some security_tool
1、Mitmproxy: 自己用过,支持ssl代理,可以调试http通信,中间人拦截等。还提供了一些接口可以自己编写自己的程序用于动态拦截和编辑http数据包。 地址:http://mitmproxy.org/(需要翻墙)
2、Hardanger:基于Fiddler2的web应用程序渗透测试工具,具备多项基于Http协议的Fuzz功能。 地址:http://hardanger.codeplex.com/releases/view/81426
3、Extreme GPU Bruteforcer:一款利用GPU的hash破解工具,支持多种类型的hash,可以自定义,通过ini文件配置,支持爆破、字典以及混合破解等模式。 地址:http://www.insidepro.com/
4、Taint-0.3.0(A XSS codes sniffer)released:这是一款能检测php应用程序中xss漏洞的php扩展。 地址:http://www.laruence.com/2012/02/18/2560.html 最新版本地址:http://pecl.php.net/package/taint
5、Intersect:Intersect 2.0是一个用于Post-Exploitation过程中自动收集和报告相关信息的python脚本。当你获取一个目标的权限以后,Intersect可以自动完成多种任务,包括收集密码文件,拷贝SSH key,列举进程等。 地址:暂无()
6、DPScan:目前Ali Elouafiq发布了针对Drupal的安全扫描工具DPScan,程序的主要功能是扫描Drupal系统使用了那些模块,帮助安全审计或渗透测试人员尽可能快的收集信息。 地址:暂无
7、SQLol 0.3.1:SQLol是一个可配置的SQL注入测试平台,用于演示SQL注入漏洞以及进行相关学习。 地址:https://github.com/SpiderLabs/SQLol
8、Naxsi 0.43:Naxsi是一个开放源代码、高效、低维护规则的Nginx web应用防火墙(waf)模块。Naxsi的主要目标是帮助人们加固他们的web应用程序,以抵御SQL注入、跨站脚本、跨域伪造请求、本地和远程文件包含漏洞。 地址:https://code.google.com/p/naxsi/
9、 joomScan:joomScan是一个使用python脚本编写的joomla漏洞扫描工具。它使用了已知joomla系统及插件漏洞对目标网站进行探测扫描,如果目标网站返回一定的特征,则认为漏洞存在。目前joomScan的漏洞数量已经有550个,包含系统及其插件的漏洞。 地址:http://m.weibo.cn/h2w/redirect?u=http%3A%2F%2Fweb-center.si%2Fjoomscan%2Fjoomscan.tar.gz
10、Cppcheck:Cppcheck是一款静态c/c++源代码分析工具。与其C/C++编译器和许多其它分析工具不同的是它并不检测代码的语法错误,Cppcheck的主要目标是检测常规编译器无法检测的bug。比如数组越界,比如内存泄露,比如没有初始化的变量等等。 地址:http://cppcheck.sourceforge.net/
11、McAfee Stinger 10.2.0.500:McAfee公司出品的一款免费病毒清理工具:McAfee AVERT Stinger,是一款单独用来检测和杀除特定病毒的软件,它并不同于那种实时防病毒软件,而更像是一种能帮助管理员对付已经受感染的系统,它使用的是下一代扫描引擎。 地址:http://home.mcafee.com/virusinfo/default.aspx?id=stinger&culture=en-US
12、Apache Shiro:Apache Shiro是一款强大和易于使用的java安全框架,它提供了认证、加密和会话管理功能并提供了一套易于理解的API。使用Apache Shiro可以快速容易的加固java应用程序。 地址:http://www.apache.org/dyn/closer.cgi/shiro/1.2.0/
13、MySQLPasswordAuditor:MySQLPasswordAuditor是一款MySQL密码工具,当你忘记Mysql数据密码时,MysqlPasswordAuditor能够帮助你容易的恢复它。MySQLPasswordAuditor是可以帮助你审计MySQL数据库的配置,看是否存在弱密码。 地址:http://m.weibo.cn/h2w/go?u=http%3A%2F%2Fsecurityxploded.net%2Fgetfile.php%3Ffile%3DMysqlPasswordAuditor.zip&to=&from=client&urlId=7da9fe81decf0186&fs=12&signUrl=4bb9bdeed7&shortUrl=http%3A%2F%2Ft.cn%2FzO7r6zU
14、SSL scanner - SSLyze:SSLyze是一款使用python实现的ssl扫描工具,它可以扫描出SSL中一些经典的配置错误。SSLyze还为高级用户提供了一个简单的插件接口,使得用户可以自由定制SSLyze。 地址:https://code.google.com/p/sslyze/downloads/list
15、dumpdecrypted:Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption. SE出品。这个工具就是破解appstore下载程序的DRM,比gdb脚本好用。 地址:https://github.com/stefanesser/dumpdecrypted
16、SWF文件分析工具 - xxxswf.py:xxxswf是一款python写的小工具,它可以用于Flash SWF文件的分析、扫描,压缩和解压缩。xxxswf可以扫描单个swf文件、文档中嵌入的多个swf文件和目录下的所有文件。话说yara这个模块很强大啊 地址:http://m.weibo.cn/h2w/go?u=http%3A%2F%2Fcodepad.org%2Fhosku69i%2Fraw.py&to=&from=client&urlId=7da9fe81decf0186&fs=12&signUrl=a0a03d5f4d&shortUrl=http%3A%2F%2Ft.cn%2FStJDil
17、IOS设备取证分析工具 - Lantern Lite:Lantern Lite是第一款MAC上基于GUI的IOS Imager,主要用于IOS设备上的物理数据取证分析。请IOS达人测试分析。 地址:http://lanternlite.org/lantern-lite/leo-requests
18、SQL注入工具 - NTO SQL Invader 地址:http://go.ntobjectives.com/l/8672/2011-12-01/DRMN
19、CSRFScanner : 找出潜在的CSRF/ XSRF的漏洞。 地址:http://ssv.sebug.net/CSRFScanner
20、XssScanner :旨在帮助渗透测试人员发现跨站点脚本漏洞。 地址:http://ssv.sebug.net/XssScanner
21、php-vulnerability-hunter: 一款白盒fuzz工具,测试常见的php应用漏洞。感兴趣的同学可以尝试下,也不用抱太大希望~ 地址:https://code.google.com/p/php-vulnerability-hunter/
22、RTSP协议fuzz工具 - rtspFUZZ: rtspFUZZ提供了一个可以扩展的fuzz框架,支持按需控制音频和视频实时数据的传输。rtspFUZZ可用于RTSP协议的漏洞挖掘。 地址:http://packetstormsecurity.com/files/author/9123/
23、CapTipper:是一款Python工具,可对HTTP恶意流量进行分析、检测及还原。可为安全研究人员提供便捷的文件、网络流量访问权限,对研究漏洞来说也是有用的。 地址:http://bobao.360.cn/learning/detail/213.html 最新下载地址:
24、在线数据包分析实现 – Online Pcap Analyzer:厌倦了Wireshark看数据包?想寻求更酷更直观的在线数据包分析实现姿势? 也许Pcap-Analyzer是你的不错选择。 地址: https://github.com/le4f/pcap-analyzer
25、程序动态分析工具——PinTools:国外安全研究人员将一些基于Pin动态分析框架编写出来的工具开源到GitHub,并在其博客上讲解各工具的技术原理。其中包括格式化字符串检测、溢出检测、UAF检测、内存Fuzzing及污点追踪等多项自动化程序分析功能。 地址:https://github.com/JonathanSalwan/PinTools
