ToolWar | Information Security (InfoSec) Tools: Web

WebReaver (Advanced Web Security Scanner) :: Framework

<p style="text-align: center;"><img alt="WebReaver (Advanced Web Security Scanner)" border="0" data-original-height="1180" data-original-width="2048" height="230" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3ne2Pm852WocBoS6pz22kpKIauMIwx-ZeFPTcJO-aGtAj8oSokpLjpSwuepPZHfMMuzME0wJa_nx8KJc62uNIUMKOuGHy9Pdf_-zlKrlYFmpW3gVbABfveI7jWvWSWUKFOEyyiUGrtMQ/w400-h230-rw/01.png" title="WebReaver (Advanced Web Security Scanner)" width="400" />  </p><p>WebReaver is an elegant, easy to use and fully-automated, web 
application security security testing tool for Mac, Windows and Linux, 
suitable for novice as well as advanced users.</p>
<p>WebReaver allows you easily test any web application for a large 
variety of web vulnerabilities from the sever kinds such as SQL 
Injection, Local and Remote File Includes, Command Injection, Cross-site
 Scripting and Expression Injection to the less severe ones such as 
variety of session and headers problems, information leakage and many 
more.</p><p><b>Tutorial</b>:</p><p> </p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/4w5QbNTED8I" width="320" youtube-src-id="4w5QbNTED8I"></iframe></div><br /><br /><p></p><p><b>Download :</b></p><p><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver+Setup+0.1.0.exe" rel="nofollow" target="_blank">Windows</a><b> |</b> <a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0.dmg" rel="nofollow" target="_blank">macOS</a><b> | </b><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0-x86_64.AppImage" rel="nofollow" target="_blank">Linux</a><b><br /></b></p><p><a href="https://webreaver.com/" rel="nofollow" target="_blank"><b>Official Website</b> <br /></a></p>

WebReaver (Advanced Web Security Scanner) :: Framework

WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, sui...

SubBrute (Subdomain Bruteforcer) :: Tools

<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/s1600/SubBrute.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="subbrute subdomain bruteforce" border="0" data-original-height="900" data-original-width="1600" height="225" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/w400-h225-rw/SubBrute.jpg" title="subbrute subdomain bruteforce" width="400" /> </a></p><p style="text-align: justify;">SubBrute is a community driven project with the goal of creating the 
fastest, and most accurate subdomain enumeration tool.  Some of the 
magic behind SubBrute is that it uses open resolvers as a kind of proxy 
to circumvent DNS rate-limiting.  This design also provides a layer of anonymity, as SubBrute does not send traffic directly to the target's name servers.</p><p><span style="font-size: medium;"><b>I<span>nstallation & Use:</span></b> </span></p><p>No install required for Windows,  just cd into the 'windows' folder:</p>
<ul><li>subbrute.exe google.com</li></ul>
<p>Easy to install:
You just need and python2.7 or python3.  This tool should work under any operating system:  bsd, osx, windows, linux...</p>
<p>(On a side note giving a makefile root always bothers me,  it would be a great way to install a backdoor...)</p>
<p>Under Ubuntu/Debian all you need is:</p>
<ul><li>sudo apt-get install python-dnspython</li></ul>
<p>On other operating systems you may have to install dnspython manually:</p>

<p>Easy to use:</p>
<ul><li>./subbrute.py google.com</li></ul>
<p>Tests multiple domains:</p>
<ul><li>./subbrute.py google.com gmail.com blogger.com</li></ul>
<p>or a newline delimited list of domains:</p>
<ul><li>./subbrute.py -t list.txt</li></ul>
<p>Also keep in mind that subdomains can have subdomains (example: _xmpp-server._tcp.gmail.com):</p>
<ul><li>
<p>./subbrute.py gmail.com > gmail.out</p>
</li><li>
<p>./subbrute.py -t gmail.out</p>
</li></ul><p style="text-align: justify;"><b><span style="font-size: small;">Download: <a href="https://github.com/TheRook/subbrute" target="_blank">Subbrute v1.2.1</a><br /></span></b></p>

SubBrute (Subdomain Bruteforcer) :: Tools

SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of th...

WebSlayer (Brute Forcing Web Applications) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB-Km_jr9rLE0PT8dWcX5nBk3Vg169tYvpjuYXyHIlJIjQjQiVszr8nD96mwiNPVRW85LZcoW5X_mMyw2crhTWikoBQ8v4OiWpaaZvhMCSAk5UzTLY5r67QXW9yjWBoUkY_WEAQKAphe81/s1600/webslayer-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP WebSlayer :: ToolWar" border="0" height="318" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB-Km_jr9rLE0PT8dWcX5nBk3Vg169tYvpjuYXyHIlJIjQjQiVszr8nD96mwiNPVRW85LZcoW5X_mMyw2crhTWikoBQ8v4OiWpaaZvhMCSAk5UzTLY5r67QXW9yjWBoUkY_WEAQKAphe81/s1600-rw/webslayer-1.png" title="OWASP WebSlayer :: ToolWar" width="400" /></a></div>
<div style="text-align: justify;">
<b>WebSlayer</b> is a tool designed for brute forcing Web  Applications, it can be used for finding  resources not linked  (directories, servlets, scripts,files, etc), brute force GET and POST  parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc.  The tools has a payload generator and an easy and powerful results  analyzer. </div>
<div style="text-align: justify;">
You can perform attacks like: </div>
<ul style="text-align: justify;">
<li>Predictable resource locator, recursion supported (Discovery) </li>
</ul>
<ul style="text-align: justify;">
<li>Login forms brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Session brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Parameter brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Parameter fuzzing  and injection (XSS, SQL) </li>
</ul>
<ul style="text-align: justify;">
<li>Basic and Ntml authentication brute forcing </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Ce413RcYuGI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<br />
<b>Download Here ::</b> 
<a href="https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/webslayer/WebSlayer-Beta.msi" target="_blank">WebSlayer Beta</a><b><br /></b><br />
<b>Official Website :: </b>http://www.edge-security.com/webslayer.php </div>

WebSlayer (Brute Forcing Web Applications) :: Tools

WebSlayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servl...

