ToolWar | Information Security (InfoSec) Tools: Web

Kippo (Medium Interaction SSH honeypot) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="honeypot logo" border="0" height="147" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrUVnK5ckDMkuVIbcWb8PF91rmwlb202CsV5COPsOlOiB9OW8Kf3estPjnnsJ6541JweeCI7JeDX-vx7oaPW0hMvub34spaMUEdGh-MXyBI-z7LolJEQMxbiOP3YbNt9dKiStrduzDLTvT/s200-rw/honeypot_icon.jpg" title="honeypot logo" width="200" /></div>
<div style="text-align: justify;">
<b>Kippo</b> is a <i>medium interaction SSH honeypot</i> designed to log brute force  attacks and, most importantly, the entire shell interaction performed by  the attacker. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;">Features</span></div>
<div style="text-align: justify;">
Some interesting features: </div>
<ul style="text-align: justify;">
<li>Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included </li>
<li>Possibility  of adding fake file contents so the attacker can 'cat' files such as  /etc/passwd. Only minimal file contents are included  </li>
<li>Session logs stored in an UML compatible  format for easy replay with original timings  </li>
<li>Just like Kojoney, Kippo saves files downloaded with wget for later inspection </li>
<li>Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc  </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/7ACOXgeX3ik?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://kippo.googlecode.com/files/kippo-0.8.tar.gz" target="_blank">Kippo v0.8.tar.gz</a></div>
<div style="text-align: justify;">
<b>Source :: </b> http://code.google.com/p/kippo/</div>
</div>

Kippo (Medium Interaction SSH honeypot) :: Tools

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction pe...

Belch (Binary Protocol Pen-Testing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="binary penetration toolwar" border="0" height="225" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghScz4peffH3Ja7mGFWJDPwhNDV6F4dfiL3mFvd9W2fuHuDBj4LvJqkwRydZCF__q-Jqq-K6-2OXS-TClsJUkaXYlrCPp9PFm8VAOBw9kSfvH6lN6y8ylw5xcy5epYUTDvXIBCmCMXlHKl/s400-rw/binary+penetration+toolwar.jpg" title="binary penetration toolwar" width="400" /></div>
<span style="font-family: inherit;"><b>Belch</b> is a B<i>inary Protocol Pen-Testing Tool.</i> It is used to aid in automation of testing AMF and Java-Serialization applications.</span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"> </span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><b>Belch</b>  performs on the fly transformation of binary data to human readable XML  format. It was tested successfully against AMF version 3 and Java  Serialization applications. Belch can be used as a translation peer for  any Automatic scanner integrating automatic testing to the binary  communication. Belch has been tested with various scanners such as  BurpSuite, Accunetix, AppScan, Sqlmap etc.</span></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/6wiCy3yZvl4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b><span style="font-family: inherit;">Download Here ::</span></b><span style="font-family: inherit;"> <a href="https://www.appsec-labs.com/system/files/Belch_1.0.13.zip" target="_blank">Belch 1.0.13 (Windows)</a></span><b><span style="font-family: inherit;">
</span></b></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><b>Official Website :: </b>https://appsec-labs.com/ </span></div>
</div>

Belch (Binary Protocol Pen-Testing) :: Tools

Belch is a B inary Protocol Pen-Testing Tool. It is used to aid in automation of testing AMF and Java-Serialization applications. ...

SSL Vulnerability Analyzer :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH12DB6_ms3O3s1_td8BwM7StWC_nv4S2ExjursWZTouuu445awygxmJEjwkFBQ0YsXbsZFoHvtP3lH0D5vlc-ZXpPbRGp9kb5moG1o_dK7LjMhPelK6CgYkRdbRcbRtGtRxmmoQ5qcQGU/s1600/ssl+vulnerability+analyzer+toolwar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="SSL Vulnerability Analyzer toolwar" border="0" height="320" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH12DB6_ms3O3s1_td8BwM7StWC_nv4S2ExjursWZTouuu445awygxmJEjwkFBQ0YsXbsZFoHvtP3lH0D5vlc-ZXpPbRGp9kb5moG1o_dK7LjMhPelK6CgYkRdbRcbRtGtRxmmoQ5qcQGU/s320-rw/ssl+vulnerability+analyzer+toolwar.png" title="SSL Vulnerability Analyzer toolwar" width="264" /></a></div>
<div style="text-align: justify;">
The <b>SSL Vulnerabilities Analyzer</b> is designed for website owners and 
security testers. The tool takes a domain and/or IP address, tests the 
encryptions and algorithms supported by them and analyzes the results in
 a graphic form, reporting problematic encryption methods.</div>
<div style="text-align: justify;">
PS, the browser may warn you about a danger file, but it's because that the zip file contains an installation file.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Help/Tutorial :: </b><a href="https://appsec-labs.com/SSL_Analyzer/help" target="_blank">Click Here</a> </div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="https://appsec-labs.com/sites/default/files/d/tools/SSL_Vulnerabilities_analyzer/SSL_Analyzer_v1.1.zip" target="_blank">SSL Vulnerability Analyzer</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b>https://appsec-labs.com/ </div>
</div>

SSL Vulnerability Analyzer :: Tools

The SSL Vulnerabilities Analyzer is designed for website owners and security testers. The tool takes a domain and/or IP address, tes...