26、OSSAMS:OSSAMS是一款风险评估辅助工具。OSSAMS能够把安全风险评估和渗透测试过程中的安全扫描数据文件和其他一些数据集中管理。OSSAMS已经支持的工具:acunetix, burp, nikto, nmap, ratproxy, skipfish, w3af, wapiti等。 地址:http://www.ossams.com/?page_id=46
27、SSH 蜜罐 - Kippo:Kippo是一个中等交互的SSH蜜罐,主要设计用来记录暴力破解攻击。另外,最重要的是Kippo提供了一个可供攻击者操作的shell。 地址:https://code.google.com/p/kippo/
28、PHPXref:PHPXref是一个PHP开发辅助工具,通过对PHP项目源代码进行扫描,能够将源代码中的函数变量等调用过程生成一份交叉引用的HTML文件,在这个HTML文件中可以看到函数是在哪里定义的,在哪里被调用。这套程序能在安全上做出什么贡献就不说咯~读代码的都会懂 地址:http://phpxref.sourceforge.net/
29、开源监控系统 - Shinken: Shinken是一款类似于Nagios的开源监控工具。 地址:http://www.shinken-monitoring.org/download/
30、The Skip Tracing Framework : The Skip Tracing Framework是一个在线工具集,主要提供一些在线的信息搜集工具或者脚本。在网络渗透过程中,信息收集是很关键的第一步。 地址:https://makensi.es/stf/
31、快速内存检测工具 - AddressSanitizer:在exp编写过程中,内存地址空间的监视是十分重要的,这个工具可以让我们知道非法内存访问的地址,在哪个位置可以执行任意代码等。这个工具是用来进行内存泄漏检测的,目前Chrome项目在用它,速度比Valgrind要快很多。 地址:https://code.google.com/p/address-sanitizer/source/checkout
32、SSL扫描工具 - TLSSLed:TLSSLed是一个Linux shell脚本,它的功能是测试目标SSL/TLS(HTTPS)WEB 服务器的安全性。 地址:http://www.taddong.com/tools/TLSSLed_v1.2.sh
33、RIPS:很有名的PHP源代码审计工具。 地址:http://sourceforge.net/projects/rips-scanner/
34、Brup suite:不用说了,用的太多了。
35、Zexplo: Zexplo是一款基于python的渗透测试工具包,它还包含了一些常用工具,如进程注入和shellcode编码工具。 地址:http://securityxploded.com/download.php#zexplo
36、逆向工程资源包: 地址:http://portal.b-at-s.net/download.php
37、exploitpack: 一套开源的exploit框架,类似于MSF,javaGUI界面,python引擎。官方提供演示视频。 界面不错,功能比较齐全,shellcode较少。这种集成框架其实真的不错,开源可扩展。黑客们用的着,感兴趣程序员也能学习下源代码,乙方厂商也可拿来测试设备的误报漏报。03年写了一个,比msf先进的地方有对0day等有保护措施,对整个渗透测试有规划。 地址:暂无
38、在线渗透测试网站:这个网站提供了很多在线的渗透测试工具页面,比如在线扫描后台地址,端口,VNC,LFI,SQL注入等等 地址:http://www.subhashdasyam.com/
39、Social Engineer Toolkit介绍:SET的主要目的是对多个社会工程攻击工具实现自动化和改良。自动生成exp文件,批量发送钓鱼邮件等 地址:http://m.weibo.cn/h2w/go?u=http%3A%2F%2Fwww.exploit-db.com%2Fdownload_pdf%2F17701&to=&from=client&urlId=7da9fe81decf0186&fs=12&signUrl=393668d6e1&shortUrl=http%3A%2F%2Ft.cn%2FansKGL
40、owasp-goatdroid:网页链接 oatdroid是一个为了向WebGoat致敬的项目。提供了一整套存在安全问题的模拟Android平台,帮助安全爱好者学习和体验基于Android系统的应用安全。在目前发布的第一版本将不提供安全漏洞解决方案,鼓励研究人员自行发掘并解决漏洞。 地址:暂无
41、fuzzdb:fuzzdb是一个应用程序模糊测试(fuzzing)数据库,该数据库收集了大量已知的攻击模式,如XSS,Xpath注入,SQL注入,XML攻击,本地文件包含,路径遍历,远程文件包含,ldap攻击,格式化字符串,http协议攻击等。 地址:https://code.google.com/p/fuzzdb/downloads/detail?name=fuzzdb-1.09.tgz&can=2&q=
42、Apache Tomcat远程Exploit&默认帐户扫描工具: tomcatremote是一款针对Tomcat PUT请求的远程利用工具,利用成功后在目标上安装一个shell。 地址:http://m.weibo.cn/h2w/go?u=http%3A%2F%2Fwww.derkeiler.com%2FMailing-Lists%2FFull-Disclosure%2F2012-03%2FzipqSXJmY2qrv.zip&to=&from=client&urlId=7da9fe81decf0186&fs=12&signUrl=d808143963&shortUrl=http%3A%2F%2Ft.cn%2FzOJkjHC
43、web渗透测试工具 - Vanguard: Vanguard是一款使用Perl编写的全面的渗透测试工具,它可以检测web应用程序中的漏洞。 地址:
44、协议fuzzing tookit - backfuzz: backfuzz是一款可以用于fuzz多种不同协议(如FTP、HTTP、IMAP)的安全工具等等,但它不仅仅支持协议fuzz,还可以通过插件的方式扩展其功能,使它支持协议之外的fuzz,如文件fuzz。 地址:https://github.com/localh0t/backfuzz
45、python docx文档解析模块 - pywordform: pywordform是一款python模块,用于解析微软docx文档,它可以提取所有的标记和值,并将他们存储在python的字典变量中,方便调用处理。做文件分析的可以看看PY是如何分析docx文件格式的。 地址:https://bitbucket.org/decalage/pywordform/downloads
46、PE API提取 - HAPI:HAPI是一款PE文件辅助分析工具,它可以从PE文件中提取API信息,一些经常使用的工具如PEDump, LordPE, PETools, Stud_PE, Dependency Walke等都可帮助我们从导入、导出表中提取API信息,从而帮助我们大致猜测程序的一些功能。 地址:http://www.hexacorn.com/blog/2012/03/03/hapi-api-extractor/
47、sleuthkit : The Sleuth Kit是一套强大的数字调查、取证工具集合,它可以运行在windows,Linux, OS X, FreeBSD, OpenBSD和Solaris上,能够分析 FAT, NTFS, UFS, EXT2FS和EXT3FS文件系统。The Sleuth Kit能为用户提供文件系统的详细信息,包括已删除数据。 地址:http://sourceforge.net/projects/sleuthkit/files/
48、开源DDOS/DOS(模拟攻击)测试工具 - LOIC: LOIC是一款专著于web应用程序的Dos/DDOS攻击工具,它可以用TCP数据包、UDP数据包、HTTP请求于对目标网站进行DDOS/DOS测试。 地址:http://sourceforge.net/projects/loic/files/loic/
49、主机漏洞检测工具 - cvechecker 3.1: cvechecker是一款linux下的主机安全检测工具,它通过扫描系统上已经安装的软件和匹配CVE数据库中的结果给出关于系统上可能存在的安全漏洞的报告。目前,cvechecker更新至3.1版 地址:http://sourceforge.net/projects/cvechecker/files/