OWASP Amass - Subdomain Enumeration/Scanner : Tool

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s1600/Amass.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP Amass Subdomain Scanner" border="0" data-original-height="327" data-original-width="647" height="202" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s400-rw/Amass.JPG" title="OWASP Amass Subdomain Scanner" width="400" /></a></div>
<br />
<div style="text-align: justify;">
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.</div>
<b><br />
</b> <b>Information Gathering Techniques Used:</b><br />
<br />
<div style="text-align: justify;">
1] DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
2] Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
3] Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
4] APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, DNSDB, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
5] Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Video Tutorial:</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/mEQnVkSG19M/0.jpg" frameborder="0" height="330" src="https://www.youtube.com/embed/mEQnVkSG19M?feature=player_embedded" width="100%"></iframe></div>
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Documentation:  </h3>
<div style="text-align: justify;">
1] <a href="https://github.com/OWASP/Amass/blob/master/doc/install.md" target="_blank">Installation Guide </a></div>
<div style="text-align: justify;">
2] <a href="https://github.com/OWASP/Amass/blob/master/doc/user_guide.md" target="_blank">User's Manual/How to Use</a></div>
<h3 style="text-align: justify;">
Download:</h3>
<div style="text-align: justify;">
Amass is available for various platforms like Linux, Windows, MacOS etc.</div>
<div style="text-align: justify;">
1] <a href="https://github.com/OWASP/Amass" target="_blank">Download Link</a></div>
<div style="text-align: justify;">
2] <a href="https://github.com/OWASP/Amass/releases" target="_blank">Precompiled Binary</a> (Windows, MacOS, Linux)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Official Page:</b> <a href="https://github.com/OWASP/Amass" target="_blank">OWASP Amass</a></div>

OWASP Amass - Subdomain Enumeration/Scanner : Tool

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and p...

FireEye Commando VM : Distribution

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s1600/CVM+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="commando vm fireeye" border="0" data-original-height="750" data-original-width="974" height="246" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s320-rw/CVM+logo.png" title="commando vm fireeye" width="320" /></a></div>
<div style="text-align: justify;">
CommandoVM - a fully customized, Windows-based security <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">distribution</a> for penetration testing and red teaming. </div>
<div style="text-align: justify;">
Penetration testers commonly use their own variants of Windows 
machines when assessing Active Directory environments. Commando VM was 
designed specifically to be the go-to platform for performing these 
internal penetration tests. The benefits of using a Windows machine 
include native support for Windows and Active Directory, using your VM 
as a staging area for C2 frameworks, browsing shares more easily (and 
interactively), and using tools such as PowerView and BloodHound without having to worry about placing output files on client assets.</div>
<div style="text-align: justify;">
Commando VM uses Boxstarter, Chocolatey, and MyGet packages
 to install all of the software, and delivers many tools and utilities 
to support penetration testing. This list includes more than 140 tools, 
including:</div>
<ul style="list-style-position: inside; text-align: justify;">
<li><a href="http://www.toolwar.com/2014/02/nmap-and-zenmap-network-discovery-and.html" target="_blank">Nmap</a></li>
<li><a href="http://www.toolwar.com/2013/09/wireshark-tools.html" target="_blank">Wireshark</a></li>
<li>Covenant</li>
<li>Python</li>
<li>Go</li>
<li>Remote Server Administration Tools</li>
<li><a href="http://www.toolwar.com/2013/09/sysinternals.html" target="_blank">Sysinternals</a></li>
<li>Mimikatz</li>
<li><a href="http://www.toolwar.com/2013/09/burp-suite-tools.html" target="_blank">Burp-Suite</a></li>
<li>x64dbg</li>
<li>Hashcat</li>
</ul>
<div style="text-align: justify;">
With such versatility, Commando VM aims to be the de facto <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a>machine for every penetration tester and red teamer. For the blue 
teamers reading this, don’t worry, we’ve got full blue team support as 
well! The versatile tool sets included in Commando VM provide blue teams
 with the tools necessary to audit their networks and improve their 
detection capabilities. With a library of offensive tools, it makes it 
easy for blue teams to keep up with offensive tooling and attack trends.</div>
<div style="text-align: justify;">
<br /></div>
<h4>
Requirements</h4>
<ul>
<li>Windows 7 Service Pack 1 or Windows 10</li>
<li>60 GB Hard Drive</li>
<li>2 GB RAM</li>
</ul>
<h3 style="text-align: justify;">
Installation Instruction: </h3>
<ol>
<li>Create and configure a new Windows Virtual Machine</li>
</ol>
<ul>
<li>Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain</li>
<li>Take a snapshot of your machine!</li>
<li>Download and copy <code>install.ps1</code> on your newly configured machine.</li>
<li>Open PowerShell as an Administrator</li>
<li>Enable script execution by running the following command:
<ul>
<li><code>Set-ExecutionPolicy Unrestricted</code></li>
</ul>
</li>
<li>Finally, execute the installer script as follows:
<ul>
<li><code>.\install.ps1</code></li>
<li>You can also pass your password as an argument: <code>.\install.ps1 -password <password></code></li>
</ul>
</li>
</ul>
<div style="text-align: justify;">
<b>Detailed Installation Instruction: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Click Here</a><b> </b></div>
<div style="text-align: justify;">
<b>Download: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Commando VM</a></div>
<div style="text-align: justify;">
<b>Official Website: </b><a href="https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html" rel="nofollow" target="_blank">FireEye</a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>

FireEye Commando VM : Distribution

CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. Penetration testers comm...

