XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="XSSYA" border="0" height="331" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600-rw/XSSYA+Screenshot.png" title="XSSYA Screenshot" width="640" /></div> <br /> <div style="text-align: justify;"> <b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div> <br /> <h3> Key Features:</h3> <ul> <li>Support HTTPS</li> <li>After Confirmation (execute payload to get cookies)</li> <li>Can be run in (Windows - Linux)</li> <li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li> <li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li> <li>Support Saving The Web HTML Code Before Executing</li> <li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li> </ul> <h3> What's New: </h3> (XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br /> <br /> <div style="text-align: justify;"> Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div> <br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br /> <h3> Tutorials:</h3> <b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br /> <h3> Download:</h3> <b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a>

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) written in python scripting language confirm the XSS Vulnerabili...

Read more »

Xenotix XSS Exploit Framework v4.5 :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://www.owasp.org/images/9/98/Xenotix.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Xenotix XSS Framework" border="0" height="237" loading="lazy" src="https://www.owasp.org/images/9/98/Xenotix.png" title="Xenotix XSS Framework" width="400" /></a></div> <div style="text-align: justify;"> <b>OWASP Xenotix XSS Exploit Framework</b> is an advanced <a href="http://www.toolwar.com/search/label/XSS" target="_blank">Cross Site Scripting (XSS)</a> vulnerability detection and exploitation <a href="http://www.toolwar.com/search/label/Framework" target="_blank">framework</a>. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner.</a> It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich <a href="http://www.toolwar.com/search/label/Information-Gathering" target="_blank">Information Gathering</a> module for target Reconnaissance. The Exploit Framework includes highly offensive XSS <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> modules for <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration</a> Testing and Proof of Concept creation. </div> <div style="text-align: justify;"> <div style="border: none; color: black; font-size: 120%; margin: 0;"> <br /> <span style="font-size: small;"><b>SCANNER MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">Manual Mode Scanner </span></li> <li><span style="font-size: small;">Auto Mode Scanner </span></li> <li><span style="font-size: small;">DOM Scanner </span></li> <li><span style="font-size: small;">Multiple Parameter Scanner </span></li> <li><span style="font-size: small;">POST Request Scanner </span></li> <li><span style="font-size: small;">Header Scanner </span></li> <li><span style="font-size: small;">Fuzzer </span></li> <li><span style="font-size: small;">Hidden Parameter Detector </span></li> </ul> <span style="font-size: small;"> </span><span style="font-size: small;"><b>INFORMATION GATHERING MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">WAF Fingerprinting </span></li> <li><span style="font-size: small;">Victim Fingerprinting </span></li> <li><span style="font-size: small;">Browser Fingerprinting </span></li> <li><span style="font-size: small;">Browser Features Detector </span></li> <li><span style="font-size: small;">Ping Scan </span></li> <li><span style="font-size: small;">Port Scan </span></li> <li><span style="font-size: small;">Internal Network Scan </span></li> </ul> <span style="font-size: small;"> </span><span style="font-size: small;"><b>EXPLOITATION MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">Send Message </span></li> <li><span style="font-size: small;">Cookie Thief </span></li> <li><span style="font-size: small;">Phisher </span></li> <li><span style="font-size: small;">Tabnabbing </span></li> <li><span style="font-size: small;">Keylogger </span></li> <li><span style="font-size: small;">HTML5 DDoSer </span></li> <li><span style="font-size: small;">Load File </span></li> <li><span style="font-size: small;">Executable Drive By </span></li> <li><span style="font-size: small;">JavaScript Shell </span></li> <li><span style="font-size: small;">Reverse HTTP WebShell </span></li> <li><span style="font-size: small;">Drive-By Reverse Shell </span></li> <li><span style="font-size: small;">Metasploit Browser Exploit </span></li> <li><span style="font-size: small;">Firefox Reverse Shell Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Session Stealer Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Keylogger Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox DDoSer Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Linux Credential File Stealer Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Download and Execute Addon (Persistent) </span></li> </ul> <span style="font-size: small;"> </span><span style="font-size: small;"><b>UTILITY MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">WebKit Developer Tools </span></li> <li><span style="font-size: small;">Payload Encoder </span></li> <li><span style="font-size: small;">JavaScript Beautify </span></li> <li><span style="font-size: small;">Hash Calculator </span></li> <li><span style="font-size: small;">Hash Detector </span></li> </ul> </div> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/dCo5BCJWOdA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Windows :: </b><span style="color: #3d85c6;"><span style="background-color: white;"><a href="http://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rarhttp://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rar" target="_blank">OWASP Xenotix v4.5</a> </span></span></div> <div style="text-align: justify;"> <b>Official Websites :: </b>http://www.owasp.org/</div> </div>

Xenotix XSS Exploit Framework v4.5 :: Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework . It...