50、PacketFence: PacketFence的是一个开放源码的网络接入控制(NAC)系统,提供以下功能:登记,发现异常的网络活动,主动漏洞扫描等 地址:http://www.packetfence.org/download/releases.html
51、Lilith: Lilith的基本功能是包含蜘蛛以及页面分析模块,对目标进行web安全检测 地址:http://m.weibo.cn/h2w/go?u=http%3A%2F%2Fmichaelhendrickx.com%2Fwp-content%2Fuploads%2F2008%2F11%2Flilith-06atar.gz&to=&from=client&urlId=7da9fe81decf0186&fs=12&signUrl=d9fb1cb577&shortUrl=http%3A%2F%2Ft.cn%2FagcXFr
52、SAMHAIN2.8.6:SAMHAIN 2.8.6: SAMHAIN是一个开放源代码的基于主机的入侵检测系统,它提供文件完整性检查,日志监视和分析功能,以及ROOTKIT检测,端口监视,检测可执行程序的SUID和隐藏进程等。 地址:http://m.weibo.cn/h2w/go?u=http%3A%2F%2Fla-samhna.de%2Fsamhain%2Fsamhain-current.tar.gz&to=&from=client&urlId=7da9fe81decf0186&fs=12&signUrl=0e7f64dff8&shortUrl=http%3A%2F%2Ft.cn%2FagPnly
53、CudaDBCracker: CudaDBCracker 是一款数据库密码暴力破解工具,支持NVIDIA 的CUDA框架。CudaDBCracker 支持的数据库hash包括Oracle 11g和Microsoft SQL Server。 地址:http://m.weibo.cn/h2w/go?u=http%3A%2F%2Fmarcellmajor.com%2Fcudadbcracker_binaries.zip&to=&from=client&urlId=7da9fe81decf0186&fs=12&signUrl=adaefc1d71&shortUrl=http%3A%2F%2Ft.cn%2FadE7Lb
54、wavsep: wavsep 是一个包含漏洞的web应用程序,目的是帮助测试web应用漏洞扫描器的功能、质量和准确性。一个测web漏扫的漏洞应用环境。 地址:https://code.google.com/p/wavsep/
55、高级内存取证工具平台 - volatility : Volatility Framework是一个全面的内存取证工具集,它使用Python实现,在GNU许可下发行,可以提取RAM中的数字证据。 地址:https://code.google.com/p/volatility/downloads/detail?name=volatility-2.0.zip&can=2&q=label%3AFeatured
56、swf文件逆向工程工具 - SWFRETools: SWFRETools中收集的工具可以用于Adobe Flash player漏洞分析和恶意SWF文件的恶意软件分析工作 关于反编译SWF的原理可以参考这篇文章:《How To Decompile Actionscript Code In Swf》 地址:https://github.com/sporst/SWFREtools
57、xpath-blind-explorer: 今年blackhat大会放出的工具,标题是:WORKSHOP - The Art of Exploiting Lesser Known Injection Flaws,议题可以参见这里 地址:https://code.google.com/p/xpath-blind-explorer/downloads/list 议题地址:https://www.blackhat.com/html/bh-us-11/bh-us-11-briefings.html#Siddharth
58、Razorback 0.2.5: Razorback是一个开放源代码的安全框架、分布式的检测系统,拥有健全的API函数集合和一个完全可扩展得数据库及数据管理系统。它可以工作分布式模式下并能够执行先进的事件关联。Razorback可以做为开源入侵检测系统snort的前端来使用。 地址:http://sourceforge.net/projects/razorbacktm/files/
59、Python XSS payload encoder :PY写的XSS代码加密脚本,用来bypass一些检测规则或者条件限制。XSS加密还是很常见很常见的。 地址:http://www.lo0.ro/2011/08/13/python-xss-payload-encoder/
60、modgrep: modgrep是一个perl脚本,它可以解析 audit_log 记录并提取信息。modgrep具备搜索功能,可直接搜索指定的字符串。 地址:http://www.modsecurity.org/
61、OpenDNSSEC: OpenDNSSEC是一个DNS安全扩展(DNSSEC)的开源解决方案。DNS安全扩展 (DNSSEC),是由IETF提供的一系列DNS安全认证的机制(可参考RFC2535)。它提供了一种来源鉴定和数据完整性的扩展,但不去保障可用性、加密性和证实域名不存在。 地址:http://m.weibo.cn/h2w/go?u=http%3A%2F%2Fwww.opendnssec.org%2Ffiles%2Fsource%2Fopendnssec-1.3.0.tar.gz&to=&from=client&urlId=7da9fe81decf0186&fs=12&signUrl=e81b5a7011&shortUrl=http%3A%2F%2Ft.cn%2FaEnfXD
62、Razorback 0.2.5: Razorback是一个开放源代码的安全框架、分布式的检测系统,拥有健全的API函数集合和一个完全可扩展得数据库及数据管理系统。它可以工作分布式模式下并能够执行先进的事件关联。Razorback可以做为开源入侵检测系统snort的前端来使用。 地址:http://sourceforge.net/projects/razorbacktm/files/
63、web安全工具大汇聚: 地址: http://sebug.net/paper/other/Web%E5%AE%89%E5%85%A8%E5%B7%A5%E5%85%B7%E5%A4%A7%E6%B1%87%E8%81%9A.txt http://www.owasp.org/index.php/Phoenix/Tools
========================= LiveCDs
Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - http://www.packetfocus.com/hackos/ DVL (Damn Vulnerable Linux) - http://www.damnvulnerablelinux.org/
Test sites / testing grounds
SPI Dynamics (live) - http://zero.webappsecurity.com/ Cenzic (live) - http://crackme.cenzic.com/ Watchfire (live) - http://demo.testfire.net/ Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com WebMaven / Buggy Bank - http://www.mavensecurity.com/webmaven Foundstone SASS tools - http://www.foundstone.com/us/resources-free-tools.asp Updated HackmeBank - http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/ SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/
HTTP proxying / editing
WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project Burp - http://www.portswigger.net/ Paros - http://www.parosproxy.org/ Fiddler - http://www.fiddlertool.com/ Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/ Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project Suru - http://www.sensepost.com/research/suru/ httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/ Charles - http://www.xk72.com/charles/ Odysseus - http://www.bindshell.net/tools/odysseus Burp, Paros, and WebScarab for Mac OS X - http://www.corsaire.com/downloads/ Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/ JS Commander - http://jscmd.rubyforge.org/ Ratproxy - http://code.google.com/p/ratproxy/
RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools
Wfuzz - http://www.edge-security.com/wfuzz.php ProxMon - http://www.isecpartners.com/proxmon.html Wapiti - http://wapiti.sourceforge.net/ Grabber - http://rgaucher.info/beta/grabber/ XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm JBroFuzz - http://sourceforge.net/projects/jbrofuzz XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/ WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/ Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/ [TGZ] MielieTool (SensePost Research) - http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz RegFuzzer: test your regular expression filter - http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter screamingCobra - http://www.dachb0den.com/projects/screamingcobra.html SPIKE and SPIKE Proxy - http://immunitysec.com/resources-freesoftware.shtml RFuzz - http://rfuzz.rubyforge.org/ WebFuzz - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999 TestMaker - http://www.pushtotest.com/Docs/downloads/features.html ASP Auditor - http://michaeldaw.org/projects/asp-auditor-v2/ WSTool - http://wstool.sourceforge.net/ Web Hack Control Center (WHCC) - http://ussysadmin.com/whcc/ Web Text Converter - http://www.microsoft.com/mspress/companion/0-7356-2187-X/ HackBar (Firefox Add-on) - https://addons.mozilla.org/firefox/3899/ Net-Force Tools (NF-Tools, Firefox Add-on) - http://www.net-force.nl/library/downloads/ PostIntercepter (Greasemonkey script) - http://userscripts.org/scripts/show/743
HTTP general testing / fingerprinting
Wbox: HTTP testing tool - http://hping.org/wbox/ ht://Check - http://htcheck.sourceforge.net/ Mumsie - http://www.lurhq.com/tools/mumsie.html WebInject - http://www.webinject.org/ Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/ JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/ OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/ Load-balancing detector - http://ge.mine.nu/lbd.html HMAP - http://ujeni.murkyroc.com/hmap/ Net-Square: httprint - http://net-square.com/httprint/ Wpoison: http stress testing - http://wpoison.sourceforge.net/ Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/ rfp.labs: LibWhisker - http://www.wiretrip.net/rfp/lw.asp Nikto - http://www.cirt.net/code/nikto.shtml twill - http://twill.idyll.org/ DirBuster - http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project [ZIP] DFF Scanner - http://security-net.biz/files/dff/DFF.zip [ZIP] The Elza project - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled - http://sf.net/projects/hackfox
Browser-based HTTP tampering / editing / replaying
TamperIE - http://www.bayden.com/Other/ isr-form - http://www.infobyte.com.ar/developments.html Modify Headers (Firefox Add-on) - http://modifyheaders.mozdev.org/ Tamper Data (Firefox Add-on) - http://tamperdata.mozdev.org/ UrlParams (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1290/ TestGen4Web (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1385/ DOM Inspector / Inspect This (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/ LiveHTTPHeaders / Header Monitor (Firefox Add-on) - http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/
Cookie editing / poisoning