Sublist3r - Subdomain Enumeration / Scanner : Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s1600/Sublist3r.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Sublist3r - Subdomain Enumeration" border="0" data-original-height="413" data-original-width="867" height="190" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s400-rw/Sublist3r.JPG" title="Sublist3r - Subdomain Scanner" width="400" /></a></div>
<div style="text-align: justify;">
Sublist3r is a python tool designed to enumerate subdomains of websites 
using OSINT. It helps penetration testers and bug hunters collect and 
gather subdomains for the domain they are targeting. Sublist3r 
enumerates subdomains using many search engines such as Google, Yahoo, 
Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using 
Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.</div>
<div style="text-align: justify;">
<br /></div>
<h2 style="text-align: justify;">
<span style="font-size: large;">Installation:</span></h2>
<blockquote class="tr_bq">
<pre><code>git clone https://github.com/aboul3la/Sublist3r.git</code></pre>
</blockquote>
<b><span style="font-size: small;">Dependencies:</span></b><br />
<blockquote class="tr_bq">
<pre><code>sudo pip install -r requirements.txt</code></pre>
</blockquote>
<b><span style="font-size: small;">How To Use:</span></b> <br />
<blockquote class="tr_bq">
<span style="font-size: large;"> </span><code>python sublist3r.py -v -d example.com</code></blockquote>
where -V : Verbose, -d : Domain<br />
<br />
<h3>
<b>Download:: </b> </h3>
Linux & Windows : <a href="https://github.com/aboul3la/Sublist3r" rel="nofollow" target="_blank">Sublis3r (Official Page)</a>

Sublist3r - Subdomain Enumeration / Scanner : Tools

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collec...

Raptor (Web Application Firewall) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600/Raptor.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Web Application Firewall Raptor" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600-rw/Raptor.png" title="Raptor Web Application Firewall" /></a></div>
<div style="text-align: justify;">
<b>Raptor</b> is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’t use regex or other common ways to block attacks, use deterministic finite automaton, yes is diferent and fast like a raptor dinosaur, Raptor follow principle KISS (Keep It Simple), you can use Raptor to simulate attacks and learning new ways to bypasses.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS...</div>
<ul>
<li>    You can block XSS, SQL injection attacks and path traversal with Raptor</li>
<li>    You can use blacklist of IPs to block some users at config/blacklist ip.txt</li>
<li>    You can use IPv6 and IPv4 at communications</li>
<li>    At the future DoS protector, request limit, rule interpreter and Malware detector at uploads.</li>
<li>    At the future SSL/TLS...</li>
</ul>
<b>Installation: </b><br />
to run:<br />$ git clone https://github.com/CoolerVoid/raptor_waf<br />$ cd raptor_waf; make; bin/raptor<br />
<br />
<b>Usage: </b><br />
Up some HTTPd server at port 80<br />$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt<br />
<b> </b><br />
<b>Documentation: </b><a href="https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf" rel="nofollow" target="_blank">Click Here</a><b> </b><br />
<h3>
<b>Download: </b></h3>
<b>Linux: </b><a href="http://sourceforge.net/projects/raptorwaf/files/latest/download" rel="nofollow" target="_blank">Raptor</a>  <b><br /></b>

Raptor (Web Application Firewall) :: Tools

Raptor is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’...

SpiderFoot (Open Source Footprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="spiderfoot logo" border="0" height="97" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3OsA6C6TqkPGzSteLe5Il6DIbd5vJ2R2ygYKxmMpztIbUkSadC9dsHcwl_7QR802M4qPoJJisrwSlI8DMAEUell4jeIyK4qx3jReRPGdrFQmb11OzHZZF0LqZ5PMxpn_9YKKrUSujN-Vq/s1600-rw/spiderfoot-logo-named.jpg" title="spiderfoot logo" width="320" /></div>
<div style="text-align: justify;">
<b>SpiderFoot</b> is a free, <b>open-source footprinting tool</b>, enabling you to perform various scans against a given domain name in order to <i>obtain information</i> such as <i>sub-domains, e-mail addresses, owned netblocks, <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> server versions</i> and so on. The main objective of <b>SpiderFoot</b> is to automate the <b>footprinting</b> process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> itself. <br />
<br />
<h3>
Features ::</h3>
</div>
<ul style="text-align: justify;">
<li><b>SpiderFoot's</b> simple web-based interface enables you to kick off a scan immediately after install - just give your scan a name, the domain name of your target and select which modules to enable. </li>
<li>You will quickly obtain information such as: URLs handling <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a>, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> ranges (netblocks), web servers, open ports, information about SSL certificates, and much more.</li>
<li>All <b>SpiderFoot</b> scan results are stored within an internal SQLite database, meaning that during a running scan and after a scan has completed, you can easily browse results, export to CSV and soon also be able to search scan results.</li>
<li><b>SpiderFoot</b> is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire. As a simple example, you could create a module that automatically attempts to <a href="http://www.toolwar.com/search/label/Bruteforce" target="_blank">brute-force </a>usernames and passwords any time a password-handling webpage is identified by the spidering module.</li>
</ul>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/jD2rgooP2T0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
 </h3>
<b>Installing ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Installing" target="_blank">Click Here</a>  
<b> </b><br />
<b>Release Notes ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Release-Notes" target="_blank">Click Here</a>

<br />
<br />
<h3>
Download ::</h3>
<b>Windows ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/SpiderFoot-2.1.0-w32.zip/download" target="_blank">SpiderFoot v2.1.0x86</a> (.zip)<br />
<b>Linux/Solaris/BSD ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/spiderfoot-2.1.0-src.tar.gz/download" target="_blank">SpiderFoot v2.10</a> (.tar.gz)
<b> </b><br />
<b>Official Website :: </b><a href="http://www.spiderfoot.net/">http://www.spiderfoot.net/</a>

SpiderFoot (Open Source Footprinting) :: Tools

SpiderFoot is a free, open-source footprinting tool , enabling you to perform various scans against a given domain name in order to obta...