WAppEx (Web Application Exploiter) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy69Bs634VQydTJdv0uGtFpQKr3ts7eZw6ppQEaiyIybkyhkxNo7FP1mBlS7oZ-MTfnVkAX0YqJg5yifhrgQ90taO_P751HCiUSd3hrXBXP1-qD46VxnlmEySD4yRYu_eyy_XS5xdzAJwO/s1600/wappex+screenshot+toolwar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="WAppEx Screenshot ToolWar" border="0" height="235" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy69Bs634VQydTJdv0uGtFpQKr3ts7eZw6ppQEaiyIybkyhkxNo7FP1mBlS7oZ-MTfnVkAX0YqJg5yifhrgQ90taO_P751HCiUSd3hrXBXP1-qD46VxnlmEySD4yRYu_eyy_XS5xdzAJwO/s400-rw/wappex+screenshot+toolwar.png" title="WAppEx Screenshot ToolWar" width="400" /></a></div>
<div style="text-align: justify;">
<b>WAppEx</b> is an integrated <i>Web Application security</i>  assessment and exploitation platform designed with the whole spectrum of  security professionals to web application hobbyists in mind. It  suggests a security assessment model which revolves around an extensible  exploit database. Further, it complements the power with various tools  required to perform all stages of a web application attack.</div>
<div style="text-align: justify;">
The Exploit Database contains the all the logic associated with  trivial fingerprinting, exploitation techniques, and payloads that  address a wide range of web application vulnerabilities with the  emphasis being on high-risk and zero-day vulnerabilities.</div>
<div style="text-align: justify;">
Some of the vulnerabilities already bundled within the Exploit  Database include Local File Disclosure (LFD), Local File Inclusion  (LFI), Remote File Inclusion (RFI), SQL Injection (SQLI), Remote OS  Command Execution (RCE), and Server-side Code Injection (SCI). WAppEx  can detect these vulnerabilities in a target, take full advantage of it,  and through neatly designed payload codes get as much access to the  exploited target as possible in as short a time as possible. Some of the  payloads included within the database are various reverse shells,  arbitrary code execution, command execution, arbitrary file upload…</div>
<div style="text-align: justify;">
Since all the attack logic rests in the form of scripts within the  Exploit Database, it is easily extensible, flexible and updatable  through community servers. Users, too, can add mature, sophisticated  exploits and payloads in the same fashion. The database grows on a daily  basis, and our dedicated team of research and development are working  non-stop to maintain the richest, most up-to-date aggregate of exploits.  The number of exploits is soon bound to surpass hundreds. Meanwhile,  users can share their own created exploits and payloads with the  community and contribute to this growing momentum.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/6IXFN5fTvNk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://itsecteam.com/counter/?files=WAppEx/WAppEx2.0.exe" target="_blank">WAppEx 2.0.exe</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b>http://www.itsecteam.com/ </div>
</div>

WAppEx (Web Application Exploiter) :: Tools

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security p...

OWASP Bricks (Web Application Security Learning Platform) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="owasp bricks logo toolwar" border="0" height="200" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxsW3jxRxCdfOllufBaZ0_uBwcmN-L7j2Fru8xOc1lTFeRLUMkcvyN_lnUYOrjG-Cv-Kr7b_qYk_j1a9LcRAikKyTgFkdJ9FQiNFFmJxMlrHdzndXtyTN6QhxPsCgBWGFX6oyy1lcxLLeR/s200-rw/owasp+bricks+logo+toolwar.png" title="owasp bricks logo toolwar" width="199" /></div>
<div style="text-align: justify;">
<b>OWASP Bricks</b> is a <i>Web application security learning platform</i> built on PHP and MySQL. <b>Bricks</b> is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
<b>Bricks</b> is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
<b>Bricks</b> is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.</div>
<b></b><br />
<b></b><br />
<b></b><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/j5I0wPvQxTg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/mCo6ajvBv50?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>D</b><b>ownload Here :: </b><a href="http://sourceforge.net/projects/owaspbricks/files/Atrai%20-%201.8/OWASP%20Bricks%20-%20Atrai.zip/download" target="_blank">OWASP Bricks v1.8</a><br />
<b>Official Website :: </b>http://sechow.com/<b><br /></b></div>

OWASP Bricks (Web Application Security Learning Platform) :: Framework

OWASP Bricks is a Web application security learning platform built on PHP and MySQL. Bricks is a deliberately vulnerable web applicat...