[TGZ] stompy: session id tool - http://lcamtuf.coredump.cx/stompy.tgz Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/ CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/ CookiePie (Firefox Add-on) - http://www.nektra.com/oss/firefox/extensions/cookiepie/ CookieSpy - http://www.codeproject.com/shell/cookiespy.asp Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx
Ajax and XHR scanning
Sahi - http://sahi.co.in/ scRUBYt - http://scrubyt.org/ jQuery - http://jquery.com/ jquery-include - http://www.gnucitizen.org/projects/jquery-include Sprajax - http://www.denimgroup.com/sprajax.html Watir - http://wtr.rubyforge.org/ Watij - http://watij.com/ Watin - http://watin.sourceforge.net/ RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/ SpiderTest (Spider Fuzz plugin) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin Javascript Inline Debugger (jasildbg) - http://jasildbg.googlepages.com/ Firebug Lite - http://www.getfirebug.com/lite.html firewaitr - http://code.google.com/p/firewatir/
RSS extensions and caching
LiveLines (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/324/ rss-cache - http://www.dubfire.net/chris/projects/rss-cache/
SQL injection scanning
0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/ JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html sqlmap - http://sqlmap.sourceforge.net/ Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/ FG-Injector - http://www.flowgate.net/?lang=en&seccion=herramientas PRIAMOS - http://www.priamos-project.com/
Web application security malware, backdoors, and evil code
W3AF: Web Application Attack and Audit Framework - http://w3af.sourceforge.net/ Jikto - http://busin3ss.name/jikto-in-the-wild/ XSS Shell - http://ferruh.mavituna.com/article/?1338 XSS-Proxy - http://xss-proxy.sourceforge.net AttackAPI - http://www.gnucitizen.org/projects/attackapi/ FFsniFF - http://azurit.elbiahosting.sk/ffsniff/ HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/ BeEF - http://www.bindshell.net/tools/beef/ Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/ What is my IP address? - http://reglos.de/myaddress/ xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/ Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval Technika - http://www.gnucitizen.org/projects/technika/ Load-AttackAPI bookmarklet - http://www.gnucitizen.org/projects/load-attackapi-bookmarklet MD's Projects: JS port scanner, pinger, backdoors, etc - http://michaeldaw.org/my-projects/
Web application services that aid in web application security assessment
Netcraft - http://www.netcraft.net AboutURL - http://www.abouturl.com/ The Scrutinizer - http://www.scrutinizethis.com/ net.toolkit - http://clez.net/ ServerSniff - http://www.serversniff.net/ Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/ Webmaster-Toolkit - http://www.webmaster-toolkit.com/ myIPNeighbbors, et al - http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address PHP charset encoding - http://h4k.in/encoding data: URL testcases - http://h4k.in/dataurl
Browser-based security fuzzing / checking
Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/ Peach Fuzzer Framework - http://peachfuzz.sourceforge.net/ TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html PROTOS Test-Suite: c05-http-reply - http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html COMRaider - http://labs.idefense.com bcheck - http://bcheck.scanit.be/bcheck/ Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/ Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7 Javascript Website Login Checker - http://ha.ckers.org/weird/javascript-website-login-checker.html Mozilla Activex - http://www.iol.ie/~locka/mozilla/mozilla.htm Jungsonn's Black Dragon Project - http://blackdragon.jungsonnstudios.com/ Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - http://ha.ckers.org/mr-t/ Vulnerable Adobe Plugin Detection For UXSS PoC - http://www.0x000000.com/?i=324 About Flash: is your flash up-to-date? - http://www.macromedia.com/software/flash/about/ Test your installation of Java software - http://java.com/en/download/installed.jsp?detect=jre&try=1 WebPageFingerprint - Light-weight Greasemonkey Fuzzer - http://userscripts.org/scripts/show/30285