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="XSSYA" border="0" height="331" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600-rw/XSSYA+Screenshot.png" title="XSSYA Screenshot" width="640" /></div>
<br />
<div style="text-align: justify;">
<b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div>
<br />
<h3>
Key Features:</h3>
<ul>
<li>Support HTTPS</li>
<li>After Confirmation (execute payload to get cookies)</li>
<li>Can be run in (Windows - Linux)</li>
<li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li>
<li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li>
<li>Support Saving The Web HTML Code Before Executing</li>
<li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li>
</ul>
<h3>
What's New: </h3>
(XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br />
<br />
<div style="text-align: justify;">
Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div>
<br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br />
<h3>
Tutorials:</h3>
<b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br />
<h3>
Download:</h3>
<b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a>

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) written in python scripting language confirm the XSS Vulnerabili...

Sandcat Browser (Web Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTNeBldokTCCp2sKPEkIFaDYKilr89PbQIxdeIWaz7JEOT9ziJ36DF-zxINRCMAbUy_Rc-T4mqfPDm3Xl4N6chlKsO3pt3ex66r0qn8tqjYWzD6SbtSiTx3GHA8JDP2E633tsV5RAGFdVa/s1600/sandcat+browser+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sandcat browser screenshot" border="0" height="310" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTNeBldokTCCp2sKPEkIFaDYKilr89PbQIxdeIWaz7JEOT9ziJ36DF-zxINRCMAbUy_Rc-T4mqfPDm3Xl4N6chlKsO3pt3ex66r0qn8tqjYWzD6SbtSiTx3GHA8JDP2E633tsV5RAGFdVa/s400-rw/sandcat+browser+screenshot.png" title="sandcat browser screenshot" width="400" /></a></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Sandcat Browser</b> is the fastest web browser combined with the fastest scripting language packed with features for pen-testers<b>. Sandcat Browser</b> is a freeware portable pen-test oriented multi-tabbed  web browser with extensions support developed by the Syhunt team. The <b> Sandcat Browser</b> is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. </div>
<div class="vspace" style="text-align: justify;">
Some of its unique features include: </div>
<ul style="text-align: justify;">
<li><b>Live HTTP Headers</b> — built-in live headers with a dedicated cache per tab and support for preview extensions </li>
<li><b>Sandcat Console</b> — an extensible command line console; Allows you to easily run custom commands and scripts in a loaded page </li>
<li><b>Resources</b> tab  — allows you to view the page resources, such as JavaScript files and other web files. </li>
<li><b>Page Menu</b> extensions — allows you to view details about a page and more. </li>
<li><b>Pen-Tester Tools</b> — Sandcat comes with a  multitude of pen-test oriented extensions. This includes a Fuzzer, a  Script Runner, HTTP & XHR Editors, Request Loader, Request Replay  capabilities and more. </li>
</ul>
<div class="vspace" style="text-align: justify;">
Features inherited from Chromium include: </div>
<ul style="text-align: justify;">
<li><b>Multi-Process Architecture</b> — each tab is its own process </li>
<li><b>Developer Tools</b> — in addition to the Chromium Developer Tools, Sandcat comes with a Source Code Editor and its own JavaScript and Lua consoles. </li>
</ul>
<h3 style="text-align: justify;">
<b> </b></h3>
<h3 style="text-align: justify;">
<b>Tutorials ::</b></h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/xdeXF4F4T_Q?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
<b>Download ::</b></h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://www.syhunt.com/pub/downloads/sandcat-browser-4.4.exe" target="_blank">Sandcat v4.4</a><b> </b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.syhunt.com/?n=Sandcat.Browser">http://www.syhunt.com/?n=Sandcat.Browser</a><b>
</b></div>
<h3 style="text-align: justify;">
</h3>
<div style="text-align: justify;">
</div>

Sandcat Browser (Web Penetration Testing) :: Framework

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers . Sandcat...

AndiParos (Web Application Security Assessments) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1vpXX0DjZZItydH0KB9zNnfXlCbRkY7UWHW5FiqbE4Hx-kZMJEJs4iZIKQXj74FOKOYKrBbA0ws0u1Dw5qCx02GfzGD3M8_BRJhHOetEmnneVAQP2WANvMYpwj_5WJdX8W1M8Ndcsq2S/s1600/Andiparos_Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="AndiParos Screenshot" border="0" height="307" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1vpXX0DjZZItydH0KB9zNnfXlCbRkY7UWHW5FiqbE4Hx-kZMJEJs4iZIKQXj74FOKOYKrBbA0ws0u1Dw5qCx02GfzGD3M8_BRJhHOetEmnneVAQP2WANvMYpwj_5WJdX8W1M8Ndcsq2S/s1600-rw/Andiparos_Screenshot.png" title="AndiParos Screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Andiparos</b> is a fork of the famous <a href="http://www.toolwar.com/2013/09/paros-proxy-tools.html" rel="" target="_blank">Paros Proxy</a>.
 It is an open source <b>web application security assessment tool</b> that 
gives <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers the ability to spider websites, analyze 
content, intercept and modify requests, etc. </div>
<div style="text-align: justify;">
The advantage of 
<b>Andiparos</b> is mainly the support of Client Certificates on Smartcards. 
Moreover it has several small interface enhancements, making the life 
easier for penetration testers... </div>
<div style="text-align: justify;">
Features: </div>
<ul style="text-align: justify;">
<li>Smartcard support </li>
<li>BeanShell support </li>
<li>History Filter (URLs) </li>
<li>Passive Scanner </li>
<li>Advanced search functionality </li>
<li>MultiTags for request/response </li>
<li>Mark Request/Response </li>
<li>Better<a href="http://www.toolwar.com/search/label/Mac" target="_blank"> Mac OS X</a> integration </li>
<li>other nice enhancements... </li>
</ul>
<h3>
Tutorials ::</h3>
<b>Wiki ::</b> <a href="https://code.google.com/p/andiparos/w/list" target="_blank">Click Here</a>  <br />
<h3>
Download ::</h3>
<b>Linux | Windows | Mac :: </b><a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-1.0.6.zip" target="_blank">Andiparos v1.0.6</a> (.zip) | <a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-1.0.6-Installer.exe" target="_blank">Andiparos v1.0.6</a> (.exe) | <a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-v1.0.6.dmg" target="_blank">Andiparos v1.0.6</a> (.dmg) <br />
<b>Source Website :: </b><a href="https://code.google.com/p/andiparos/">https://code.google.com/p/andiparos/</a>

AndiParos (Web Application Security Assessments) :: Tools

Andiparos is a fork of the famous Paros Proxy . It is an open source web application security assessment tool that gives penetration ...