Revenssis (Penetration Testing Suite for Android Devices) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
 <img alt="revenssis logo toolwar" border="0" height="320" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5akPP1gYogJsMY0bpiMUplwpdcoAnNdS8L6KM7gDgc3SKxos7q-Nq9vqTkjw6087MYguSsXpZd_73Azac59n9vrG46CPIYY881-rMZxH42vQUcK0mtCLM0EZlZuMtE4t2Owqa8liUPc55/s320-rw/revenssis+logo+toolwar.jpg" title="revenssis logo toolwar" width="213" /></div>
<div style="text-align: justify;">
<b>Revenssis</b> is a complete <i>Penetration testing suite for Android devices</i>. Nicknamed as the "Smartphone Version of Backtrack", Revenssis  Penetration Suite is a set of all the useful types of tools used in  Computer and Web Application security. Tools available in it include:  Web App scanners, Encode/Decode & Hashing tools, Vulnerability  Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH,  DNS/WHOIS Lookup, Traceroute, Port Scanner, Spam DB Lookup, Netstat...  etc). All these fitting in an application approx. 10MB (post  installation). </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Download Here ::</b> <a href="http://revenssis-penetration-testing-suite.googlecode.com/files/Revenssis.apk" target="_blank">Revenssis.apk</a> & (Available at Play Store)</div>
<div style="text-align: justify;">
<b>Source ::</b> http://code.google.com/p/revenssis-penetration-testing-suite/</div>
</div>

Revenssis (Penetration Testing Suite for Android Devices) :: Tools

Revenssis is a complete Penetration testing suite for Android devices . Nicknamed as the "Smartphone Version of Backtrack",...

Web-Sorrow (Web Security Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="web-sorrow logo toolwar" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnOHBqWrrM6YdiWnHWuSXu1hw29NNTVhSAjq4r1DQIgKad8aYZSfNdcOvACdnf8mUPaNbFAYLbM1Tt853Lb_tpG0qgN_XQLCNnSFMsuNr8A1JT216rUO42Z3DHdJwp6-OoBk1VmU4cdoRt/s1600-rw/websorrow+logo+toolwar.jpg" title="web-sorrow logo toolwar" /></div>
<div style="text-align: justify;">
<b>Web-Sorrow </b>is a<span itemprop="description"> <i>versatile security scanner</i> for the <i>information disclosure and fingerprinting</i> phases of pentesting.</span><b>Web-Sorrow</b> is a perl based tool for misconfiguration, version detection,   enumeration,  and server information scanning. It's entirely focused  on Enumeration and collecting Info  on the target server. <b>Web-Sorrow</b> is a  "safe to run" program, meaning it is not  designed to be an exploit or  perform any harmful attacks. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;">Basic overview of capabilities:</span></div>
<ul style="text-align: justify;">
<li><b>Web Services:</b> a CMS and it's version number, Social media widgets and buttons, Hosting provider, CMS plugins, and favicon fingerprints.</li>
<li><b>Authentication areas:</b> logins, admin logins, email webapps.</li>
<li><b>Bruteforce:</b> Subdomains, Files and Directories.</li>
<li><b>Stealth:</b> with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host.</li>
<li><b>AND MORE:</b> Sensitive files, default files, source disclosure, directory indexing, banner grabbing (see below for full capabilities) </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/1n1zKEi6BF8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>Download Here :: </b><a href="http://web-sorrow.googlecode.com/files/Web-Sorrow_v1.5.0FINAL%28patched_version%29.zip" target="_blank">Web-Sorrow 1.5.0.zip</a><br />
<b>Source ::</b> http://code.google.com/p/web-sorrow/<br />
<ul style="text-align: justify;">
</ul>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>

Web-Sorrow (Web Security Scanner) :: Tools

Web-Sorrow is a versatile security scanner for the information disclosure and fingerprinting phases of pentesting. Web-Sorrow is a p...

RAFT (Response Analysis and Further Testing Tool) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="raft screenshot toolwar" border="0" height="234" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimx_ZNEI51-G8nYISMge30CIKHECpzubYpi9piek4_sk1Vx-fycO9fyXjDqnJonrPsM9JtQnHlVYfLJherJ3izDMfofh8e8Io_SK8VHPH0kXza5Dzz389c2CdCyGPhWSsUJwgEhDhOo7Fi/s320-rw/raft+logo+toolwar.png" title="raft screenshot toolwar" width="320" /></div>
<div style="text-align: justify;">
<span style="font-family: Arial,Helvetica,sans-serif;"><b>RAFT</b> is a<i> Response Analysis and Further Testing Tool</i>. <b>RAFT</b> is a testing tool for the identification of vulnerabilities in 
web applications. <b>RAFT</b> is a suite of tools that utilize common shared 
elements to make testing and analysis easier. The tool provides 
visibility in to areas that other tools do not such as various client 
side storage.<b> RAFT</b> uses markup to create templates for fuzz testing. </span></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="http://raft.googlecode.com/files/RAFT-3.0.1-win32-setup.exe" target="_blank">RAFT 3.0.1.exe</a></div>
<div style="text-align: justify;">
<b>Source ::</b> http://code.google.com/p/raft/</div>
</div>

RAFT (Response Analysis and Further Testing Tool) :: Tools

RAFT is a Response Analysis and Further Testing Tool . RAFT is a testing tool for the identification of vulnerabilities in web appli...