PHP static analysis and file inclusion scanning
PHP-SAT.org: Static analysis for PHP - http://www.program-transformation.org/PHP/ Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25 PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit
PHP Defensive Tools
PHPInfoSec - Check phpinfo configuration for security - http://phpsec.org/projects/phpsecinfo/
A Greasemonkey Replacement can be found at http://yehg.net/lab/#tools.greasemonkey Php-Brute-Force-Attack Detector - Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip PHP-Login-Info-Checker - Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlic
http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip
http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. http://code.google.com/p/ddos-shield/ PHPMySpamFIGHTER - http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar
Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources
APIDS on Wikipedia - http://en.wikipedia.org/wiki/APIDS PHP Intrusion Detection System (PHP-IDS) - http://php-ids.org/ http://code.google.com/p/phpids/ dotnetids - http://code.google.com/p/dotnetids/ Secure Science InterScout - http://www.securescience.com/home/newsandevents/news/interscout1.0.html Remo: whitelist rule editor for mod_security - http://remo.netnea.com/ GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/ mod_security rules generator - http://noeljackson.com/tools/modsecurity/ Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3 [TGZ] Automatic Rules Generation for Mod_Security - http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99 Akismet: blog spam defense - http://akismet.com/ Samoa: Formal tools for securing web services - http://research.microsoft.com/projects/samoa/
Web services enumeration / scanning / fuzzing
WebServiceStudio2.0 - http://www.codeplex.com/WebserviceStudio Net-square: wsChess - http://net-square.com/wschess/index.shtml WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm iSecPartners: WSMap, WSBang, etc - http://www.isecpartners.com/tools.html
Web application non-specific static source-code analysis
Pixy: a static analysis tool for detecting XSS vulnerabilities - http://www.seclab.tuwien.ac.at/projects/pixy/ Brixoft.Net: Source Edit - http://www.brixoft.net/prodinfo.asp?id=1 Security compass web application auditing tools (SWAAT) - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project An even more complete list here - http://www.cs.cmu.edu/~aldrich/courses/654/tools/ A nice list that claims some demos available - http://www.cs.cmu.edu/~aldrich/courses/413/tools.html A smaller, but also good list - http://spinroot.com/static/ Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. http://www.yasca.org/
Static analysis for C/C++ (CGI, ISAPI, etc) in web applications
RATS - http://www.securesoftware.com/resources/download_rats.html ITS4 - http://www.cigital.com/its4/ FlawFinder - http://www.dwheeler.com/flawfinder/ Splint - http://www.splint.org/ Uno - http://spinroot.com/uno/ BOON (Buffer Overrun detectiON) - http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net Valgrind - http://www.valgrind.org/
Java static analysis, security frameworks, and web application security tools
