ToolWar | Information Security (InfoSec) Tools: OWASP

OWASP Androick (Forensic Analysis on Android) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="Android Forensics" border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZJ_1RDUELmZ8Hp8cgrssB5b0X5mgQR8j1Vwh1HV1yITtkSA9nd57u9Vod3tLTOgvRJRdActpiJ0szI73A-Y38mXv3e43879WHZ30qYNoak_X9fz6wcJjDDe8pYSZc4iYwuJFzZmPMKizj/s1600/Android+Forensics.jpg" title="Android Forensics" width="400" /></div>
<div style="text-align: justify;">
<b>OWASP Androick</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python tool</a> to help in <b>forensics analysis on android</b>.
Put the package name, some options and the programm will download 
automatically apk, datas, files permissions, manifest, databases and 
logs.
It is easy to use and avoid all repetitives tasks !</div>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<div style="text-align: justify;">
<b>Usages :: </b></div>
<pre><code><span style="font-family: "Courier New",Courier,monospace;">1) show help message
    ./androick.py -h
</span>
2) show informations
    ./androick.py -a

3) select device to use
    ./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
    ./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...

4) find package name
    ./androick.py [-v] -f <Part of package name>

5) download all related things of application
    ./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...

6) select only things you want extract
    ./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] </code></pre>
<pre><code>[-m --memory-dump]  [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...

7) how to use option --keyLogs
        --keyLogs="key1,key2,key3"
    if more than one package
        --keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3" </code></pre>
<pre><code> </code></pre>
<pre><code>Example :
./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player

/!\ The memory dump option will mostly not works with production builds </code></pre>
<h2>
<a class="anchor" href="https://github.com/Flo354/Androick#author" name="user-content-author"></a><code> </code></h2>
<h3 style="text-align: justify;">
Dependencies ::</h3>
<div style="text-align: justify;">
Python - Python >=2.6 | Python Magic</div>
<div style="text-align: justify;">
SDK - aapt | adb | hprof-conv</div>
<div style="text-align: justify;">
Others - a rooted device | sqlite3</div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Windows | Linux | Mac :: </b><a href="https://github.com/Flo354/Androick/archive/master.zip" target="_blank">OWASP Androick</a><b> </b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="https://www.owasp.org/index.php/OWASP_Androick_Project">https://www.owasp.org/index.php/OWASP_Androick_Project</a></div>

OWASP Androick (Forensic Analysis on Android) :: Tools

OWASP Androick is a python tool to help in forensics analysis on android . Put the package name, some options and the programm will dow...

OWASP iOSForensics (Forensic Analysis on iOS) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="OWASP iOSForensics" border="0" height="376" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVLCKwgu3zOqgZkzDNIxnBt6nCpUZPd2gX3PNuOAtqysK41AnLv8Yicnn5Jgj86S9f4u3QXuw29oLRJLVkYa4JbGB_6UDqINyA0snRuKK-rGGhtp-8MZRzGoaJqm0heDkj6NmbBr9scPd_/s1600/iOSForensics.jpg" title="OWASP iOSForensics" width="640" /></div>
<div style="text-align: justify;">
<b>OWASP iOSForensic</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python tool</a> to help in <b>forensics analysis on iOS</b>. It get files, logs, extract sqlite3 databases and uncompress .plist files in xml.
<b>OWASP iOSForensic</b> is free to use. It is licensed under the GNU GPL v3 
License, so you can copy, distribute and transmit the work, and you can 
adapt it, and use it commercially, but all provided that you attribute 
the work and if you alter, transform, or build upon this work, you may 
distribute the resulting work only under the same or similar license to 
this one. </div>
<h3 style="text-align: justify;">
Features :: </h3>
OWASP iOSForensic  provides:
<br />

<ul>
<li> Application's files
</li>
<li> Conversion of .plist files in XML
</li>
<li> Extract all databases
</li>
<li> Conversion of binary cookies
</li>
<li> Application's logs
</li>
<li> A List of all packages
</li>
<li> Extraction multiple packages </li>
</ul>
<h3>
Tutorials :: </h3>
<b>Usages :: </b><br />
<ul class="task-list">
<li>  -h --help : show help message</li>
<li>  -a --about : show informations</li>
<li>  -v --verbose : verbose mode</li>
<li>  -i --ip : local ip address of the iOS terminal</li>
<li>  -p --port : ssh port of the iOS terminal (default 22)</li>
<li>  -P --password : root password of the iOS terminal (default alpine)</li>
</ul>
<b>Examples :: </b> <br />
<br />
<pre><code>./iOSForensic.py -i 192.168.1.10 [OPTIONS] APP_NAME.app INCOMPLETE_APP_NAME APP_NAME2_WITHOUT_DOT_APP
./iOSForensic.py -i 192.168.1.10 -p 1337 -P pwd MyApp.app angry MyApp2</code></pre>
<h3>
Download ::</h3>
<b>Linux :: </b><a href="https://github.com/Flo354/iOSForensic/archive/master.zip" target="_blank">OWASP iOSForensics</a><br />
<b>Official Website :: </b><a href="https://www.owasp.org/index.php/Projects/OWASP_iOSForensic">https://www.owasp.org/index.php/Projects/OWASP_iOSForensic</a><br />
<div style="text-align: justify;">
<br /></div>

