Category Application Scanner

Netsparker 1.3.0.0 in the wild

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.

Read More

(Update) Skipfish Active web application scanner v1.08 beta just released

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.

Read More

Focus on MacNikto v1.1.1

MacNikto is an AppleScript GUI shell script wrapper built in Apple’s Xcode and Interface Builder, released under the terms of the GPL. It provides easy access to a subset of the features available in the Open Source, command-line driven Nikto web security scanner, installed along with the MacNikto application.

Read More

W3AF ported to FreeBSD

w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much

Read More

FireCAT v1.6.2 updated with Framework Detector

Read More

XSSploit XSS scanner multiplatfom v0.5 available

XSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.

Read More

WhatWeb v0.4 - released

Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.

Read More

fimap v0.8a released

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s is currently under heavy development but it’s usable.

Read More

Vordel SOAPbox for analyzing Webservices Security

SOAPbox is a Web services testing tool, which supports both SOAP-based and REST-based invocation modes. It shares some of its architecture with the Vordel XML Gateway, especially for security features or policy creation.

Read More

FireCAT v1.6 updated with 4 Firebug add-ons

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment. FireCAT is not a remplacement of other security utilities and softwares as well as fuzzers, proxies and application vulnerabilities scanners.

Read More

Eclipse HTTP Client (HTTP4e) v3.0 available

Eclipse HTTP Client (HTTP4e) is an Eclipse plugin formaking HTTP and RESTful calls. Build with user experience in mind, it simplifies the developer/QA job of testing Web Services, REST, JSON and HTTP. It is a useful tool for your daily job of HTTP header tampering and hacking.

Read More

DirBuster v1.0 RC 1 - released

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Read More

Samurai Web Testing Framework 0.8 available

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Read More

Websecurify v0.5 Final

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.

Read More

Acunetix WVS v6.5 build 20100303 released

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

Read More

Websecurify v0.5 RC 1 released

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.

Read More

Web Security Dojo v1.0 released

Web Security Dojo is a turnkey web application security lab with tools,
targets, and training materials built into a Virtual Machine(VM).
It is ideal for both self-instruction and training classes since
everything is pre-configured and no external network connection is
needed. All tools and targets are configured to use non-conflicting
ports and a Firefox proxy switcher is set up to match.

Read More

Watcher Web Security Scanning tool v1.3.0 available

Watcher (The Open source Web Security Testing Tool and PCI compliancy auditing utility) is a runtime passive-analysis tool for HTTP-based Web applications. It detects Web-application security issues as well as operational configuration issues.

Read More

Websecurify v0.5 Beta 1 released

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.

Read More

SSL/TLS Audit version Alpha

SSL Audit scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS and can detect all known cipher suites over all SSL and TLS versions.

Read More
1 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10