Scapy Xdebug - Debugger and Profiler Tool for PHP penetration test - Affordable web application attack tools current community your communities Sign up or log in to customize your list. more stack exchange communities Stack Exchange sign up log in tour help Information Security Ask Question Take the 2-minute tour × Information Security Stack Exchange is a question and answer site for Information security professionals. Affordable web application attack tools 5 Answers active oldest votes Your Answer Sign up or log in Sign up using Google Sign up using Facebook Sign up using Stack Exchange Post as a guest discard By posting your answer, you agree to the privacy policy and terms of service. Not the answer you're looking for? Community Bulletin blog Putting the Community back in Wiki Related What tools are available to assess the security of a web application? How can I test my web application for timing attacks? Which languages are better for attacks against websites? Are there any tools for automated penetration testing of Silverlight applications? What is the best tool to anonymize your scans (network/ports)?
SQID - SQL Injection digger SQID sql injection digger. about SQL injection digger is a command line program that looks for SQL injections and common errors in web sites. Current version can perform the following operations: Look for SQL injections and common errors in web site URLs found by performing a google search. sqid is extensible by adding more signatures to its database (sqid.db). Usage Usage: sqid.rb [options] options: -m, --mode MODE Operate in mode MODE. download sqid is licensed under GPL v2. svn checkout next Next release will be additionally able to look for SQL injections in a web page by submitting forms. Please send suggestions, bugs, patches and flames at contact@metaeye.org. Copyright © Metaeye Security
Notification : stratégie - filtrage des URL [0x00] News and Changelog Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) Development just moved to a public github repository: There is a new section below for online tutorials. Read below for Linux compilation notes. CHANGELOG for 8.3 =================== ! Development moved to a public github repository: * Support for upcoming OpenSSL 1.1 added. needs testing. * Fixed hydra redo bug (issue #113) * Updated xhydra for new hydra features and options * Some more command line error checking * Ensured unneeded sockets are closed You can also take a look at the full CHANGES file [0x01] Introduction Welcome to the mini website of the THC Hydra project. (1) Target selection
troelskn/php-tracer-weaver - GitHub Nikto Web Scanner Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. The Nikto code itself is Open Source (GPL), however the data files it uses to drive the program are not. [1] Chris Sullo, the CFO of Open Security Foundation has written this scanner for vulnerability assessment. [2] Functions[edit] Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. Variations[edit] There are some variations of Nikto, one of which is MacNikto. References[edit] External links[edit] CIRT Nikto Page
Software >> sslstrip This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. Requirements Python >= 2.5 (apt-get install python) The python "twisted-web" module (apt-get install python-twisted-web) Setup tar zxvf sslstrip-0.9.tar.gz cd sslstrip-0.9 (optional) sudo python . Running sslstrip That should do it. How does this work? First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. At this point, sslstrip receives the traffic and does its magic. Development The current development branch can be found on github.