LAPSE - http://suif.stanford.edu/~livshits/work/lapse/ HDIV Struts - http://hdiv.org/ Orizon - http://sourceforge.net/projects/orizon/ FindBugs: Find bugs in Java programs - http://findbugs.sourceforge.net/ PMD - http://pmd.sourceforge.net/ CUTE: A Concolic Unit Testing Engine for C and Java - http://osl.cs.uiuc.edu/~ksen/cute/ EMMA - http://emma.sourceforge.net/ JLint - http://jlint.sourceforge.net/ Java PathFinder - http://javapathfinder.sourceforge.net/ Fujaba: Move between UML and Java source code - http://wwwcs.uni-paderborn.de/cs/fujaba/ Checkstyle - http://checkstyle.sourceforge.net/ Cookie Revolver Security Framework - http://sourceforge.net/projects/cookie-revolver tinapoc - http://sourceforge.net/projects/tinapoc jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html Solex - http://solex.sourceforge.net/ Java Explorer - http://metal.hurlant.com/jexplore/ HTTPClient - http://www.innovation.ch/java/HTTPClient/ another HttpClient - http://jakarta.apache.org/commons/httpclient/ a list of code coverage and analysis tools for Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html
Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET
* Visual Studio 2008 Code Analysis, available in:
o VSTS 2008 Development Edition (http://msdn.microsoft.com/vsts2008/products/bb933752.aspx) and
o VSTS 2008 Team Suite (http://msdn.microsoft.com/vsts2008/products/bb933735.aspx)
* Visual Studio 2005 Code Analyzer, available in:
o Visual Studio 2005 Team Edition for Software Developers (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)
o Visual Studio 2005 Team Suite (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)
* Web Development Helper - http://www.nikhilk.net/Project.WebDevHelper.aspx
* FxCop:
o (blog) http://blogs.msdn.com/fxcop/
o (download) http://code.msdn.microsoft.com/codeanalysis
* Microsoft internal tools you can't have yet:
o http://www.microsoft.com/windows/cse/pa_projects.mspx
o http://research.microsoft.com/Pex/
o http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf
Threat modeling
Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Amenaza: Attack Tree Modeling (SecurITree) - http://www.amenaza.com/software.php Octotrike - http://www.octotrike.org/
Add-ons for Firefox that help with general web application security
Web Developer Toolbar - https://addons.mozilla.org/firefox/60/ Plain Old Webserver (POW) - https://addons.mozilla.org/firefox/3002/ XML Developer Toolbar - https://addons.mozilla.org/firefox/2897/ Public Fox - https://addons.mozilla.org/firefox/3911/ XForms Buddy - http://beaufour.dk/index.php?sec=misc&pagename=xforms MR Tech Local Install - http://www.mrtech.com/extensions/local_install/ Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html IE Tab - https://addons.mozilla.org/firefox/1419/ User-Agent Switcher - https://addons.mozilla.org/firefox/59/ ServerSwitcher - https://addons.mozilla.org/firefox/2409/ HeaderMonitor - https://addons.mozilla.org/firefox/575/ RefControl - https://addons.mozilla.org/firefox/953/ refspoof - https://addons.mozilla.org/firefox/667/ No-Referrer - https://addons.mozilla.org/firefox/1999/ LocationBar^2 - https://addons.mozilla.org/firefox/4014/ SpiderZilla - http://spiderzilla.mozdev.org/ Slogger - https://addons.mozilla.org/en-US/firefox/addon/143 Fire Encrypter - https://addons.mozilla.org/firefox/3208/
Add-ons for Firefox that help with Javascript and Ajax web application security
Selenium IDE - http://www.openqa.org/selenium-ide/ Firebug - http://www.joehewitt.com/software/firebug/ Venkman - http://www.mozilla.org/projects/venkman/ Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/ Greasemonkey - http://www.greasespot.net/ Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/ User script compiler - http://arantius.com/misc/greasemonkey/script-compiler Extension Developer's Extension (Firefox Add-on) - http://ted.mielczarek.org/code/mozilla/extensiondev/ Smart Middle Click (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/3885/
Bookmarklets that aid in web application security
RSnake's security bookmarklets - http://ha.ckers.org/bookmarklets.html BMlets - http://optools.awardspace.com/bmlet.html Huge list of bookmarklets - http://www.squarefree.com/bookmarklets/ Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - http://www.blummy.com/ Bookmarklets every blogger should have - http://www.micropersuasion.com/2005/10/bookmarklets_ev.html Flat Bookmark Editing (Firefox Add-on) - http://n01se.net/chouser/proj/mozhack/ OpenBook and Update Bookmark (Firefox Add-ons) - http://www.chuonthis.com/extensions/