OWASP iOSForensics (Forensic Analysis on iOS) :: Tools

OWASP iOSForensic is a python tool to help in forensics analysis on iOS . It get files, logs, extract sqlite3 databases and uncompress ...

Xenotix XSS Exploit Framework v4.5 :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.owasp.org/images/9/98/Xenotix.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Xenotix XSS Framework" border="0" height="237" src="https://www.owasp.org/images/9/98/Xenotix.png" title="Xenotix XSS Framework" width="400" /></a></div>
<div style="text-align: justify;">
<b>OWASP Xenotix XSS Exploit Framework</b> is an advanced <a href="http://www.toolwar.com/search/label/XSS" target="_blank">Cross Site  Scripting (XSS)</a> vulnerability detection and exploitation <a href="http://www.toolwar.com/search/label/Framework" target="_blank">framework</a>. It  provides Zero False Positive scan results with its unique Triple Browser  Engine (Trident, WebKit, and Gecko) embedded <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner.</a> It is claimed to  have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS  Payloads for effective XSS vulnerability detection and WAF Bypass. It  is incorporated with a feature rich <a href="http://www.toolwar.com/search/label/Information-Gathering" target="_blank">Information Gathering</a> module for  target Reconnaissance. The Exploit Framework includes highly offensive  XSS <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> modules for <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration</a> Testing and Proof of Concept  creation. </div>
<div style="text-align: justify;">
<div style="border: none; color: black; font-size: 120%; margin: 0;">
<br />
<span style="font-size: small;"><b>SCANNER MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">Manual Mode Scanner
</span></li>
<li><span style="font-size: small;">Auto Mode Scanner
</span></li>
<li><span style="font-size: small;">DOM Scanner
</span></li>
<li><span style="font-size: small;">Multiple Parameter Scanner
</span></li>
<li><span style="font-size: small;">POST Request Scanner
</span></li>
<li><span style="font-size: small;">Header Scanner
</span></li>
<li><span style="font-size: small;">Fuzzer
</span></li>
<li><span style="font-size: small;">Hidden Parameter Detector
</span></li>
</ul>
<span style="font-size: small;">
</span><span style="font-size: small;"><b>INFORMATION GATHERING MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">WAF Fingerprinting
</span></li>
<li><span style="font-size: small;">Victim Fingerprinting
</span></li>
<li><span style="font-size: small;">Browser Fingerprinting
</span></li>
<li><span style="font-size: small;">Browser Features Detector
</span></li>
<li><span style="font-size: small;">Ping Scan
</span></li>
<li><span style="font-size: small;">Port Scan
</span></li>
<li><span style="font-size: small;">Internal Network Scan
</span></li>
</ul>
<span style="font-size: small;">
</span><span style="font-size: small;"><b>EXPLOITATION MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">Send Message
</span></li>
<li><span style="font-size: small;">Cookie Thief
</span></li>
<li><span style="font-size: small;">Phisher
</span></li>
<li><span style="font-size: small;">Tabnabbing
</span></li>
<li><span style="font-size: small;">Keylogger
</span></li>
<li><span style="font-size: small;">HTML5 DDoSer
</span></li>
<li><span style="font-size: small;">Load File
</span></li>
<li><span style="font-size: small;">Executable Drive By
</span></li>
<li><span style="font-size: small;">JavaScript Shell
</span></li>
<li><span style="font-size: small;">Reverse HTTP WebShell
</span></li>
<li><span style="font-size: small;">Drive-By Reverse Shell
</span></li>
<li><span style="font-size: small;">Metasploit Browser Exploit
</span></li>
<li><span style="font-size: small;">Firefox Reverse Shell Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Session Stealer Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Keylogger Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox DDoSer Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Linux Credential File Stealer Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Download and Execute Addon (Persistent)
</span></li>
</ul>
<span style="font-size: small;">
</span><span style="font-size: small;"><b>UTILITY MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">WebKit Developer Tools
</span></li>
<li><span style="font-size: small;">Payload Encoder
</span></li>
<li><span style="font-size: small;">JavaScript Beautify
</span></li>
<li><span style="font-size: small;">Hash Calculator
</span></li>
<li><span style="font-size: small;">Hash Detector
</span></li>
</ul>
</div>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/dCo5BCJWOdA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Windows :: </b><span style="color: #3d85c6;"><span style="background-color: white;"><a href="http://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rarhttp://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rar" target="_blank">OWASP Xenotix v4.5</a> </span></span></div>
<div style="text-align: justify;">
<b>Official Websites :: </b>http://www.owasp.org/</div>
</div>

