Most Popular
SQLNinja v0.2.5 released!
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
WhatWeb just updated to v0.4.2
WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver
WhatWeb v0.4.1 - released
Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.
NSIA (Network System Integrity Analysis) v0.8.99 released
The ThreatFactor NSIA is a website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. ThreatFactor detects issues remotely and therefore requires no software to install, does not introduce any latency and will not interrupt business operations.
Acunetix WVS v6.5 build 20100419 released
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
Skipfish v1.33b released
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
Sandcat v4.0 released
Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.
Burp Suite Pro v1.3.02 released
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
Acunetix WVS v6.5 build 20100407 released
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
Netsparker® Free Community Edition released
Netsparker Community Edition is False Positive Free and can detect both SQL Injection and Cross-site Scripting issues better than many other scanners.
Netsparker Community Edition also detects many other vulnerabilities such as finding and reporting backup files, source code disclosures, Crossdomain.xml issues, SVN/CVS disclosures, internal path disclosures, error messages and many more.
(update) Skipfish Active web application scanner v1.29b released
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
CMS Explorer v1.0 released - Discover the CMS components behind the site -
CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
W3AF v1.0-rc3 released
w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much
Seccubus v1.4.1 released
Seccubus automates regular vulnerability scans with Nessus and OpenVAS and provides delta reporting.
ZeroDayScanner SaaS Free Security Scan Service
ZeroDayScan is a free security web scanning service brought to you by experienced security experts. The service is provided free of charge.
Burp Suite v1.3.01 released
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
Focus on scRUBYt! v0.4.11 the powerful web scraping tool
scRUBYt! is a simple but powerful web scraping toolkit written in Ruby. It’s purpose is to free you from the drudgery of web page crawling, looking up HTML tags, attributes, XPaths, form names and other typical low-level web scraping stuff by figuring these out from your examples copy’n’pasted from the Web page or straight from Firebug.
SQLFury SQL Injection for Adobe Air runtime v1.1.6 availabe
SQLFury is an injection scanner that uses blind SQL injection techniques to extract information from a target database. It targets Air Abobe AIR Runtime
Burp Intruder Botox announces many improvements
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.