Most Popular
DAVTest v1.0 - WebDAV Application
DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.
Fuzzdb v1.07 released
A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
Bruter v1.0 - parallel network login brute-forcer
Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
Fuzzdb updated to v1.06
A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
fuzzdb v1.05 - Attack and Discovery Pattern Database
A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
Windows Autopwn (winAUTOPWN) v2.2 released
winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
PyLoris Denial of Service Web Testing v3.0 in the wild
PyLoris is a tool for testing a web server’s vulnerability to a particular class of Denial of Service (DoS) attacks. It uses the Slowloris method; by using all available connections, web servers cannot complete valid requests.
Vicnum v1.4 released
A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues.
Social-Engineering Ninja v0.1 Beta - PHP scripts
S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP.
SpiderLabs Toolset for Pentesting
SpiderLabs has developed dozens of tools over the years. Most of them end up as internal-only tools since they eventually make their way into one of Trustwave’s product offerings. Recently, we have decided to showcase some of these tools and provide them as Open Source to the information security community. The tools have been made available without warranty and are available under the GNU General Public License as published by the Free Software Foundation.
WebRaider v0.2.3.8 - One Click Ownage
WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.
Windows Autopwn (winAUTOPWN) v2.1 released
winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
No More and 1=1 v0.3 - repository of SQLi/XSS
In order to minimize the time required to type malicious syntax and have a handy repository of it M, this small tool that we hence call No more and 1=1.
Damn Vulnerable Web App (Live CD) v1.0.6 - released
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Nsploit - Popping boxes with Nmap
Nsploit it allows to pass through nmap to Metasploit and then execute some exploit.
NetReconn v1.76 released
A small set of tools based on previous reference programs and scripts. Currently consists of: tiny network strobe, sniffer and payload decoder.
NetReconn v1.75 released
A small set of tools based on previous reference programs and scripts. Currently consists of: tiny network strobe, sniffer and payload decoder.
Eclipse HTTP Client (HTTP4e) v2.0 available
Eclipse HTTP Client (HTTP4e) is an Eclipse plugin formaking HTTP and RESTful calls. Build with user experience in mind, it simplifies the developer/QA job of testing Web Services, REST, JSON and HTTP. It is a useful tool for your daily job of HTTP header tampering and hacking.
Web Security Dojo v0.2 released
An open source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. For learning and practicing web app security testing techniques. It does
not need a network connection since it contains tools, targets, and
documentation. Thus making it ideal for training classes and conferences.