromedia/software/flash/about/
Test your installation of Java software - java/en/download/installed.jsp?detect=jre&try=1
WebPageFingerprint - Light-weight Greasemonkey Fuzzer - /scripts/show/30285
PHP static analysis and file inclusion scanning
: Static analysis for PHP - /PHP/
Unl0ck Research Team: tool for searching in google for include bugs - unl0ck/tools.php
FIS: File Inclusion Scanner - /index.php?cat_id=3&cont_id=25
PHPSecAudit - developer.spikesource/projects/phpsecaudit
PHP Defensive Tools
PHPInfoSec - Check phpinfo configuration for security - /projects/phpsecinfo/
A Greasemonkey Replacement can be found at yehg/lab/#asemonkey
Php-Brute-Force-Attack Detector - Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. yehg/lab/pr0js/files.php/php_brute_force_detect.zip
PHP-Login-Info-Checker - Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?t
PHP Defensive Tools
PHPInfoSec - Check phpinfo configuration for security - /projects/phpsecinfo/
A Greasemonkey Replacement can be found at yehg/lab/#asemonkey
Php-Brute-Force-Attack Detector - Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. yehg/lab/pr0js/files.php/php_brute_force_detect.zip
PHP-Login-Info-Checker - Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?t
estlic
yehg/lab/pr0js/files.php/loginfo_checkerv0.1.zip
yehg/lab/pr0js/files.php/phploginfo_checker_demo.zip
php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. le/p/ddos-shield/
PHPMySpamFIGHTER - yehg/lab/pr0js/files.php/phpmyspamfighter.zip yehg/lab/pr0js/files.php/phpMySpamFighter_demo.rar
Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources
APIDS on Wikipedia - /wiki/APIDS
PHP Intrusion Detection System (PHP-IDS) - / le/p/
yehg/lab/pr0js/files.php/loginfo_checkerv0.1.zip
yehg/lab/pr0js/files.php/phploginfo_checker_demo.zip
php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. le/p/ddos-shield/
PHPMySpamFIGHTER - yehg/lab/pr0js/files.php/phpmyspamfighter.zip yehg/lab/pr0js/files.php/phpMySpamFighter_demo.rar
Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources
APIDS on Wikipedia - /wiki/APIDS
PHP Intrusion Detection System (PHP-IDS) - / le/p/
phpids/
dotnetids - le/p/dotnetids/
Secure Science InterScout - www.securescience/home/newsandevents/news/interscout1.0.html
Remo: whitelist rule editor for mod_security - remonea/
GotRoot: ModSecuirty rules - t/tiki-index.php?page=mod_security+rules
The Web Security Gateway (WSGW) - wsgw.sourceforge/
mod_security rules generator - noeljackson/tools/modsecurity/
Mod_Anti_Tamper - www.wisec.it/projects.php?id=3
[TGZ] Automatic Rules Generation for Mod_Security - www.wisec.it/rdr.php?fn=/
AQTRONIX WebKnight - www.aqtronix/?PageID=99
Akismet: blog spam defense - akismet/
Samoa: Formal tools for securing web services - research.microsoft/projects/sa
dotnetids - le/p/dotnetids/
Secure Science InterScout - www.securescience/home/newsandevents/news/interscout1.0.html
Remo: whitelist rule editor for mod_security - remonea/
GotRoot: ModSecuirty rules - t/tiki-index.php?page=mod_security+rules
The Web Security Gateway (WSGW) - wsgw.sourceforge/
mod_security rules generator - noeljackson/tools/modsecurity/
Mod_Anti_Tamper - www.wisec.it/projects.php?id=3
[TGZ] Automatic Rules Generation for Mod_Security - www.wisec.it/rdr.php?fn=/
AQTRONIX WebKnight - www.aqtronix/?PageID=99
Akismet: blog spam defense - akismet/
Samoa: Formal tools for securing web services - research.microsoft/projects/sa
moa/
