Security Dashboard
Latest addition – Sunday 1 August 2010.
(10 %) : Netsparker Final Beta (v0.9.9.9935) - Web App Security Scanner
(6 %) : SpiderLabs Toolset for Pentesting
(6 %) : Bruter v1.0 - parallel network login brute-forcer
(5 %) : Damn Vulnerable Web App (Live CD) v1.0.6 - released
(5 %) : SSHatter v1.0 - Password brute forcer for SSH
DAVTest v1.0 - WebDAV Application
Saturday 1 May 2010 - 422 read - ( Keywords : Attack
,
DAVTest
,
Exploitation
,
Penetration testing & Ethical Hacking )
DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.
Fuzzdb v1.07 released
Thursday 29 April 2010 - 538 read - ( Keywords : Attack
,
Bruteforcers
,
Fuzzdb
,
Fuzzers )
A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
Bruter v1.0 - parallel network login brute-forcer
Monday 26 April 2010 - 981 read - ( Keywords : Attack
,
Bruteforcers
,
Bruter
,
Password Cracking )
Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
Fuzzdb updated to v1.06
Sunday 25 April 2010 - 304 read - ( Keywords : Attack
,
Bruteforcers
,
Fuzzdb
,
Fuzzers )
A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
fuzzdb v1.05 - Attack and Discovery Pattern Database
Monday 19 April 2010 - 512 read - ( Keywords : Attack
,
Bruteforcers
,
Fuzzdb
,
Fuzzers )
A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
Windows Autopwn (winAUTOPWN) v2.2 released
Monday 12 April 2010 - 1042 read - ( Keywords : Attack
,
Exploitation
,
Framework
,
winAUTOPWN )
winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
PyLoris Denial of Service Web Testing v3.0 in the wild
Thursday 8 April 2010 - 580 read - ( Keywords : Attack
,
Configurations checks
,
PyLoris )
PyLoris is a tool for testing a web server’s vulnerability to a particular class of Denial of Service (DoS) attacks. It uses the Slowloris method; by using all available connections, web servers cannot complete valid requests.
Vicnum v1.4 released
Monday 29 March 2010 - 308 read - ( Keywords : Attack
,
Exploitation
,
Framework
,
Vicnum )
A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues.
Social-Engineering Ninja v0.1 Beta - PHP scripts
Thursday 11 March 2010 - 1650 read - ( Keywords : Attack
,
S-E Ninja
,
Stupidity )
S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP.
SpiderLabs Toolset for Pentesting
Sunday 7 March 2010 - 1332 read - ( Keywords : Attack
,
Exploitation
,
Network Discovery
,
Penetration testing & Ethical Hacking )
SpiderLabs has developed dozens of tools over the years. Most of them end up as internal-only tools since they eventually make their way into one of Trustwave’s product offerings. Recently, we have decided to showcase some of these tools and provide them as Open Source to the information security community. The tools have been made available without warranty and are available under the GNU General Public License as published by the Free Software Foundation.
WebRaider v0.2.3.8 - One Click Ownage
Monday 1 March 2010 - 759 read - ( Keywords : Attack
,
Exploitation
,
Penetration testing & Ethical Hacking
,
WebRaider )
WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.
Windows Autopwn (winAUTOPWN) v2.1 released
Sunday 28 February 2010 - 1134 read - ( Keywords : Attack
,
Exploitation
,
Framework
,
winAUTOPWN )
winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
No More and 1=1 v0.3 - repository of SQLi/XSS
Wednesday 24 February 2010 - 770 read - ( Keywords : Attack
,
Exploitation
,
Local auditing
,
No More and 1=1 )
In order to minimize the time required to type malicious syntax and have a handy repository of it M, this small tool that we hence call No more and 1=1.
Damn Vulnerable Web App (Live CD) v1.0.6 - released
Wednesday 24 February 2010 - 1149 read - ( Keywords : Attack
,
DVWA
,
Exploitation
,
Framework )
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Nsploit - Popping boxes with Nmap
Tuesday 23 February 2010 - 884 read - ( Keywords : Attack
,
Exploitation
,
Nsploit
,
Penetration testing & Ethical Hacking )
Nsploit it allows to pass through nmap to Metasploit and then execute some exploit.
NetReconn v1.76 released
Friday 12 February 2010 - 470 read - ( Keywords : Attack
,
Connectivity
,
Data Sniffer
,
NetReconn )
A small set of tools based on previous reference programs and scripts. Currently consists of: tiny network strobe, sniffer and payload decoder.
NetReconn v1.75 released
Tuesday 19 January 2010 - 564 read - ( Keywords : Attack
,
Connectivity
,
Data Sniffer
,
NetReconn )
A small set of tools based on previous reference programs and scripts. Currently consists of: tiny network strobe, sniffer and payload decoder.
SSHatter v1.0 - Password brute forcer for SSH
Wednesday 16 December 2009 - 776 read - ( Keywords : Attack
,
Bruteforcers
,
SSHatter )
Password brute forcer for SSH.
Eclipse HTTP Client (HTTP4e) v2.0 available
Saturday 28 November 2009 - 620 read - ( Keywords : Application Scanner
,
Attack
,
Enumeration
,
Fuzzers
,
HTTP4e )
Eclipse HTTP Client (HTTP4e) is an Eclipse plugin formaking HTTP and RESTful calls. Build with user experience in mind, it simplifies the developer/QA job of testing Web Services, REST, JSON and HTTP. It is a useful tool for your daily job of HTTP header tampering and hacking.
Web Security Dojo v0.2 released
Sunday 8 November 2009 - 1346 read - ( Keywords : Application Scanner
,
Attack
,
LiveCD
,
Local auditing
,
Web Security Dojo )
An open source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. For learning and practicing web app security testing techniques. It does not need a network connection since it contains tools, targets, and documentation. Thus making it ideal for training classes and conferences.
0 | 20