URLCrazy (Check for Mistyped Domain Names) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyLyWDBoVsveQYb2dGL_PuWnsuRw1nokIuQKd_361RbcaREom6CLNFECgU-VoE2dThMoAADFfaWbckc79TaK68iLysT77s5PgM_l4a921ztqCrvKcHKXbTMWJbRjSlQJx2KE-BebY_gUjr/s1600/URLCrazy+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="URLCrazy Screenshot" border="0" height="339" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyLyWDBoVsveQYb2dGL_PuWnsuRw1nokIuQKd_361RbcaREom6CLNFECgU-VoE2dThMoAADFfaWbckc79TaK68iLysT77s5PgM_l4a921ztqCrvKcHKXbTMWJbRjSlQJx2KE-BebY_gUjr/s1600-rw/URLCrazy+Screenshot.png" title="URLCrazy Screenshot" width="640" /></a></div>
<div style="text-align: justify;">
<b>URLCrazy</b> checks for mistyped domain names of websites.  It can detect 
typo domain squatters and help protect your domain <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> by 
identifying domain names to preemptively register.  It generates 15 
types of typos, including bitflipped domains, knows over 8,000 common 
misspellings and over 450 homophones, supports multiple keyboard 
layouts, checks whether a typo is a valid domain, and can test whether 
domain typos are in use and estimate the popularity of a typo.

Generate and test domain typos and variations to detect and perform 
typo squatting, URL hijacking, phishing, and corporate espionage.</div>
<h3 style="text-align: justify;">
Usage </h3>
<div style="text-align: justify;">
* Detect typo squatters profiting from typos on your domain name<br />
* Protect your brand by registering popular typos<br />
* Identify typo domain names that will receive traffic intended for another domain<br />
* Conduct phishing attacks during a <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration test</a></div>
<h3 style="text-align: justify;">
Features</h3>
<div style="text-align: justify;">
* Generates 15 types of domain variants<br />
* Knows over 8000 common misspellings<br />
* Supports cosmic ray induced bit flipping<br />
* Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)<br />
* Checks if a domain variant is valid<br />
* Test if domain variants are in use<br />
* Estimate popularity of a domain variant<br />
* URLCrazy requires Linux and the Ruby interpreter.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<b>Installation :: </b><br />

<span style="font-family: "Courier New",Courier,monospace;">If you are using Ubuntu or Debian try:<br />
 $ sudo apt-get install ruby-1.8</span><br />
  <br />
<h3>
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.morningstarsecurity.com/downloads/urlcrazy-0.5.tar.gz" target="_blank">URLCrazy v0.5</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.morningstarsecurity.com/research/urlcrazy">http://www.morningstarsecurity.com/research/urlcrazy</a></div>

URLCrazy (Check for Mistyped Domain Names) :: Tools

URLCrazy checks for mistyped domain names of websites. It can detect typo domain squatters and help protect your domain security by ...

Fiddler (Web Debugger Proxy) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoMGV0ZYokZLN2EHLK6qkK_j46ll8DxX5tNAWsuTWrfhCFoHDzxx4SUQFYGKOWgGNkc3p12cIAU1IWKWCKRo16-Ffc1JXOnqM6M60CPkbbxgDqnRKDKo0SJjH0htwNuFreOKr16MRNlihG/s1600/Fiddler+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="251" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoMGV0ZYokZLN2EHLK6qkK_j46ll8DxX5tNAWsuTWrfhCFoHDzxx4SUQFYGKOWgGNkc3p12cIAU1IWKWCKRo16-Ffc1JXOnqM6M60CPkbbxgDqnRKDKo0SJjH0htwNuFreOKr16MRNlihG/s1600-rw/Fiddler+logo.png" width="400" /></a></div>
<div style="text-align: justify;">
<b>Fiddler</b> is a <b>Web Debugging Proxy</b> which logs all HTTP(S) traffic between  your computer and the Internet. <b>Fiddler</b> allows you to inspect all  HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing  data. Fiddler includes a powerful event-based scripting subsystem, and  can be extended using any .NET language.</div>
<ul style="text-align: justify;">
<li><b>HTTP/HTTPS Traffic Recording :: </b>Fiddler is a free <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debugging</a> proxy which logs all HTTP(s) traffic 
between your computer and the Internet. Use it to debug traffic from 
virtually any application that supports a proxy like IE, Chrome, Safari,
 Firefox, Opera and more.</li>
<li><b>Web Session Manipulation ::</b> Easily manipulate and edit web sessions. All you need to do is set a breakpoints to pause the processing of the session and permit alteration 
of the request/response. You can also compose your own HTTP requests to 
run through <b>Fiddler</b>.</li>
<li><b>Web Debugging :: </b>Debug traffic from PC, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac</a> or <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux systems</a> and <a href="http://www.toolwar.com/search/label/Mobile" target="_blank">mobile devices</a>. Ensure 
the proper cookies, headers and cache directives are transferred between
 the client and server. Supports any framework, including .NET, Java, 
Ruby, etc.</li>
<li><b> Security Testing :: </b>Use <b>Fiddler</b> for <a href="http://www.toolwar.com/search/label/Security" target="_blank">security testing</a> your web applications -- decrypt HTTPS 
traffic, and display and modify requests using a man-in-the-middle 
decryption technique. Configure Fiddler to decrypt all traffic, or only 
specific sessions.</li>
<li><b>Performance Testing :: </b>Fiddler lets you see the “total page weight,” HTTP caching and 
compression at a glance. Isolate performance bottlenecks with rules like
 “Flag any uncompressed responses larger than 25kb.”</li>
<li><b>Customizing Fiddler :: </b>Benefit from a rich extensibility model, ranging from simple 
FiddlerScript to powerful Extensions which can be developed using any 
.NET language.  </li>
<li><div class="sfContentBlock">
<b>Simulate Real User Load Using Fiddler Captures ::</b> Fiddler is an excellent tool for 
understanding the performance of your website, but how does your 
performance change when lots of users are hitting the site? Check out 
Telerik Test Studio powered by Fiddler to get an in-depth understanding 
of how your site performance degrades as the number of users increases.</div>
</li>
</ul>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/gujBKFGwjd4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://www.telerik.com/docs/default-source/fiddler/fiddler4setup.exe?sfvrsn=2" target="_blank">Fiddler v4.4.6.2</a> (.exe) 
<b> </b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.telerik.com/download/fiddler">http://www.telerik.com/download/fiddler</a></div>

Fiddler (Web Debugger Proxy) :: Tools

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect...