Web services enumeration / scanning / fuzzing
WebServiceStudio2.0 - deplex/WebserviceStudio
Net-square: wsChess - net-square/wschess/index.shtml
WSFuzzer - /index.php/Category:OWASP_WSFuzzer_Project
SIFT: web method search tool - www.sift.au/73/171/sift-web-method-search-tool.htm
iSecPartners: WSMap, WSBang, etc - www.isecpartners/tools.html
Web application non-specific static source-code analysis
Pixy: a static analysis tool for detecting XSS vulnerabilities - www.seclab.tuwien.ac.at/projects/pixy/
Web services enumeration / scanning / fuzzing
WebServiceStudio2.0 - deplex/WebserviceStudio
Net-square: wsChess - net-square/wschess/index.shtml
WSFuzzer - /index.php/Category:OWASP_WSFuzzer_Project
SIFT: web method search tool - www.sift.au/73/171/sift-web-method-search-tool.htm
iSecPartners: WSMap, WSBang, etc - www.isecpartners/tools.html
Web application non-specific static source-code analysis
Pixy: a static analysis tool for detecting XSS vulnerabilities - www.seclab.tuwien.ac.at/projects/pixy/
Brixoft.Net: Source Edit - www.brixoft/prodinfo.asp?id=1
Security compass web application auditing tools (SWAAT) - /index.php/Category:OWASP_SWAAT_Project
An even more complete list here - u.edu/~aldrich/courses/654/tools/
A nice list that claims some demos available - u.edu/~aldrich/courses/413/tools.html
A smaller, but also good list - spinroot/static/
Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. /
Static analysis for C/C++ (CGI, ISAPI, etc) in web applications
RATS - www.securesoftware/resources/download_rats.html
ITS4 - www.cigital/its4/
FlawFinder - www.dwheeler/flawfinder/
Security compass web application auditing tools (SWAAT) - /index.php/Category:OWASP_SWAAT_Project
An even more complete list here - u.edu/~aldrich/courses/654/tools/
A nice list that claims some demos available - u.edu/~aldrich/courses/413/tools.html
A smaller, but also good list - spinroot/static/
Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. /
Static analysis for C/C++ (CGI, ISAPI, etc) in web applications
RATS - www.securesoftware/resources/download_rats.html
ITS4 - www.cigital/its4/
FlawFinder - www.dwheeler/flawfinder/
Splint - /
Uno - spinroot/uno/
BOON (Buffer Overrun detectiON) - www.cs.berkeley.edu/~daw/boon/ boon.sourceforge
Valgrind - /
Java static analysis, security frameworks, and web application security tools
LAPSE - suif.stanford.edu/~livshits/work/lapse/
HDIV Struts - /
Orizon - sourceforge/projects/orizon/
FindBugs: Find bugs in Java programs - findbugs.sourceforge/
PMD - pmd.sourceforge/
CUTE: A Concolic Unit Testing Engine for C and Java - osl.cs.uiuc.edu/~ksen/cute/
EMMA - emma.sourceforge/
Uno - spinroot/uno/
BOON (Buffer Overrun detectiON) - www.cs.berkeley.edu/~daw/boon/ boon.sourceforge
Valgrind - /
Java static analysis, security frameworks, and web application security tools
LAPSE - suif.stanford.edu/~livshits/work/lapse/
HDIV Struts - /
Orizon - sourceforge/projects/orizon/
FindBugs: Find bugs in Java programs - findbugs.sourceforge/
PMD - pmd.sourceforge/
CUTE: A Concolic Unit Testing Engine for C and Java - osl.cs.uiuc.edu/~ksen/cute/
EMMA - emma.sourceforge/
JLint - jlint.sourceforge/
Java PathFinder - javapathfinder.sourceforge/
Fujaba: Move between UML and Java source code - wwwcs.uni-paderborn.de/cs/fujaba/
Checkstyle - checkstyle.sourceforge/
Cookie Revolver Security Framework - sourceforge/projects/cookie-revolver
tinapoc - sourceforge/projects/tinapoc