Vega (Web Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="vega scanner logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitqDoBTtkOWZbJB0V8gJz3IkgP9erP4PYe2g0GG_Yy1h0owqXN7iIoOt6_0ZGHotmGgJUAsjT1XP8PoV330tgVjFZjEvyHtvN7NybCqt60IAafpqq3fE7IoBM0cA88uyjM6qtiEiQbLOW9/s1600-rw/vega+scanner+logo.JPG" title="vega scanner logo" /></div>
<div style="text-align: justify;">
<b>Vega</b> is a free and open source scanner and testing platform to test the  security of web applications. Vega can help you find and validate SQL  Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive  information,        and other vulnerabilities. It is written in Java, GUI based, and  runs on <b>Linux</b>,        <b>OS X</b>, and <b>Windows</b>.       <br />
<br />
Vega includes an automated scanner for quick tests and an  intercepting proxy for tactical inspection. The Vega scanner finds XSS  (cross-site scripting), SQL injection, and other vulnerabilities.       Vega can be extended using a powerful API in the language of the  web: <b>Javascript</b>.<br />
<div id="modules">
<h3>
Modules</h3>
<ul id="modulesList">
<li>Cross Site Scripting (XSS)</li>
<li>SQL Injection</li>
<li>Directory Traversal</li>
<li>URL Injection</li>
<li>Error Detection</li>
<li>File Uploads</li>
<li>Sensitive Data Discovery</li>
</ul>
<div id="core">
<h3>
Core</h3>
<ul id="coreList">
<li>Automated Crawler and Vulnerability Scanner</li>
<li>Consistent UI</li>
<li>Website Crawler</li>
<li>Intercepting Proxy</li>
<li>SSL MITM</li>
<li>Content Analysis</li>
<li>Extensibility through a Powerful Javascript Module API</li>
<li>Customizable alerts</li>
<li>Database and Shared Data Model</li>
</ul>
</div>
</div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/X3BGO9U8zuU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://www.subgraph.com/downloads/VegaSetup32.exe">Microsoft Windows 32-bit (x86)</a><br />
                               <a href="http://www.subgraph.com/downloads/VegaBuild-linux.gtk.x86.zip">Linux GTK 32-bit Intel</a><br />
                               <a href="http://www.subgraph.com/downloads/Vega.dmg">Mac OS X 32-bit Intel</a>  <b> </b><br />
<b>Official Website :: </b>http://www.subgraph.com/ 
</div>
</div>

Vega (Web Vulnerability Scanner) :: Tools

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and valid...

WebSploit (Social Engineering) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="websploit toolwar" border="0" height="168" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje9oakw4MwuEK6iy3HIek2xj5mb_LsZOay9_XMRBRyU35SQN-xtsA4v-gwp4fWeo1cV1b8_dEqn9HhojRyIDzb7nJoYNan32e9z42TsFIncTz5P9HCekjl9StYeAHMUqCPD7VGIrOiOAZI/s200-rw/websploit+toolwar.png" title="websploit toolwar" width="200" /></div>
<div style="text-align: justify;">
<b>WebSploit</b> is a <b>Framework</b> for Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Network Attacks and done a lot things.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service</div>
<div style="text-align: justify;">
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin</div>
<div style="text-align: justify;">
[+]format infector - inject reverse & bind payload into file format</div>
<div style="text-align: justify;">
[+]phpmyadmin Scanner</div>
<div style="text-align: justify;">
[+]LFI Bypasser</div>
<div style="text-align: justify;">
[+]Apache Users Scanner</div>
<div style="text-align: justify;">
[+]Dir Bruter </div>
<div style="text-align: justify;">
[+]admin finder </div>
<div style="text-align: justify;">
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks</div>
<div style="text-align: justify;">
[+]MITM - Man In The Middle Attack</div>
<div style="text-align: justify;">
[+]Java Applet Attack</div>
<div style="text-align: justify;">
[+]MFOD Attack Vector </div>
<div style="text-align: justify;">
[+]USB Infection Attack </div>
<div style="text-align: justify;">
[+]ARP Dos Attack</div>
<div style="text-align: justify;">
[+]Web Killer Attack</div>
<div style="text-align: justify;">
[+]Fake Update Attack</div>
<div style="text-align: justify;">
[+]Fake Access point Attack</div>
<div style="text-align: justify;">
[+]Wifi Honeypot</div>
<div style="text-align: justify;">
[+]Wifi Jammer</div>
<div style="text-align: justify;">
[+]Wifi Dos</div>
<div style="text-align: justify;">
[+]Bluetooth POD Attack</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/E80oxU4qH_k?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>Download Here :: </b><a href="http://sourceforge.net/projects/websploit/files/latest/download" target="_blank">WebSploit Framework v2.0.4</a> (for Linux)<br />
<b>Source ::</b> http://sourceforge.net/projects/websploit/</div>

WebSploit (Social Engineering) :: Framework

WebSploit is a Framework for Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Network Attacks and done...

Plecost (Wordpress Fingerprinting) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="plecost toolwar" border="0" height="125" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBHuory4E0AoQuGVKSzfeD2m0Sg2jDwQH2-3a65iMNtFyqZWvaHXt4atW0QBG1toIQHMJ9k_LJMY0XxohKsnpaV_TDkE3duLnLEzYs6hcT0cojeU1vZD4MPCJvJZrzEtKiFfvgmc1C8-en/s200-rw/logo_plecost.jpg" title="plecost toolwar" width="200" /></div>
<div style="text-align: left;">
<span id="goog_705127854"></span><span id="goog_705127855"></span><br /></div>
<div style="text-align: justify;">
<b>Plecost  </b>is a <i>Wordpress finger printer tool</i>, plecost search and retrieve  information  about the plugins versions installed in Wordpress systems.  It can analyze  a single URL or perform an analysis based on the results  indexed by Google.  Additionally displays CVE code associated with each  plugin, if there. </div>
<div style="text-align: justify;">
<b>Plecost </b>retrieves the information contained on  Web sites supported by  Wordpress, and also allows a search on the  results indexed by Google. </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ZoKlR2UhgWY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: <a href="http://plecost.googlecode.com/files/plecost-0.2.2-9-beta.tar.gz" target="_blank">Plecost 0.2.2.9beta </a></b>(for Linux)</div>
<div style="text-align: justify;">
<b>Official Website :: </b>http://www.iniqua.com/ </div>
</div>