Read more »

DVWA (Damn Vulnerable Web Application) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s1600/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Screenshot-Damn Vulnerable Web App (DVWA)" border="0" height="280" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s400-rw/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" title="Screenshot-Damn Vulnerable Web App (DVWA)" width="400" /></a></div> <div style="text-align: justify;"> <b>Damn Vulnerable Web App (DVWA)</b> is a <i>PHP/MySQL web application</i> that is <i>damn vulnerable</i>. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ywnVlyuP7SY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;">  <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/B75FgRT2npc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Zip ::</b> <a href="https://github.com/RandomStorm/DVWA/archive/v1.0.8.zip" target="_blank">DVWA 1.0.8</a></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.dvwa.co.uk/">http://www.dvwa.co.uk/</a></div>

DVWA (Damn Vulnerable Web Application) :: Framework

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable . Its main goals are to be an aid for security ...

Read more »

Search Admin Page :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdcso7UY1h5XykvO-IVJgbC7WBbxEMzF5qNNokr9_1Qn_h3XUVzOaC9vF31WIxkYIrecDz-y7AY_03oY1TckohiD4gHeEPavrbbxUXu6xIISF-n-pX8cy3XbCkg9aCHwdwPVMqZ85x5ADg/s1600/admin-page-logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a><img alt="admin page logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj97Ace25MACKbume5zTfWwhcH97pPJJSgUkBumonW7ThiP9l85PtQfgOS2xUDDoi1qwpu5I_PzD9J79Lo5Jfy68wAxHwkX8ONP6t6bIuVeXeA2mrmh7aRVkY7u9rYcJKpXkE_Oeu6RStIr/s1600-rw/admin+page.jpg" title="admin page logo" /></div> <br /> <b>Search Admin Page</b> is a script that written in python. With the help <i>admin page finder script</i> we can find admin panel of website. This codes searches for admin pages, and in the future will also execute SQL/XSS injections and return the outputs.  <br />   <br /> <b>Download Here ::</b> <a href="https://github.com/ephexeve/Search-admin-page/archive/master.zip" target="_blank">Search Admin Finder (.py)</a><br /> <b>Source ::</b> https://github.com/ephexeve/Search-admin-page

Search Admin Page :: Tools

Search Admin Page is a script that written in python. With the help admin page finder script we can find admin panel of website. This c...

Read more »

WAppEx (Web Application Exploiter) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy69Bs634VQydTJdv0uGtFpQKr3ts7eZw6ppQEaiyIybkyhkxNo7FP1mBlS7oZ-MTfnVkAX0YqJg5yifhrgQ90taO_P751HCiUSd3hrXBXP1-qD46VxnlmEySD4yRYu_eyy_XS5xdzAJwO/s1600/wappex+screenshot+toolwar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="WAppEx Screenshot ToolWar" border="0" height="235" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy69Bs634VQydTJdv0uGtFpQKr3ts7eZw6ppQEaiyIybkyhkxNo7FP1mBlS7oZ-MTfnVkAX0YqJg5yifhrgQ90taO_P751HCiUSd3hrXBXP1-qD46VxnlmEySD4yRYu_eyy_XS5xdzAJwO/s400-rw/wappex+screenshot+toolwar.png" title="WAppEx Screenshot ToolWar" width="400" /></a></div> <div style="text-align: justify;"> <b>WAppEx</b> is an integrated <i>Web Application security</i> assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.</div> <div style="text-align: justify;"> The Exploit Database contains the all the logic associated with trivial fingerprinting, exploitation techniques, and payloads that address a wide range of web application vulnerabilities with the emphasis being on high-risk and zero-day vulnerabilities.</div> <div style="text-align: justify;"> Some of the vulnerabilities already bundled within the Exploit Database include Local File Disclosure (LFD), Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL Injection (SQLI), Remote OS Command Execution (RCE), and Server-side Code Injection (SCI). WAppEx can detect these vulnerabilities in a target, take full advantage of it, and through neatly designed payload codes get as much access to the exploited target as possible in as short a time as possible. Some of the payloads included within the database are various reverse shells, arbitrary code execution, command execution, arbitrary file upload…</div> <div style="text-align: justify;"> Since all the attack logic rests in the form of scripts within the Exploit Database, it is easily extensible, flexible and updatable through community servers. Users, too, can add mature, sophisticated exploits and payloads in the same fashion. The database grows on a daily basis, and our dedicated team of research and development are working non-stop to maintain the richest, most up-to-date aggregate of exploits. The number of exploits is soon bound to surpass hundreds. Meanwhile, users can share their own created exploits and payloads with the community and contribute to this growing momentum.</div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/6IXFN5fTvNk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://itsecteam.com/counter/?files=WAppEx/WAppEx2.0.exe" target="_blank">WAppEx 2.0.exe</a></div> <div style="text-align: justify;"> <b>Official Website :: </b>http://www.itsecteam.com/ </div> </div>