jarsigner - java.sun/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
Solex - solex.sourceforge/
Java Explorer - metal.hurlant/jexplore/
HTTPClient - www.innovation.ch/java/HTTPClient/
another HttpClient - /commons/httpclient/
a list of code coverage and analysis tools for Java - mythinkpond.blogspot/2007/06/java-foss-freeopen-source-software.html
Java PathFinder - javapathfinder.sourceforge/
Fujaba: Move between UML and Java source code - wwwcs.uni-paderborn.de/cs/fujaba/
Checkstyle - checkstyle.sourceforge/
Cookie Revolver Security Framework - sourceforge/projects/cookie-revolver
tinapoc - sourceforge/projects/tinapoc
jarsigner - java.sun/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
Solex - solex.sourceforge/
Java Explorer - metal.hurlant/jexplore/
HTTPClient - www.innovation.ch/java/HTTPClient/
another HttpClient - /commons/httpclient/
a list of code coverage and analysis tools for Java - mythinkpond.blogspot/2007/06/java-foss-freeopen-source-software.html
Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET
Visual Studio 2008 Code Analysis, available in:
VSTS 2008 Development Edition (msdn.microsoft/vsts2008/products/bb933752.aspx) and
VSTS 2008 Team Suite (msdn.microsoft/vsts2008/products/bb933735.aspx)
Visual Studio 2005 Code Analyzer, available in:
Visual Studio 2005 Team Edition for Software Developers (msdn.microsoft/en-us/vstudio/aa718806.aspx)
Visual Studio 2005 Team Suite (msdn.microsoft/en-us/vstudio/aa718806.aspx)
Web Development Helper - www.nikhilk/Project.WebDevHelper.aspx
FxCop:
(blog) blogs.msdn/fxcop/
(download) code.msdn.microsoft/codeanalysis
Microsoft internal tools you can't have yet:
www.microsoft/windows/cse/pa_projects.mspx
research.microsoft/Pex/
/images/5/5b/OWASP_IL_7_FuzzGuru.pdf
Threat modeling
Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - www.microsoft/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
Amenaza: Attack Tree Modeling (SecurITree) - www.amenaza/software.php
Octotrike - /
Add-ons for Firefox that help with general web application security
Web Developer Toolbar - /firefox/60/
Plain Old Webserver (POW) - /firefox/3002/
www.microsoft/windows/cse/pa_projects.mspx
research.microsoft/Pex/
/images/5/5b/OWASP_IL_7_FuzzGuru.pdf
Threat modeling
Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - www.microsoft/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
Amenaza: Attack Tree Modeling (SecurITree) - www.amenaza/software.php
Octotrike - /
Add-ons for Firefox that help with general web application security
Web Developer Toolbar - /firefox/60/
Plain Old Webserver (POW) - /firefox/3002/
XML Developer Toolbar - /firefox/2897/
Public Fox - /firefox/3911/
XForms Buddy - beaufour.dk/index.php?sec=misc&pagename=xforms
MR Tech Local Install - h/extensions/local_install/
Nightly Tester Tools - uk/~dave/web/firefox/buildid/index.html
IE Tab - /firefox/1419/
User-Agent Switcher - /firefox/59/
ServerSwitcher - /firefox/2409/
HeaderMonitor - /firefox/575/jquery官方文档下载
RefControl - /firefox/953/
refspoof - /firefox/667/
No-Referrer - /firefox/1999/
LocationBar^2 - /firefox/4014/
SpiderZilla - /
Slogger - /en-US/firefox/addon/143
Public Fox - /firefox/3911/
XForms Buddy - beaufour.dk/index.php?sec=misc&pagename=xforms
MR Tech Local Install - h/extensions/local_install/
Nightly Tester Tools - uk/~dave/web/firefox/buildid/index.html
IE Tab - /firefox/1419/
User-Agent Switcher - /firefox/59/
ServerSwitcher - /firefox/2409/