Plecost (Wordpress Fingerprinting) :: Tools

Plecost is a Wordpress finger printer tool , plecost search and retrieve information about the plugins versions installed in Wordpr...

Owasp Mantra (Browser Based Web Security Framework) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Owasp Mantra logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRrctdBWOhmYDQr246V7zjjW9kQoBxnS08108GujNouk7J1REEDUIjd6xdFgb7tlZvc9AGb1xJ1_E1wXBIkhT4Rg6ILFmQmUQkgns4JDBPiUh4Juv9Xy6p3vvVRuT2Wt2AqC8o3fI5OSGf/s1600-rw/Owasp+Mantra+Logo.jpg" title="Owasp Mantra logo" /></div>
<b></b><br />
<div style="text-align: justify;">
<b><span itemprop="description">OWASP Mantra</span></b><span itemprop="description"> is a  Free and Open Source <i>Browser Based Web Security Framework</i></span><b>. OWASP Mantra</b> is a collection of free and open source  tools integrated into a web browser, which can become handy for  students, penetration testers, web application developers,security  professionals etc. It is portable, ready-to-run, compact and follows the  true spirit of free and open source software. </div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>OWASP Mantra</b>  is lite, flexible, portable and user friendly with a nice graphical  user interface. You can carry it in memory cards, flash drives, CD/DVDs,  etc. It can be run natively on Linux, Windows and Mac platforms. It can  also be installed on to your system within minutes. Mantra is  absolutely free of cost and takes no time for you to set up. </div>
<div style="text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/CRJkGZlV6Vk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download" target="_blank">OWASP Mantra</a> (for Windows)<b>
</b></div>
<div style="text-align: justify;">
                              <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download" target="_blank"> OWASP Mantra</a> (for Linux)<b> </b></div>
<div style="text-align: justify;">
                              <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download" target="_blank"> OWASP Mantra </a>(for MAC)<b> </b></div>
<div style="text-align: justify;">
<b>Official Website ::</b>  http://www.getmantra.com/</div>
</div>

Owasp Mantra (Browser Based Web Security Framework) :: Framework

OWASP Mantra is a Free and Open Source Browser Based Web Security Framework . OWASP Mantra is a collection of free and open source ...

WebVulScan :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="webvulscan logo" border="0" height="81" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9FLujpJDiKSgCxd2omhEfyclXF4hvby5jnLlqtMync5SkKiG0L0vl9k5Q8U8Bcvae_LHuY-IRdDxwntDNxTuzxnreDQb76xx2Be-jBECYlRfWn_Adw-ZQp9g01-H_oEeg1B1jcd2SdgzA/s1600-rw/webvulscan+logo.png" title="webvulscan logo" width="320" /></div>
<div style="text-align: justify;">
<b>WebVulScan</b>
 is a <i>web application vulnerability scanner</i>. It is a web application 
itself written in PHP and can be used to test remote, or local, web 
applications for security vulnerabilities. As a scan is running, details
 of the scan are dynamically updated to the user. These details include 
the status of the scan, the number of URLs found on the web application,
 the number of vulnerabilities found and details of the vulnerabilities 
found.  </div>
<div style="text-align: justify;">
After a scan is complete, a detailed PDF report is 
emailed to the user. The report includes descriptions of the 
vulnerabilities found, recommendations and details of where and how each
 vulnerability was exploited. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>The vulnerabilities tested by WebVulScan are:</b><br /> </div>
<ul style="text-align: justify;">
<li>Reflected Cross-Site Scripting</li>
<li>Stored Cross-Site Scripting</li>
<li>Standard SQL Injection</li>
<li>Broken Authentication using SQL Injection</li>
<li>Autocomplete Enabled on Password Fields</li>
<li>Potentially Insecure Direct Object References</li>
<li>Directory Listing Enabled</li>
<li>HTTP Banner Disclosure</li>
<li>SSL Certificate not Trusted</li>
<li>Unvalidated Redirects</li>
</ul>
<div style="text-align: justify;">
<b>Features:</b><br /> </div>
<ul style="text-align: justify;">
<li>Crawler: Crawls a website to identify and display all URLs belonging to the website.</li>
<li>Scanner: Crawls a website and scans all URLs found for vulnerabilities.</li>
<li>Scan History: Allows a user to view or download PDF reports of previous scans that they performed.</li>
<li>Register: Allows a user to register with the web application.</li>
<li>Login: Allows a user to login to the web application.</li>
<li>Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).</li>
<li>PDF Generation: Dynamically generates a detailed PDF report.</li>
<li>Report Delivery: The PDF report is emailed to the user as an attachment.</li>
</ul>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="https://webvulscan.googlecode.com/files/webvulscan_v0.12.zip" target="_blank">WebVulScan v0.12</a></div>
<div style="text-align: justify;">
<b>Source ::</b> https://code.google.com/p/webvulscan/</div>
</div>

WebVulScan :: Tools

WebVulScan is a web application vulnerability scanner . It is a web application itself written in PHP and can be used to test remote,...