Xenotix XSS Exploit Framework v4.5 :: Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework . It...

CSRFTester (CSRF Vulnerability Tester) :: Tools

<div style="text-align: justify;">
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s1600/CSRF-tester+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="csrf tester screenshot" border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s400/CSRF-tester+screenshot.png" title="csrf tester screenshot" width="400" /></a> </div>
<b>OWASP CSRFTester</b> is a tool for <b>testing CSRF vulnerability in websites</b>. Just when developers are starting to run in circles over Cross Site  Scripting, the 'sleeping giant' awakes for yet another web-catastrophe.<b>  Cross-Site Request Forgery (CSRF) </b>is an attack whereby the victim is  tricked into loading information from or submitting information to a web  application for which they are currently authenticated. The problem is  that the web application has no means of verifying the integrity of the  request. The <b>OWASP CSRFTester </b>Project attempts to give developers the  ability to test their applications for CSRF flaws. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Luocnr0t8_o?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Zip :: </b><a href="https://www.owasp.org/images/0/08/CSRFTester-1.0.zip" target="_blank">CSRFTester-1.0.zip</a><br />
<b>Official Website :: </b> <a href="https://www.owasp.org/">https://www.owasp.org/</a></div>

CSRFTester (CSRF Vulnerability Tester) :: Tools

OWASP CSRFTester is a tool for testing CSRF vulnerability in websites . Just when developers are starting to run in circles over Cross...

SRDF - Security Research and Development Framework :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="SRDF - Security Research and Development Framework" border="0" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGnFfLl9tWVJH2zHKe7QLRdJ4tE1-4JAVwWqtOKo-ds-ItC_74qf8W7on7y6J8LHN7QOoORnyUYL9kjj92u8pROLRqs2-pzuPS2_fdPhfbbIAtfarXwCUSP_srtZSZgrFQ8NKSyvpKJCAy/s640/SRDF+Logo.jpg" title="SRDF - Security Research and Development Framework" width="640" /></div>
<div style="text-align: justify;">
<b>SRDF - Security Research and Development Framework</b> is a free open source <i>Development Framework</i> created to support <i>
writing security tools and malware analysis tools</i>. And to convert the 
security researches and ideas from the theoretical approach to the 
practical implementation.  </div>
<div style="text-align: justify;">
This development framework created 
mainly to support the malware field to create malware analysis tools and
 anti-virus tools easily without reinventing the wheel and inspire the 
innovative minds to write their researches on this field and implement 
them using SRDF. </div>
<h3 style="text-align: justify;">
<span style="font-size: large;"><b>Introduction:</b></span> </h3>
<div style="text-align: justify;">
In the 
last several years, the malware black market grows widely. The 
statistics shows that the number of new viruses increased from 300,000 
viruses to millions and millions nowadays. </div>
<div style="text-align: justify;">
The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame. </div>
<div style="text-align: justify;">
The
 malware field is searching for new technologies and researches, 
searching for united community can withstand against these attacks. And 
that’s why SRDF </div>
<div style="text-align: justify;">
The SRDF is not and will not be developed by one 
person or a team. It will be developed by a big community tries to share
 their knowledge and tools inside this Framework </div>
<div style="text-align: justify;">
SRDF still not 
finished … and it will not be finished as it’s a community based 
framework developed by the contributors. We just begin the idea. </div>
<div style="text-align: justify;">
The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section. </div>
<h3 style="text-align: justify;">
<span style="font-size: large;"><b>The Features:</b></span> </h3>
<div style="text-align: justify;">
Before
 talking about SRDF Design and structure, I want to give you what you 
will gain from SRDF and what it could add to your project. </div>
<div style="text-align: justify;">
In User-Mode part, SRDF gives you many helpful tools … and they are: </div>
<ul style="text-align: justify;">
<li>Assembler and Disassembler </li>
</ul>
<ul style="text-align: justify;">
<li>x86 Emulator </li>
</ul>
<ul style="text-align: justify;">
<li>Debugger </li>
</ul>
<ul style="text-align: justify;">
<li>PE Analyzer </li>
</ul>
<ul style="text-align: justify;">
<li>Process Analyzer (Loaded DLLs, Memory Maps … etc) </li>
</ul>
<ul style="text-align: justify;">
<li>MD5, SSDeep and Wildlist Scanner (YARA) </li>
</ul>
<ul style="text-align: justify;">
<li>API Hooker and Process Injection </li>
</ul>
<ul style="text-align: justify;">
<li>Backend Database, XML Serializer </li>
</ul>
<ul style="text-align: justify;">
<li>And many more </li>
</ul>
<div style="text-align: justify;">
In
 the Kernel-Mode part, it tries to make it easy to write your own filter
 device driver (not with WDF and callbacks) and gives an easy, object 
oriented (as much as we can) development framework with these features: </div>
<ul style="text-align: justify;">
<li>Object-oriented and easy to use development framework </li>
</ul>
<ul style="text-align: justify;">
<li>Easy IRP dispatching mechanism </li>
</ul>
<ul style="text-align: justify;">
<li>SSDT Hooker </li>
</ul>
<ul style="text-align: justify;">
<li>Layered Devices Filtering </li>
</ul>
<ul style="text-align: justify;">
<li>TDI Firewall </li>
</ul>
<ul style="text-align: justify;">
<li>File and Registry Manager </li>
</ul>
<ul style="text-align: justify;">
<li>Kernel Mode easy to use internet sockets </li>
</ul>
<ul style="text-align: justify;">
<li>Filesystem Filter </li>
</ul>
<div style="text-align: justify;">
Still the Kernel-Mode in progress and many features will be added in the near future. </div>
<h3 style="text-align: justify;">
Download ::  </h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://srdf.googlecode.com/files/SRDF-v1.00.rar" target="_blank">SRDF v1.0</a></div>
<div style="text-align: justify;">
<b>Help & Official Website :: </b>https://www.owasp.org/</div>