SSL certificate checking / scanning
[ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip [ZIP] Foundstone SSLDigger - http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/
Honeyclients, Web Application, and Web Proxy honeypots
Honeyclient Project: an open-source honeyclient - http://www.honeyclient.org/trac/ HoneyC: the low-interaction honeyclient - http://honeyc.sourceforge.net/ Capture: a high-interaction honeyclient - http://capture-hpc.sourceforge.net/ Google Hack Honeypot - http://ghh.sourceforge.net/ PHP.Hop - PHP Honeynet Project - http://www.rstack.org/phphop/ SpyBye - http://www.monkey.org/~provos/spybye/ Honeytokens - http://www.securityfocus.com/infocus/1713
Blackhat SEO and maybe some whitehat SEO
SearchStatus (Firefox Add-on) - http://www.quirk.biz/searchstatus/ SEO for Firefox (Firefox Add-on) - http://tools.seobook.com/firefox/seo-for-firefox.html SEOQuake (Firefox Add-on) - http://www.seoquake.com/
Footprinting for web application security
Evolution - http://www.paterva.com/evolution-e.html GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/ Aura: Google API Utility Tools - http://www.sensepost.com/research/aura/ Edge-Security tools - http://www.edge-security.com/soft.php Fierce Domain Scanner - http://ha.ckers.org/fierce/ Googlegath - http://www.nothink.org/perl/googlegath/ Advanced Dork (Firefox Add-on) - https://addons.mozilla.org/firefox/2144/ Passive Cache (Firefox Add-on) - https://addons.mozilla.org/firefox/977/ CacheOut! (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1453/ BugMeNot Extension (Firefox Add-on) - http://roachfiend.com/archives/2005/02/07/bugmenot/ TrashMail.net Extension (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1813/ DiggiDig (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2819/ Digger (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1467/
Database security assessment
Scuba by Imperva Database Vulnerability Scanner - http://www.imperva.com/scuba/
Browser Defenses
DieHard - http://www.diehard-software.org/ LocalRodeo (Firefox Add-on) - http://databasement.net/labs/localrodeo/ NoMoXSS - http://www.seclab.tuwien.ac.at/projects/jstaint/ Request Rodeo - http://savannah.nongnu.org/projects/requestrodeo FlashBlock (Firefox Add-on) - http://flashblock.mozdev.org/ CookieSafe (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2497 NoScript (Firefox Add-on) - http://www.noscript.net/ FormFox (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1579/ Adblock (Firefox Add-on) - http://adblock.mozdev.org/ httpOnly in Firefox (Firefox Add-on) - http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html SafeCache (Firefox Add-on) - http://www.safecache.com/ SafeHistory (Firefox Add-on) - http://www.safehistory.com/ PrefBar (Firefox Add-on) - http://prefbar.mozdev.org/ All-in-One Sidebar (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1027/ QArchive.org web file checker (Firefox Add-on) - https://addons.mozilla.org/firefox/4115/ Update Notified (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2098/ FireKeeper - http://firekeeper.mozdev.org/ Greasemonkey: XSS Malware Script Detector - http://yehg.net/lab/#tools.greasemonkey
Browser Privacy
TrackMeNot (Firefox Add-on) - https://addons.mozilla.org/firefox/3173/ Privacy Bird - http://www.privacybird.com/
Application and protocol fuzzing (random instead of targeted)
Sulley - http://fuzzing.org/ taof: The Art of Fuzzing - http://sourceforge.net/projects/taof/ zzuf: multipurpose fuzzer - http://sam.zoy.org/zzuf/ autodafé: an act of software torture - http://autodafe.sourceforge.net/ EFS and GPF: Evolutionary Fuzzing System - http://www.appliedsec.com/resources.html