PHP Vulnerability Hunter :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="PHP Vulnerability Hunter" border="0" height="100" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG8un62G9aI66KfYY1jKVyVDkPxQhrDMFRtAWDZgKTmruDEGViZovWt_bflJZPkTCbSYaOmr8DJqXBgmmuJIMVMdAQ-3FgZomagEe0TatijEm9wWpy-1xtJThMKH18EiW2zCe6NYqEaB3l/s1600-rw/PHP-Vulnerability-Hunter.jpg" title="PHP Vulnerability Hunter" width="400" /></div>
<div style="text-align: justify;">
<b>PHP Vulnerability Hunter</b> is an <b>whitebox fuzz testing tool</b> capable of 
detected several classes of vulnerabilities in PHP web applications.</div>
<div style="text-align: justify;">
While most web application fuzzers rely on the user to specify 
application inputs, PHP vulnerability hunter uses a combination of 
static and dynamic analysis to automatically map the target application.
 Because it works by instrumenting application, PHP Vulnerability Hunter
 can detect inputs that are not referenced in the forms of the rendered 
page.</div>
<div style="text-align: justify;">
PHP Vulnerability Hunter is aware of many different types of 
vulnerabilities found in PHP applications, from the most common such as 
cross-site scripting and local file inclusion to the lesser known, such 
as user controlled function invocation and class instantiation. <br />
<br />
<b>PHP Vulnerability Hunter</b> can detect the following classes of vulnerabilities:
</div>
<ul style="text-align: justify;">
<li>Arbitrary command execution</li>
<li>Arbitrary file read/write/change/rename/delete</li>
<li>Local file inclusion</li>
<li>Arbitrary PHP execution</li>
<li>SQL injection</li>
<li>User controlled function invocatino</li>
<li>User controlled class instantiation</li>
<li>Reflected cross-site scripting (XSS)</li>
<li>Open redirect</li>
<li>Full path disclosure</li>
</ul>
<div style="text-align: justify;">
<b>Download Here :: </b><a class="FileNameLink" href="https://phpvulnhunter.codeplex.com/downloads/get/690936" id="fileDownload0" tabindex="9">PHP Vulnerability Hunter 1.4.0.20 Unstable</a></div>
<div style="text-align: justify;">
<b>Source Website ::</b> https://phpvulnhunter.codeplex.com</div>
</div>

PHP Vulnerability Hunter :: Tools

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applicati...

XSSF (Cross Site Scripting Framework) :: Frameworks

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
 <img alt="xssf logo" border="0" height="78" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRD7_Qf3uczuo0jjl0Zn_xPYsVPilG-slUfjqxWr6RMznK9kSfykhHi_5W-1840tZGKc1ZvtGq8u5QN8FR7UESwAG-5eb_FgAwzBqGQGXISA38J5LPbFteBRt4N5f9hiDXxFAsRLttzrq9/s1600-rw/xssf+logo.png" title="xssf logo" width="200" /> </div>
<div style="text-align: justify;">
The <b>Cross-Site Scripting Framework </b>(<b>XSSF</b>) is a  security tool designed to turn the XSS vulnerability exploitation task  into a much easier work. The <b>XSSF</b> project aims to demonstrate the real  dangers of XSS vulnerabilities, vulgarizing their exploitation. This  project is created solely for education, penetration testing and lawful  research purposes.  </div>
<div style="text-align: justify;">
XSSF allows creating a <b>communication channel</b>  with the targeted browser (from a XSS vulnerability) in order to  perform further attacks. Users are free to select existing modules (a  module = an attack) in order to target specific browsers. </div>
<div style="text-align: justify;">
XSSF  provides a powerfull documented API, which facilitates development of  modules and attacks. In addition, its integration into the <b>Metasploit Framework</b> allows users to launch MSF browser based exploit easilly from an XSS vulnerability. </div>
<div style="text-align: justify;">
In  addition, an interesting though exploiting an XSS inside a victim's  browser could be to browse website on attacker's browser, using the  connected victim's session. In most of cases, simply stealing the victim  cookie will be sufficient to realize this action. But in minority of  cases (intranets, network tools portals, etc.), cookie won't be useful  for an external attacker. That's why <b>XSSF Tunnel</b> was created to help the attacker to help the attacker browsing on affected domain using the victim's session. </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/AhUhOirEfTE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: left;">
<br />
<b>Download Here ::</b> <a href="https://xssf.googlecode.com/files/XSSF-3.0.zip" target="_blank">XSSF-3.0.zip</a></div>
<div style="text-align: left;">
<b>Source :: </b>https://code.google.com/p/xssf/</div>
</div>

XSSF (Cross Site Scripting Framework) :: Frameworks

The Cross-Site Scripting Framework ( XSSF ) is a security tool designed to turn the XSS vulnerability exploitation task into a much...