HeaderMonitor - /firefox/575/jquery官方文档下载
RefControl - /firefox/953/
refspoof - /firefox/667/
No-Referrer - /firefox/1999/
LocationBar^2 - /firefox/4014/
SpiderZilla - /
Slogger - /en-US/firefox/addon/143
Fire Encrypter - /firefox/3208/
Add-ons for Firefox that help with Javascript and Ajax web application security
Selenium IDE - /selenium-ide/
Firebug - www.joehewitt/software/firebug/
Venkman - /projects/venkman/
Chickenfoot - groups.csail.mit.edu/uid/chickenfoot/
Greasemonkey - asespot/
Greasemonkey compiler - www.letitblog/greasemonkey-compiler/
User script compiler - arantius/misc/greasemonkey/script-compiler
Extension Developer's Extension (Firefox Add-on) - /code/mozilla/extensiondev/
Smart Middle Click (Firefox Add-on) - /en-US/firefox/addon/3885/
Add-ons for Firefox that help with Javascript and Ajax web application security
Selenium IDE - /selenium-ide/
Firebug - www.joehewitt/software/firebug/
Venkman - /projects/venkman/
Chickenfoot - groups.csail.mit.edu/uid/chickenfoot/
Greasemonkey - asespot/
Greasemonkey compiler - www.letitblog/greasemonkey-compiler/
User script compiler - arantius/misc/greasemonkey/script-compiler
Extension Developer's Extension (Firefox Add-on) - /code/mozilla/extensiondev/
Smart Middle Click (Firefox Add-on) - /en-US/firefox/addon/3885/
Bookmarklets that aid in web application security
RSnake's security bookmarklets - /bookmarklets.html
BMlets - optools.awardspace/bmlet.html
Huge list of bookmarklets - www.squarefree/bookmarklets/
Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - www.blummy/
Bookmarklets every blogger should have - www.micropersuasion/2005/10/bookmarklets_ev.html
Flat Bookmark Editing (Firefox Add-on) - n01se/chouser/proj/mozhack/
OpenBook and Update Bookmark (Firefox Add-ons) - www.chuonthis/extensions/
SSL certificate checking / scanning
[ZIP] THCSSLCheck - /root/tools/THCSSLCheck.zip
[ZIP] Foundstone SSLDigger - www.foundstone/us/resources/termsofuse.asp?file=ssldigger.zip
Cert Viewer Plus (Firefox Add-on) - /firefox/1964/
Honeyclients, Web Application, and Web Proxy honeypots
Honeyclient Project: an open-source honeyclient - /trac/
HoneyC: the low-interaction honeyclient - honeyc.sourceforge/
Capture: a high-interaction honeyclient - capture-hpc.sourceforge/
Google Hack Honeypot - ghh.sourceforge/
PHP.Hop - PHP Honeynet Project - /phphop/
SpyBye - /~provos/spybye/
Honeytokens - www.securityfocus/infocus/1713
[ZIP] THCSSLCheck - /root/tools/THCSSLCheck.zip
[ZIP] Foundstone SSLDigger - www.foundstone/us/resources/termsofuse.asp?file=ssldigger.zip
Cert Viewer Plus (Firefox Add-on) - /firefox/1964/
Honeyclients, Web Application, and Web Proxy honeypots
Honeyclient Project: an open-source honeyclient - /trac/
HoneyC: the low-interaction honeyclient - honeyc.sourceforge/
Capture: a high-interaction honeyclient - capture-hpc.sourceforge/
Google Hack Honeypot - ghh.sourceforge/
PHP.Hop - PHP Honeynet Project - /phphop/
SpyBye - /~provos/spybye/
Honeytokens - www.securityfocus/infocus/1713
Blackhat SEO and maybe some whitehat SEO
SearchStatus (Firefox Add-on) - www.quirk.biz/searchstatus/
SEO for Firefox (Firefox Add-on) - tools.seobook/firefox/seo-for-firefox.html
SEOQuake (Firefox Add-on) - www.seoquake/
Footprinting for web application security
Evolution - www.paterva/evolution-e.html
GooSweep - wsecurity/projects/goosweep/
Aura: Google API Utility Tools - www.sensepost/research/aura/
Edge-Security tools - www.edge-security/soft.php