WAppEx (Web Application Exploiter) :: Tools

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security p...

Read more »

OWASP Bricks (Web Application Security Learning Platform) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="owasp bricks logo toolwar" border="0" height="200" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxsW3jxRxCdfOllufBaZ0_uBwcmN-L7j2Fru8xOc1lTFeRLUMkcvyN_lnUYOrjG-Cv-Kr7b_qYk_j1a9LcRAikKyTgFkdJ9FQiNFFmJxMlrHdzndXtyTN6QhxPsCgBWGFX6oyy1lcxLLeR/s200-rw/owasp+bricks+logo+toolwar.png" title="owasp bricks logo toolwar" width="199" /></div> <div style="text-align: justify;"> <b>OWASP Bricks</b> is a <i>Web application security learning platform</i> built on PHP and MySQL. <b>Bricks</b> is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br /> <br /> <b>Bricks</b> is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br /> <br /> <b>Bricks</b> is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.</div> <b></b><br /> <b></b><br /> <b></b><br /> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/j5I0wPvQxTg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/mCo6ajvBv50?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>D</b><b>ownload Here :: </b><a href="http://sourceforge.net/projects/owaspbricks/files/Atrai%20-%201.8/OWASP%20Bricks%20-%20Atrai.zip/download" target="_blank">OWASP Bricks v1.8</a><br /> <b>Official Website :: </b>http://sechow.com/<b><br /></b></div>

OWASP Bricks (Web Application Security Learning Platform) :: Framework

OWASP Bricks is a Web application security learning platform built on PHP and MySQL. Bricks is a deliberately vulnerable web applicat...

Read more »

Vega (Web Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="vega scanner logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitqDoBTtkOWZbJB0V8gJz3IkgP9erP4PYe2g0GG_Yy1h0owqXN7iIoOt6_0ZGHotmGgJUAsjT1XP8PoV330tgVjFZjEvyHtvN7NybCqt60IAafpqq3fE7IoBM0cA88uyjM6qtiEiQbLOW9/s1600-rw/vega+scanner+logo.JPG" title="vega scanner logo" /></div> <div style="text-align: justify;"> <b>Vega</b> is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on <b>Linux</b>, <b>OS X</b>, and <b>Windows</b>. <br /> <br /> Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: <b>Javascript</b>.<br /> <div id="modules"> <h3> Modules</h3> <ul id="modulesList"> <li>Cross Site Scripting (XSS)</li> <li>SQL Injection</li> <li>Directory Traversal</li> <li>URL Injection</li> <li>Error Detection</li> <li>File Uploads</li> <li>Sensitive Data Discovery</li> </ul> <div id="core"> <h3> Core</h3> <ul id="coreList"> <li>Automated Crawler and Vulnerability Scanner</li> <li>Consistent UI</li> <li>Website Crawler</li> <li>Intercepting Proxy</li> <li>SSL MITM</li> <li>Content Analysis</li> <li>Extensibility through a Powerful Javascript Module API</li> <li>Customizable alerts</li> <li>Database and Shared Data Model</li> </ul> </div> </div> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/X3BGO9U8zuU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://www.subgraph.com/downloads/VegaSetup32.exe">Microsoft Windows 32-bit (x86)</a><br />                                <a href="http://www.subgraph.com/downloads/VegaBuild-linux.gtk.x86.zip">Linux GTK 32-bit Intel</a><br />                                <a href="http://www.subgraph.com/downloads/Vega.dmg">Mac OS X 32-bit Intel</a>  <b> </b><br /> <b>Official Website :: </b>http://www.subgraph.com/ </div> </div>

Vega (Web Vulnerability Scanner) :: Tools

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and valid...