SRDF - Security Research and Development Framework :: Framework

SRDF - Security Research and Development Framework is a free open source Development Framework created to support writing security too...

OWASP Bricks (Web Application Security Learning Platform) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="owasp bricks logo toolwar" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxsW3jxRxCdfOllufBaZ0_uBwcmN-L7j2Fru8xOc1lTFeRLUMkcvyN_lnUYOrjG-Cv-Kr7b_qYk_j1a9LcRAikKyTgFkdJ9FQiNFFmJxMlrHdzndXtyTN6QhxPsCgBWGFX6oyy1lcxLLeR/s200/owasp+bricks+logo+toolwar.png" title="owasp bricks logo toolwar" width="199" /></div>
<div style="text-align: justify;">
<b>OWASP Bricks</b> is a <i>Web application security learning platform</i> built on PHP and MySQL. <b>Bricks</b> is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
<b>Bricks</b> is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
<b>Bricks</b> is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.</div>
<b></b><br />
<b></b><br />
<b></b><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/j5I0wPvQxTg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/mCo6ajvBv50?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>D</b><b>ownload Here :: </b><a href="http://sourceforge.net/projects/owaspbricks/files/Atrai%20-%201.8/OWASP%20Bricks%20-%20Atrai.zip/download" target="_blank">OWASP Bricks v1.8</a><br />
<b>Official Website :: </b>http://sechow.com/<b><br /></b></div>

OWASP Bricks (Web Application Security Learning Platform) :: Framework

OWASP Bricks is a Web application security learning platform built on PHP and MySQL. Bricks is a deliberately vulnerable web applicat...

Owasp Mantra (Browser Based Web Security Framework) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Owasp Mantra logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRrctdBWOhmYDQr246V7zjjW9kQoBxnS08108GujNouk7J1REEDUIjd6xdFgb7tlZvc9AGb1xJ1_E1wXBIkhT4Rg6ILFmQmUQkgns4JDBPiUh4Juv9Xy6p3vvVRuT2Wt2AqC8o3fI5OSGf/s1600/Owasp+Mantra+Logo.jpg" title="Owasp Mantra logo" /></div>
<b></b><br />
<div style="text-align: justify;">
<b><span itemprop="description">OWASP Mantra</span></b><span itemprop="description"> is a  Free and Open Source <i>Browser Based Web Security Framework</i></span><b>. OWASP Mantra</b> is a collection of free and open source  tools integrated into a web browser, which can become handy for  students, penetration testers, web application developers,security  professionals etc. It is portable, ready-to-run, compact and follows the  true spirit of free and open source software. </div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>OWASP Mantra</b>  is lite, flexible, portable and user friendly with a nice graphical  user interface. You can carry it in memory cards, flash drives, CD/DVDs,  etc. It can be run natively on Linux, Windows and Mac platforms. It can  also be installed on to your system within minutes. Mantra is  absolutely free of cost and takes no time for you to set up. </div>
<div style="text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/CRJkGZlV6Vk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download" target="_blank">OWASP Mantra</a> (for Windows)<b>
</b></div>
<div style="text-align: justify;">
                              <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download" target="_blank"> OWASP Mantra</a> (for Linux)<b> </b></div>
<div style="text-align: justify;">
                              <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download" target="_blank"> OWASP Mantra </a>(for MAC)<b> </b></div>
<div style="text-align: justify;">
<b>Official Website ::</b>  http://www.getmantra.com/</div>
</div>