Fierce Domain Scanner - /fierce/
Googlegath - /perl/googlegath/
Advanced Dork (Firefox Add-on) - /firefox/2144/
Passive Cache (Firefox Add-on) - /firefox/977/
CacheOut! (Firefox Add-on) - /en-US/firefox/addon/1453/
BugMeNot Extension (Firefox Add-on) - roachfiend/archives/2005/02/07/bugmenot/
TrashMail Extension (Firefox Add-on) - /en-US/firefox/addon/1813/
DiggiDig (Firefox Add-on) - /en-US/firefox/addon/2819/
Digger (Firefox Add-on) - /en-US/firefox/addon/1467/
Database security assessment
Scuba by Imperva Database Vulnerability Scanner - www.imperva/scuba/
Passive Cache (Firefox Add-on) - /firefox/977/
CacheOut! (Firefox Add-on) - /en-US/firefox/addon/1453/
BugMeNot Extension (Firefox Add-on) - roachfiend/archives/2005/02/07/bugmenot/
TrashMail Extension (Firefox Add-on) - /en-US/firefox/addon/1813/
DiggiDig (Firefox Add-on) - /en-US/firefox/addon/2819/
Digger (Firefox Add-on) - /en-US/firefox/addon/1467/
Database security assessment
Scuba by Imperva Database Vulnerability Scanner - www.imperva/scuba/
Browser Defenses
DieHard - /
LocalRodeo (Firefox Add-on) - databasement/labs/localrodeo/
NoMoXSS - www.seclab.tuwien.ac.at/projects/jstaint/
Request Rodeo - /projects/requestrodeo
FlashBlock (Firefox Add-on) - /
CookieSafe (Firefox Add-on) - /en-US/firefox/addon/2497
NoScript (Firefox Add-on) - script/
FormFox (Firefox Add-on) - /en-US/firefox/addon/1579/
Adblock (Firefox Add-on) - /
httpOnly in Firefox (Firefox Add-on) - /archives/40-httpOnly-Cookies-in-Firefox-2.0.html
SafeCache (Firefox Add-on) - www.safecache/
SafeHistory (Firefox Add-on) - www.safehistory/
PrefBar (Firefox Add-on) - /
DieHard - /
LocalRodeo (Firefox Add-on) - databasement/labs/localrodeo/
NoMoXSS - www.seclab.tuwien.ac.at/projects/jstaint/
Request Rodeo - /projects/requestrodeo
FlashBlock (Firefox Add-on) - /
CookieSafe (Firefox Add-on) - /en-US/firefox/addon/2497
NoScript (Firefox Add-on) - script/
FormFox (Firefox Add-on) - /en-US/firefox/addon/1579/
Adblock (Firefox Add-on) - /
httpOnly in Firefox (Firefox Add-on) - /archives/40-httpOnly-Cookies-in-Firefox-2.0.html
SafeCache (Firefox Add-on) - www.safecache/
SafeHistory (Firefox Add-on) - www.safehistory/
PrefBar (Firefox Add-on) - /
All-in-One Sidebar (Firefox Add-on) - /en-US/firefox/addon/1027/
web file checker (Firefox Add-on) - /firefox/4115/
Update Notified (Firefox Add-on) - /en-US/firefox/addon/2098/
FireKeeper - /
Greasemonkey: XSS Malware Script Detector - yehg/lab/#asemonkey
Browser Privacy
TrackMeNot (Firefox Add-on) - /firefox/3173/
Privacy Bird - www.privacybird/
Application and protocol fuzzing (random instead of targeted)
Sulley - /
web file checker (Firefox Add-on) - /firefox/4115/
Update Notified (Firefox Add-on) - /en-US/firefox/addon/2098/
FireKeeper - /
Greasemonkey: XSS Malware Script Detector - yehg/lab/#asemonkey
Browser Privacy
TrackMeNot (Firefox Add-on) - /firefox/3173/
Privacy Bird - www.privacybird/
Application and protocol fuzzing (random instead of targeted)
Sulley - /
taof: The Art of Fuzzing - sourceforge/projects/taof/
zzuf: multipurpose fuzzer - /zzuf/
autodafé: an act of software torture - autodafe.sourceforge/
EFS and GPF: Evolutionary Fuzzing System - www.appliedsec/resources.html
zzuf: multipurpose fuzzer - /zzuf/
autodafé: an act of software torture - autodafe.sourceforge/
EFS and GPF: Evolutionary Fuzzing System - www.appliedsec/resources.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论