Read more »

Owasp Mantra (Browser Based Web Security Framework) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Owasp Mantra logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRrctdBWOhmYDQr246V7zjjW9kQoBxnS08108GujNouk7J1REEDUIjd6xdFgb7tlZvc9AGb1xJ1_E1wXBIkhT4Rg6ILFmQmUQkgns4JDBPiUh4Juv9Xy6p3vvVRuT2Wt2AqC8o3fI5OSGf/s1600-rw/Owasp+Mantra+Logo.jpg" title="Owasp Mantra logo" /></div> <b></b><br /> <div style="text-align: justify;"> <b><span itemprop="description">OWASP Mantra</span></b><span itemprop="description"> is a  Free and Open Source <i>Browser Based Web Security Framework</i></span><b>. OWASP Mantra</b> is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>OWASP Mantra</b> is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up. </div> <div style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/CRJkGZlV6Vk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download" target="_blank">OWASP Mantra</a> (for Windows)<b> </b></div> <div style="text-align: justify;">                               <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download" target="_blank"> OWASP Mantra</a> (for Linux)<b> </b></div> <div style="text-align: justify;">                               <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download" target="_blank"> OWASP Mantra </a>(for MAC)<b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b>  http://www.getmantra.com/</div> </div>

Owasp Mantra (Browser Based Web Security Framework) :: Framework

OWASP Mantra is a  Free and Open Source Browser Based Web Security Framework . OWASP Mantra is a collection of free and open source ...

Read more »

XSSF (Cross Site Scripting Framework) :: Frameworks

<div dir="ltr" style="text-align: left;" trbidi="on"> <div style="text-align: center;">  <img alt="xssf logo" border="0" height="78" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRD7_Qf3uczuo0jjl0Zn_xPYsVPilG-slUfjqxWr6RMznK9kSfykhHi_5W-1840tZGKc1ZvtGq8u5QN8FR7UESwAG-5eb_FgAwzBqGQGXISA38J5LPbFteBRt4N5f9hiDXxFAsRLttzrq9/s1600-rw/xssf+logo.png" title="xssf logo" width="200" /> </div> <div style="text-align: justify;"> The <b>Cross-Site Scripting Framework </b>(<b>XSSF</b>) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The <b>XSSF</b> project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes. </div> <div style="text-align: justify;"> XSSF allows creating a <b>communication channel</b> with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers. </div> <div style="text-align: justify;"> XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the <b>Metasploit Framework</b> allows users to launch MSF browser based exploit easilly from an XSS vulnerability. </div> <div style="text-align: justify;"> In addition, an interesting though exploiting an XSS inside a victim's browser could be to browse website on attacker's browser, using the connected victim's session. In most of cases, simply stealing the victim cookie will be sufficient to realize this action. But in minority of cases (intranets, network tools portals, etc.), cookie won't be useful for an external attacker. That's why <b>XSSF Tunnel</b> was created to help the attacker to help the attacker browsing on affected domain using the victim's session. </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/AhUhOirEfTE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: left;"> <br /> <b>Download Here ::</b> <a href="https://xssf.googlecode.com/files/XSSF-3.0.zip" target="_blank">XSSF-3.0.zip</a></div> <div style="text-align: left;"> <b>Source :: </b>https://code.google.com/p/xssf/</div> </div>

XSSF (Cross Site Scripting Framework) :: Frameworks

  The Cross-Site Scripting Framework ( XSSF ) is a security tool designed to turn the XSS vulnerability exploitation task into a much...

Read more »

Wavsep (Web Application Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="wavsep toolwar" border="0" height="331" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMSoRbPxK7O4Yj9z_uKOjtWacWbm1y998Bf2-i_alefuOMauXKrwgdJxF8pcp09hpZ7d49PMUzgrTmZ7eRH199RCw1d4rlsbz6PmOvb-bY3Au-exVkvJpmGS6OVdOe61ns-Q5MZPGO89_r/s1600-rw/Wavsep+logo.png" title="wavsep toolwar" width="640" /></div> <div style="text-align: justify;"> <b>Wavsep</b> is a <b>Web Application Vulnerability Scanner Evaluation Project.</b> and <b>Wavsep</b> is a <i>vulnerable web application</i> designed to help assessing the features, quality and accuracy of web application vulnerability scanners. </div> <div style="text-align: justify;"> This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. </div> <div style="text-align: justify;"> Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners.  </div> <div style="text-align: justify;"> <b><br /></b></div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war-linux.zip" target="_blank">Wavsep 1.2</a> (for Linux)<b></b></div> <div style="text-align: justify;">                                <a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war.zip" target="_blank">Wavsep 1.2</a> (for Windows)<b><br /></b></div> <div style="text-align: justify;"> <b>Read More :: </b>https://code.google.com/p/wavsep/</div> </div>

Wavsep (Web Application Vulnerability Scanner) :: Tools

Wavsep is a Web Application Vulnerability Scanner Evaluation Project. and Wavsep is a vulnerable web application designed to help as...