QualysGuard (Cloud Security) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600/qualys-logo.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Qualys logo" border="0" height="306" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600-rw/qualys-logo.jpeg" title="Qualys logo" width="320" /></a></div>
<div style="text-align: justify;">
<b>QualysGuard</b> is a popular <b>SaaS (software as a service) vulnerability  management</b> offering.  It's web-based UI offers <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> discovery and  mapping, asset prioritization, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> assessment reporting and  remediation tracking according to business risk.  Internal scans are  handled by Qualys appliances which communicate back to the <a href="http://www.toolwar.com/search/label/Cloud" target="_blank">cloud-based</a>  system.</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<h3 style="text-align: justify;">
</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/XfeyNLb7ZDc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5Cbq5wudtZE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Trial Linux | Mac | Windows :: </b><a href="http://www.qualys.com/forms/trials/qualysguard/" target="_blank">QualysGuard</a><b>
</b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.qualys.com/" target="_blank">http://www.qualys.com/ </a></div>

QualysGuard (Cloud Security) :: Framework

QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discov...

Skipfish (Web Application Security Scanner) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWet3cqxS_RaHFSPFgDcVyLfRIrD075ildwUJOYxN7KDyiHkwz5nOjJPSSvtMoZzRLq_g1vGKdWJsR2avZ_xoeGfBYB4C_YjX_Ulr5xlGhii4h2OWhJ_f2_3UkGgBCQ6pOtci-zTNqau4-/s1600/skipfish+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Skipfish Screenshot" border="0" height="329" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWet3cqxS_RaHFSPFgDcVyLfRIrD075ildwUJOYxN7KDyiHkwz5nOjJPSSvtMoZzRLq_g1vGKdWJsR2avZ_xoeGfBYB4C_YjX_Ulr5xlGhii4h2OWhJ_f2_3UkGgBCQ6pOtci-zTNqau4-/s1600-rw/skipfish+screenshot.png" title="Skipfish Screenshot" width="640" /></a></div>
<div style="text-align: justify;">
<b><i>Skipfish</i></b> is an active <b>web application security reconnaissance tool</b>. It prepares an interactive sitemap  for the targeted site by carrying out a recursive crawl and  dictionary-based probes. The resulting map is then annotated with the  output from a number of active (but hopefully non-disruptive) <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>  checks. The final report generated by the tool is meant to serve as a  foundation for professional <a href="http://www.toolwar.com/search/label/Web" target="_blank">web application</a> security assessments. </div>
<div style="text-align: justify;">
Key features: </div>
<ul style="text-align: justify;">
<li><b>High speed</b>:  pure C code, highly optimized HTTP handling, minimal CPU footprint -  easily achieving 2000 requests per second with responsive targets. </li>
</ul>
<ul style="text-align: justify;">
<li><b>Ease of use</b>:  heuristics to support a variety of quirky web <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">frameworks</a> and  mixed-technology sites, with automatic learning capabilities, on-the-fly  wordlist creation, and form autocompletion. </li>
</ul>
<ul style="text-align: justify;">
<li><b>Cutting-edge security logic</b>:  high quality, low false positive, differential security checks, capable  of spotting a range of subtle flaws, including blind injection vectors.  </li>
</ul>
<div style="text-align: justify;">
The tool is believed to support <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, FreeBSD, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOS X</a>, and <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (Cygwin) environments. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/kqx8rp7Cnwc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows | Mac | Linux ::</b> <a href="http://skipfish.googlecode.com/files/skipfish-2.10b.tgz" target="_blank">Skipfish v2.10b</a> (.tgz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://code.google.com/p/skipfish/">http://code.google.com/p/skipfish/</a></div>

Skipfish (Web Application Security Scanner) :: Tools

Skipfish is an active web application security reconnaissance tool . It prepares an interactive sitemap for the targeted site by carryi...

GoLismero (The Web Knife) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Golismero " border="0" height="380" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600-rw/Golismero+WIndows+Screenshot.png" title="Golismero " width="640" /></a></div>
<div style="text-align: justify;">
<b>GoLismero</b> is an open source framework for <a href="http://www.toolwar.com/search/label/Security" target="_blank"><b>security testing</b></a>. It's 
currently geared towards <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> security, but it can easily be expanded to 
other kinds of scans.</div>
<div style="text-align: justify;">
The most interesting features of the <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> are:</div>
<ul style="text-align: justify;">
<li>Real platform independence. Tested on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, *BSD and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">OS X</a>.</li>
<li>No native library dependencies. All of the framework has been written in pure Python.</li>
<li>Good performance when compared with other frameworks written in Python and other scripting languages.</li>
<li>Very easy to use.</li>
<li>Plugin development is extremely simple.</li>
<li>The framework also collects and unifies the results of well known tools: <a href="http://www.toolwar.com/2013/09/sqlmap-tools.html" target="_blank">sqlmap</a>, xsser, <a href="http://www.toolwar.com/2013/09/openvas-is-advanced-open-source.html" target="_blank">openvas</a>, <a href="http://www.toolwar.com/2013/10/dnsrecon-tools.html" target="_blank">dnsrecon</a>, <a href="http://www.toolwar.com/2013/09/theharvester-tools.html" target="_blank">theharvester</a>...</li>
<li>Integration with standards: CWE, CVE and OWASP.</li>
<li>Designed for cluster deployment in mind (not available yet).</li>
</ul>
<h3>
Tutorials ::</h3>
<b>Installation :: </b> <br />
Strictly speaking, GoLismero doesn't require installation - only its 
dependencies do. So if you want to use it on a system where you don't 
have root privileges, you can ask the system administrator to install 
them for you, and just run the "git checkout" command on your home 
folder.<br />
<b>Briefly Tutorial of Installation :: </b> <a href="https://github.com/golismero/golismero">Click Here</a><br />
<b>Basic Usages ::</b> <a href="https://github.com/golismero/golismero" target="_blank">Click Here</a><br />
<h3>
Download ::</h3>
<b>Linux | Mac | Windows :: </b><a href="https://github.com/golismero/golismero/archive/master.zip" target="_blank">GoLismero Archive</a> (.zip)<b> </b><br />
<b>Official Website :: </b><a href="https://github.com/golismero/golismero" target="_blank">https://github.com/golismero/golismero</a>