Wavsep (Web Application Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="wavsep toolwar" border="0" height="331" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMSoRbPxK7O4Yj9z_uKOjtWacWbm1y998Bf2-i_alefuOMauXKrwgdJxF8pcp09hpZ7d49PMUzgrTmZ7eRH199RCw1d4rlsbz6PmOvb-bY3Au-exVkvJpmGS6OVdOe61ns-Q5MZPGO89_r/s1600-rw/Wavsep+logo.png" title="wavsep toolwar" width="640" /></div>
<div style="text-align: justify;">
<b>Wavsep</b> is a <b>Web Application Vulnerability Scanner Evaluation Project.</b> and <b>Wavsep</b> is a <i>vulnerable web application</i> designed to help assessing the features,
 quality and accuracy of web application vulnerability scanners. </div>
<div style="text-align: justify;">
This
 evaluation platform contains a collection of unique vulnerable web 
pages that can be used to test the various properties of web application
 scanners. </div>
<div style="text-align: justify;">
Although some of the test cases are vulnerable to additional exposures, 
the purpose of each test case is to evaluate the detection accuracy of 
one type of exposure, and thus, “out of scope” exposures should be 
ignored when evaluating the accuracy of vulnerability scanners.  </div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war-linux.zip" target="_blank">Wavsep 1.2</a> (for Linux)<b></b></div>
<div style="text-align: justify;">
                               <a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war.zip" target="_blank">Wavsep 1.2</a> (for Windows)<b><br /></b></div>
<div style="text-align: justify;">
<b>Read More :: </b>https://code.google.com/p/wavsep/</div>
</div>

Wavsep (Web Application Vulnerability Scanner) :: Tools

Wavsep is a Web Application Vulnerability Scanner Evaluation Project. and Wavsep is a vulnerable web application designed to help as...

WebSecurify (Web Application Security Testing Suite) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="WebSecurify Logo" border="0" height="165" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6oDiePzFfVKkO_hIeIuuwUrY6JK_X5Dj2Qixb9RxFDbSH9HJQhnKNdbrUrhYJgkZvvGLDCGDwSM_WrRrnjNY0SljItRogRVQLCbGVrWM0Lj4E5vwOcNvmid67GVlEJUmenmwit6QPaN3P/s1600-rw/Websecurify+logo.jpg" title="WebSecurify Logo" width="320" /></div>
<div style="text-align: justify;">
<b>Websecurify</b> is a <i>web application security testing</i> suite  designed from the ground up to provide the best combination of automatic  and manual vulnerability testing technologies. It is available for all  major desktop platforms including mobile devices and web via our online  security suite. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Main features of <b>Websecurify</b> include: </div>
<ul style="text-align: justify;">
<li>Simple to use user interface. </li>
<li>World-class analytical and scanning technology. </li>
<li>Available for all major operating systems (Windows, Mac, Linux) including mobile devices (iOS, Android). </li>
<li>Easily extensible with the help of add-ons and plugins. </li>
<li>Moduler and reusable design. </li>
<li>Built-in internationalization support.  </li>
<li>Powerful manual testing tools and helper facilities included. </li>
<li>Flexible, hassle-free licensing. </li>
<li>Innovative in every way.  </li>
<li>Frequent updates. </li>
<li>Much, much more. </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/PMT_A7YtEAs?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>Download Here :: </b><a href="https://websecurify.googlecode.com/files/websecurify-for-firefox-2.1.0.xpi" target="_blank">WebSecurify 2.1.0</a> (for Firefox)<br />
                               <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.tar.gz" target="_blank">WebSecurify Suite 1.0.0</a> (for Linux)<br />
                               <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.exe" target="_blank">WebSecurify Suite 1.0.0</a> (for Windows)<br />
                               <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.dmg" target="_blank">WebSecurify Suite 1.0.0</a> (for MAC)<br />
<b>Official Website :: </b>http://www.websecurify.com/<br />
<ul style="text-align: justify;">
</ul>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
</div>
</div>

WebSecurify (Web Application Security Testing Suite) :: Tools

Websecurify is a web application security testing suite designed from the ground up to provide the best combination of automatic and...

Zed Attack Proxy ( Zaproxy ) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="ZAProxy Logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmu0fkacdAzN-GWTtIyI1XINok6jSC1qVPlNiE4-TnxAZ1UesBgsD1o8zq0598LWwrn0_K48Bo-3AMzgdRMhxFYo6Sh3Ze0nN4RV2sTOxOO0ZL0ixnKLkIUryAOAPhyphenhypheng44Kda8MJxtYJxR/s1600-rw/Zed+Attack+Proxy+Logo.png" title="ZAProxy logo" /></div>
<div style="text-align: justify;">
The <b>Zed Attack Proxy (ZAP)</b> is an easy to use integrated penetration  testing tool for finding <b>vulnerabilities in web applications.</b> It is designed to be used by people with a wide range of security  experience and as such is ideal for developers and functional testers  who are new to penetration testing. <b>ZAProxy</b> provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. </div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/a-lJafBdAeM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<b>
</b> <b> </b><br />
<b>Download Here :: </b><a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Mac_OS_X.zip" target="_blank">ZAP 2.2.1 MAC-OS.zip</a> (for MAC OS)
                          <br />
                               <a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Windows.exe" target="_blank">ZAP 2.2.1.exe </a>(for Windows) 
                           <br />
                               <a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Linux.tar.gz" target="_blank">ZAP 2.2.1.tar.gz</a> (for Linux)
<b> </b><br />
<b>Official Website ::</b> https://www.owasp.org/</div>

Zed Attack Proxy ( Zaproxy ) :: Tools

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It ...