Owasp Mantra (Browser Based Web Security Framework) :: Framework

OWASP Mantra is a Free and Open Source Browser Based Web Security Framework . OWASP Mantra is a collection of free and open source ...

Zed Attack Proxy ( Zaproxy ) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="ZAProxy Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmu0fkacdAzN-GWTtIyI1XINok6jSC1qVPlNiE4-TnxAZ1UesBgsD1o8zq0598LWwrn0_K48Bo-3AMzgdRMhxFYo6Sh3Ze0nN4RV2sTOxOO0ZL0ixnKLkIUryAOAPhyphenhypheng44Kda8MJxtYJxR/s1600/Zed+Attack+Proxy+Logo.png" title="ZAProxy logo" /></div>
<div style="text-align: justify;">
The <b>Zed Attack Proxy (ZAP)</b> is an easy to use integrated penetration  testing tool for finding <b>vulnerabilities in web applications.</b> It is designed to be used by people with a wide range of security  experience and as such is ideal for developers and functional testers  who are new to penetration testing. <b>ZAProxy</b> provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. </div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/a-lJafBdAeM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<b>
</b> <b> </b><br />
<b>Download Here :: </b><a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Mac_OS_X.zip" target="_blank">ZAP 2.2.1 MAC-OS.zip</a> (for MAC OS)
                          <br />
                               <a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Windows.exe" target="_blank">ZAP 2.2.1.exe </a>(for Windows) 
                           <br />
                               <a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Linux.tar.gz" target="_blank">ZAP 2.2.1.tar.gz</a> (for Linux)
<b> </b><br />
<b>Official Website ::</b> https://www.owasp.org/</div>

Zed Attack Proxy ( Zaproxy ) :: Tools

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It ...

WebScarab :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="WebScarab logo" border="0" height="159" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhkWpAj2eaWjfaiRF-kl2zXVpEPL7S4jyMW_aEtMjXRwyMaX4VfXV0KE0OQ1qDGVg9eWIyjep_NOmHixtl2M4v5vjJyd-Fiv8Q-BjtyY0HjYLNLPnZIZdw9WPscVa1OREn53vB1oEb8Hod/s200/webscarab.png" title="WebScarab logo" width="159" /></div>
<div style="text-align: justify;">
<b>WebScarab</b> is a framework that analyze applications that communicate  using the HTTP and HTTPS protocols. It is <i>written in Java</i>, and is thus  portable to many platforms. <b>WebScarab</b> has several modes of operation,  implemented by a number of plugins. In its most common usage, <b>WebScarab</b>  operates as an intercepting proxy, allowing the operator to review and  modify requests created by the browser before they are sent to the  server, and to review and modify responses returned from the server  before they are received by the browser. <b>WebScarab</b> is able to intercept  both HTTP and HTTPS communication. The operator can also review the  conversations (requests and responses) that have passed through  <b>WebScarab. </b></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/je8WEuV320g?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a class="name" href="http://sourceforge.net/projects/owasp/files/WebScarab/20070504-1631/webscarab-installer-20070504-1631.jar/download" title="Click to download webscarab-installer-20070504-1631.jar">webscarab-installer-20070504-1631.jar</a></div>
<div style="text-align: justify;">
                               <a class="name" href="http://sourceforge.net/projects/owasp/files/WebScarab/20070504-1631/webscarab-src-20070504-1631.zip/download" title="Click to download webscarab-src-20070504-1631.zip">webscarab-src-20070504-1631.zip</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b>https://www.owasp.org/<b> </b></div>
</div>

WebScarab :: Tools

WebScarab is a framework that analyze applications that communicate using the HTTP and HTTPS protocols. It is written in Java , and is...

Subscribe to: Posts ( Atom )