GoLismero (The Web Knife) :: Framework

GoLismero is an open source framework for security testing . It's currently geared towards web security, but it can easily be expa...

SAINT 8 (Security Auditing Suite) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="SAINT LOGO" border="0" height="107" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA7ITNbIsTcKUwW4ShEmmGIi_tc3r93_yUAm8uaCmmHsBBhYfr3EemJ8Cqkmicl1Fhpd9D3UxPy_DS7kuqAJEVvVADbttEn7PYmcWl3xA3gQEQWKeMojScYzNb7yO1L08sAs_4K6kEYXHm/s1600-rw/SAINT.jpg" title="SAINT LOGO" width="200" /></div>
<b>SAINT 8</b> is a <b>fully-integrated security tool suite</b> that combines <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability scanning</a>, with <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>, social engineering 
tools and configuration assessments. Use the combined power of these 
tools to identify vulnerabilities on <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices, operating systems,
 desktop applications, <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web applications</a>, databases, and more; run 
packaged penetration tests through pre-configured policies, run 
vulnerability-specific exploits for target-directed investigation; 
execute social engineering through packaged exploit Tools; and execute 
platform-specific configuration auditing, using NIST’s SCAP standards 
and protocols.  <b>SAINT 8 </b>then provides a robust set of <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> and 
reporting features to perform ad hoc analytics, view strategic level 
results across 1 or many assessments, and then build reports from 
pre-defined templates, compliance reports or build your own custom 
reports from over 150 customizable settings. <b>SAINT's</b> current repository 
includes over 4,200 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> checks and 900+ exploits - which span 
over 48,000 Common Vulnerability Exposures (CVEs), plus numerous 
vulnerabilities that do not currently have a CVE assigned. Vulnerability
 checks and exploit development is a daily activity, that includes 
delivery of new checks twice a week, through an automated plug-in. This 
agentless scanning solution can be delivered via a cloud-based version <b>
(WebSAINT Pro 8)</b>, deployed standalone, shared as a server-based 
solution, or as a multi-<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> architecture for large enterprise or 
load balanced scanning.</div>
<br />
<h3>
Tutorials ::</h3>
<b>Video Tutorial :: </b><a href="http://www.youtube.com/watch?v=ibW6gLNYrf8" target="_blank">Click Here </a><br />
<b>Exploit Tools List :: </b><a href="http://www.saintcorporation.com/solutions/exploitTools.html" target="_blank">Click Here</a><b></b><br />
<br />
<h3>
Download :: </h3>
<b>Windows :: </b><a href="https://www.saintcorporation.com/resources/requestEvaluation.html" target="_blank">Request a Evaluation Copy</a><b> </b><br />
<b>Official Website :: </b><a href="https://www.saintcorporation.com/products/SAINT8.html">https://www.saintcorporation.com/products/SAINT8.html</a><br />
<b>Submitted By :: </b>SAINT Corporation <br />
<div style="text-align: justify;">
<br /></div>

SAINT 8 (Security Auditing Suite) :: Framework

SAINT 8 is a fully-integrated security tool suite that combines vulnerability scanning , with penetration testing , social engineering ...

Wafw00f (Web Application Firewall Detection) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="wafw00f screenshot" border="0" height="281" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600-rw/wafw00f+screenshot.JPG" title="wafw00f screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Web Application Firewalls (WAFs) </b>can be detected through 
stimulus/response testing scenarios. Here is a short listing of possible
 detection methods:
</div>
<ul style="text-align: justify;">
<li><b>Cookies</b>: Some WAF products add their own cookie in the HTTP communication.
</li>
<li><b>Server Cloaking</b>: Altering URLs and Response Headers
</li>
<li><b>Response Codes</b>: Different error codes for hostile pages/parameters values
</li>
<li><b>Drop Action</b>: Sending a FIN/RST packet (technically could also be an IDS/IPS)
</li>
<li><b>Pre Built-In Rules</b>: Each WAF has different negative security signatures
</li>
</ul>
<div style="text-align: justify;">
<b>WafW00f </b>is based on these assumptions to determine remote WAFs. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<pre>$ <b>python wafw00f.py http://www.aldeid.com</b>
                                ^     ^
       _   __  _   ____ _   __  _    _   ____
      ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
     | V V // o // _/ | V V // 0 // 0 // _/  
     |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/    
                               <   
                                ...'
                                
   WAFW00F - Web Application Firewall Detection Tool
   
   By Sandro Gauci && Wendel G. Henrique

Checking http://www.aldeid.com
Generic Detection results:
The site http://www.aldeid.com <span style="background: #ffff00; color: black;">seems to be behind a WAF </span>
Reason: Blocking is being done at connection/packet level.
Number of requests: 13</pre>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<pre>$ <b>cd /data/pentest/web/</b>
$ <b>svn checkout <a class="external free" href="http://waffit.googlecode.com/svn/trunk/" rel="nofollow" target="_blank">http://waffit.googlecode.com/svn/trunk/</a> waffit-read-only</b></pre>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.aldeid.com/wiki/Wafw00f">http://www.aldeid.com/wiki/Wafw00f</a></div>

Wafw00f (Web Application Firewall Detection) :: Tools

Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detec...

