|(9 %)||Sandcat v4.0 released|
|(7 %)||MacNikto v1.01 boosting OSX with Nikto capabilities|
|(6 %)||(update) Skipfish Active web application scanner v1.29b released|
|(5 %)||Vordel SOAPbox for analyzing Webservices Security|
|(5 %)||WhatWeb v0.4 - released|
Secure Auditor is a Unified Risk Management Solution which
enables user to perform enumeration, scanning, auditing, penetration
testing and forensics on different operational systems from single console with 30 embedded utilities Secure Auditor Version performs audit on Oracle, MSSQL, Windows and Cisco Routers, presents vulnerability specification, prioritizes risk levels, and provide step by step methods of mitigation.
sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or userâ€™s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
Webshag (the Free Web Server Audit Tool) is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
Watcher (The Open source Web Security Testing Tool and PCI compliancy auditing utility) is a runtime passive-analysis tool for HTTP-based Web applications. It detects Web-application security issues as well as operational configuration issues.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated
Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to debug the content of your HTTPS sessions.
Sandcat allows web administrators to perform aggressive and comprehensive scans of an organizationâ€™s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities
w3af, is a Web Application Attack and Audit Framework. The w3af core and itâ€™s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much
SEAT (Search Engine Assessment Tool) is the next generation
information digging application geared toward the needs of security
professionals. SEAT uses information stored in search engine databases,
cache repositories, and other public resources to scan a site for potential
sqlmap is an open source command-line automatic SQL injection tool
developed in Python. Its goal is to detect and take advantage of SQL
injection vulnerabilities on web applications. Once it detects one or
more SQL injections on the target host, the user can choose among a
variety of options to perform an extensive back-end database
management system fingerprint, retrieve DBMS session user and
database, enumerate users, password hashes, privileges, databases,
dump entire or user’s specific DBMS tables/columns, run his own SQL
statement, read specific files on the file system and more.
FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
The primary goal of Pantera is to combine automated capabilities with complete manual testing to get the best penetration testing results.
Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.
Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as Nikto but adds various interesting pieces of functionality, such as a Back-End miner and close Google integration.
SAPYTO is a SAP Penetration Testing Framework. It enables security professionals to perform security assessments of different components of SAP R/3 deployments. Presented at Blackhat Europe 2007, it was shipped with many plugins to analyze the security of the RFC interface implementation of SAP systems. The plugin-based architecture enables users to develop their own plugins, extending functionality and allowing the framework to detect new vulnerabilities.
XCobra is a web application scanner utility written in python and GTK.
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.