Read more »

ProxyStrike (Web Application Proxy) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge78U7MQQKmBqqrofRPUEQ8S5bYcppmr1mk7FrI-pqVmZXoW3WPniXtP2cfLNP1GdtGlQzq165Y2DSHUK7MACZoWV7Bu4izxybRx63m-unu5dcdFSeHnTLGfhyI6rsmrtNjga-GHs1EE8F/s1600/proxystrike+logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="86" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge78U7MQQKmBqqrofRPUEQ8S5bYcppmr1mk7FrI-pqVmZXoW3WPniXtP2cfLNP1GdtGlQzq165Y2DSHUK7MACZoWV7Bu4izxybRx63m-unu5dcdFSeHnTLGfhyI6rsmrtNjga-GHs1EE8F/s1600-rw/proxystrike+logo.jpg" width="400" /></a></div> <div style="text-align: justify;"> <b>ProxyStrike v2.1</b> is an active Web Application Proxy. It's a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy. </div> <div style="text-align: justify;"> Right now it has available Sql injection and XSS plugins. Both plugins are designed to catch as many vulnerabilities as we can, it's that why the SQL Injection plugin is a Python port of the great DarkRaver "Sqlibf". </div> <div style="text-align: justify;"> The process is very simple, ProxyStrike runs like a proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won't see any different in the behaviour of the application, but in the background is very active. :) </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/l8kioy4QX7U?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://proxystrike.googlecode.com/files/proxystrike-2.2.tar.bz2">ProxyStrike-2.2.tar.gz</a> (for Linux)<br />                                <a href="http://proxystrike.googlecode.com/files/ProxyStrike-2.2.zip" target="_blank">ProxyStrike-2.2.zip  </a>(for Windows)<b>  </b></div> <div style="text-align: justify;"> <b>Official Website ::</b> http://www.edge-security.com/proxystrike.php</div> </div>

ProxyStrike (Web Application Proxy) :: Tools

ProxyStrike v2.1 is an active Web Application Proxy. It's a tool designed to find vulnerabilities while browsing an application....

Read more »

Wapiti (Vulnerability Scanner for Web Applications) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Wapiti Logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_vAvYcVPv2XdyfBL7FvNMBsXInHGcYgu5w0H4yb8E4dSyA-eU7KHJry7W8hCJLZWQQNL50PY4hjXSWX9F2RgbL8k0a9CFw4r0wU4Y-ay2rmGZWsFrXXfX-gb7gs97ZXxXCtujF3TnqglK/s1600-rw/wapiti+logo.gif" title="Wapiti Logo" /></div> <div style="text-align: justify;"> <b>Wapiti </b>is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections... It use the Python programming language.<b> </b></div> <div style="text-align: justify;"> <b>Wapiti</b> allows you to audit the security of your web applications.  It performs "<b>black-box</b>" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.Once it gets this list, <b>Wapiti</b> acts like a <i>fuzzer,</i> <i>injecting payloads</i> to see if a script is vulnerable.</div> <div style="text-align: justify;"> <b>Wapiti </b>can detect the following vulnerabilities : </div> <ul style="text-align: justify;"> <li>File Handling Errors (Local and remote include/require, fopen, readfile...)</li> <li>Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)</li> <li>XSS (Cross Site Scripting) Injection</li> <li>LDAP Injection</li> <li>Command Execution detection (eval(), system(), passtru()...)</li> <li>CRLF Injection (HTTP Response Splitting, session fixation...)</li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RaoEcKMZL6Q?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://sourceforge.net/projects/wapiti/files/latest/download" target="_blank">Wapiti 2.2.1.zip</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b> http://wapiti.sourceforge.net/</div> </div>

Wapiti (Vulnerability Scanner for Web Applications) :: Tools

Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file i...

Read more »