BlindElephant (Web Application Fingerprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt-PGEQbszCnUumUvyuXZt9TWyLVMKHh4zJ6Nms53hyphenhyphenEdN-vLqt0RuDiSAnxFXphRcokFnxoZolzQ5zf4XZL-iQlMn-HMKs3twBbf5TdM_E1hO169ojrWt8AAj2r1IrStX8rDokXXSae8/s1600/BlindElephant+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="287" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt-PGEQbszCnUumUvyuXZt9TWyLVMKHh4zJ6Nms53hyphenhyphenEdN-vLqt0RuDiSAnxFXphRcokFnxoZolzQ5zf4XZL-iQlMn-HMKs3twBbf5TdM_E1hO169ojrWt8AAj2r1IrStX8rDokXXSae8/s1600-rw/BlindElephant+logo.png" width="320" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The <b>BlindElephant</b> is a <b>Web Application Fingerprinter</b> attempts to discover the 
version of a (known) <a href="http://www.toolwar.com/search/label/Web" target="_blank">web application</a> by comparing static files at known 
locations against precomputed <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hashes</a> for versions of those files in all 
all available releases. The technique is fast, low-bandwidth, 
non-invasive, generic, and highly automatize. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Discussion and Forum :: </b><a href="http://www.qualys.com/blindelephant" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>Installation ::</b></div>
<div style="text-align: justify;">
Installation is only required if you plan to use BlindElephant as a 
library. Make sure that your <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> installation has distutils, and then
 do: </div>
<div style="text-align: justify;">
<span style="font-size: large;"><span style="font-family: "Courier New",Courier,monospace;"><code>cd blindelephant/src</code><code>sudo python setup.py install</code></span></span></div>
<br />
<b>Example Usage (Command Line) :: </b><br />

setup.py will have placed BlindElephant.py in your /usr/local/bin dir. 
<br />
<pre style="border-left: 5px solid #ddd; padding: 10px;"><span style="font-family: "Courier New",Courier,monospace;">$ BlindElephant.py 
Usage: BlindElephant.py [options] url appName

Options:
  -h, --help            show this help message and exit
  -p PLUGINNAME, --pluginName=PLUGINNAME
                        Fingerprint version of plugin (should apply to web app
                        given in appname)
  -s, --skip            Skip fingerprinting webpp, just fingerprint plugin
  -n NUMPROBES, --numProbes=NUMPROBES
                        Number of files to fetch (more may increase accuracy).
                        Default: 15
  -w, --winnow          If more than one version are returned, use winnowing
                        to attempt to narrow it down (up to numProbes
                        additional requests).
  -l, --list            List supported webapps and plugins

Use "guess" as app or plugin name to attempt to attempt to
discover which supported apps/plugins are installed.

$ python BlindElephant.py http://laws.qualys.com movabletype
Loaded /usr/local/lib/python2.6/dist-packages/blindelephant/dbs/movabletype.pkl with 96 versions, 2229 differentiating paths, and 209 version groups.
Starting BlindElephant fingerprint for version of movabletype at http://laws.qualys.com

Fingerprinting resulted in:
4.22-en
4.22-en-COM
4.23-en
4.23-en-COM

Best Guess: 4.23-en-COM</span>
</pre>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;"><span style="font-family: "Courier New",Courier,monospace;"><code><span style="font-family: "Helvetica Neue",Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>More Help :: </b><a href="http://sourceforge.net/p/blindelephant/code/HEAD/tree/trunk/" target="_blank">Click Here</a></span></span> </code></span></span></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: left;">
<b>Linux Command  :: </b><code>svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant</code></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://blindelephant.sourceforge.net/">http://blindelephant.sourceforge.net/</a></div>

BlindElephant (Web Application Fingerprinting) :: Tools

The BlindElephant is a Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing sta...

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600/IronWASP+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="IronWASP Screenshot" border="0" height="222" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600-rw/IronWASP+Screenshot.png" title="IronWASP Screenshot" width="640" /></a></div>
<b>IronWASP (Iron Web application Advanced Security testing Platform)</b> is an  open source <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> for <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> application <a href="http://www.toolwar.com/search/label/Vulenrability" target="_blank">vulnerability</a> testing. It is  designed to be customizable to the extent where users can create their  own custom <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanners</a> using it.         Though an advanced user with <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>/Ruby scripting expertise  would be able to make full use of the platform, a lot of the tool's  features are simple enough to be used by absolute beginners. </div>
<div style="text-align: justify;">
<b>IronWASP</b> has a plugin system that supports Python and Ruby. The version  of Python and Ruby used in <b>IronWASP</b> is IronPython and IronRuby which is  syntactically similar to CPython and CRuby. However some of the standard  libraries might not be available, instead plugin authors can make use  of the powerful IronWASP API.                   </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>IronWASP Blog : : </b><a href="http://blog.ironwasp.org/" target="_blank">Click Here </a></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/yUoPRnEf22I?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://ironwasp.org/ironwasp.zip" target="_blank">IronWASP v0.9.7.5</a><b> </b>(.zip)</div>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<div style="text-align: justify;">
<b><span style="font-family: "Courier New",Courier,monospace;">wget http://blog.anantshri.info/content/uploads/2013/01/ironwasp_installer.sh.txt -O ~/ironwasp_installer.sh && sh ~/ironwasp_installer.sh </span></b></div>
<div style="text-align: justify;">
<b>Mac :: </b>IronWASP runs on Mac with <a href="http://www.codeweavers.com/products/">CrossOver</a>.</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://ironwasp.org/">http://ironwasp.org/</a></div>

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testin...

Subscribe to: Comments ( Atom )