HconSTF Firebase :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="HconSTF Firebase logo" border="0" height="124" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie59x9tAQk0z4gWdFP2_zVG1GYhru2Q-ffsIeHFz0fVVWbmFlESGeDp_0EaPo_5EBjV7q8jPR-ll7DpTFN_Ry2bbhg6_OaVIhavnDlThkzqn_f9SWnf0Z5zRxonm4_2do3wWOoioBCWC6d/s640-rw/HconSTF+Logo.jpg" title="HconSTF Firebase logo" width="640" /></div>
<br />
<div style="text-align: justify;">
<b>HconSTF Firebase</b> is Fully 
Customizable, Versatile in Usage can be used in many Web related hacking
 needs, Simple and easy to use interface, small in size and light on 
resources. contains hundreds of features for :</div>
<ul style="text-align: justify;">
<li>Web Penetration Testing</li>
<li>Web Exploits Development</li>
<li>Web Malware Analysis</li>
<li>OSINT & Cyber spying </li>
</ul>
<div style="text-align: justify;">
Very comprehensive and plenty of tools for exploitation and supports verbose debugging features for Web Exploit Development. <span style="clear: left; float: left; margin-top: 0px; margin-top: 0px; position: relative; z-index: 10;"></span>
<b>HconSTF</b> <b>Firebase</b> contains blend of online and offline tools for Pentesting called 'WebUI'. includes scanners, encoders, and much more. IDB is Integrated database with huge amount of Web payload. Helps in many Open source intelligence based tasks like</div>
<ul style="text-align: justify;">
<li>Passive Web & Network Reconnaissance</li>
<li>Doxing <br /></li>
<li>Cyber Spying</li>
<li>Hash cracking</li>
</ul>
<div style="text-align: justify;">
Encoding / Decoding & hashing Features and tools, supports wide 
variety of formats, character set and algorithms for making payloads 
undetectable. Darknets and proxies integrated, Spoofing tools. supports integration 
with many decoy options, includes many tools for proxies and anonymizing
 networks.  </div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b> PDF Tutorials :: </b><a href="http://www.hcon.in/uploads/1/8/1/9/1819392/quick_malware_analysis_using_hconstf.pdf" target="_blank">Quick Malware Analysis Using HconSTF</a><br />
                              <a href="http://www.hcon.in/uploads/1/8/1/9/1819392/http_headers_spoofing_using_hconstf.pdf" target="_blank">HTTP Headers Spoofing Using HconSTF</a></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Prime.exe" target="_blank">Firebase_0.5.exe</a><b> </b>(for Windows)<b> </b></div>
<div style="text-align: justify;">
                               <a href="http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Linux_x86.tar.bz2" target="_blank">Firebase_0.5.tar.bz2</a> (for Linux)<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> http://www.hcon.in/</div>
</div>

HconSTF Firebase :: Framework

HconSTF Firebase is Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use int...

AppScan (Automates Application Security Testing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx8YPLDg0utLh0EPbSdrLn4k-qEIsYaJriNRe839ymoJtopG6opHEI6k2EyXF-zKLYHNategTWApxVIkRCPjNK3Vz5xXWAeopPY9pF7zfL_EC4upmJp5CpballXpiDa014AMp9cMGmkkpd/s1600/appscan_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx8YPLDg0utLh0EPbSdrLn4k-qEIsYaJriNRe839ymoJtopG6opHEI6k2EyXF-zKLYHNategTWApxVIkRCPjNK3Vz5xXWAeopPY9pF7zfL_EC4upmJp5CpballXpiDa014AMp9cMGmkkpd/s1600-rw/appscan_logo.png" /></a></div>
<div style="text-align: justify;">
<b>IBM Security AppScan</b> software automates application security testing  by scanning applications, identifying vulnerabilities and generating  reports with intelligent fix recommendations to ease remediation. </div>
<div style="text-align: justify;">
<b>AppScan</b> provides security testing throughout the application development  lifecycle, easing unit testing and security assurance early in the  development phase. Appscan scans for many common vulnerabilities, such  as cross site scripting, HTTP response splitting, parameter tampering,  hidden field manipulation, backdoors/debug options, buffer overflows and  more. AppScan was merged into IBM's Rational division after IBM  purchased its original developer (Watchfire) in 2007.</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/bLOTiObtNLo?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
<b>
</b></div>
<b>
</b> <b> </b><br />
<b>Download Here ::  </b>
<a href="http://www-03.ibm.com/software/products/us/en/appscan/" target="_blank">AppScan Trial</a><b><br /></b><br />
<b>Official Website :: </b>http://www-03.ibm.com</div>

AppScan (Automates Application Security Testing) :: Tools

IBM Security AppScan software automates application security testing by scanning applications, identifying vulnerabilities and generat...

Subscribe to: Posts ( Atom )