ToolWar | Information Security (InfoSec) Tools: XSS

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="XSSYA" border="0" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600/XSSYA+Screenshot.png" title="XSSYA Screenshot" width="640" /></div>
<br />
<div style="text-align: justify;">
<b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div>
<br />
<h3>
Key Features:</h3>
<ul>
<li>Support HTTPS</li>
<li>After Confirmation (execute payload to get cookies)</li>
<li>Can be run in (Windows - Linux)</li>
<li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li>
<li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li>
<li>Support Saving The Web HTML Code Before Executing</li>
<li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li>
</ul>
<h3>
What's New: </h3>
(XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br />
<br />
<div style="text-align: justify;">
Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div>
<br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br />
<h3>
Tutorials:</h3>
<b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br />
<h3>
Download:</h3>
<b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a>

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) written in python scripting language confirm the XSS Vulnerabili...

Xenotix XSS Exploit Framework v4.5 :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.owasp.org/images/9/98/Xenotix.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Xenotix XSS Framework" border="0" height="237" src="https://www.owasp.org/images/9/98/Xenotix.png" title="Xenotix XSS Framework" width="400" /></a></div>
<div style="text-align: justify;">
<b>OWASP Xenotix XSS Exploit Framework</b> is an advanced <a href="http://www.toolwar.com/search/label/XSS" target="_blank">Cross Site  Scripting (XSS)</a> vulnerability detection and exploitation <a href="http://www.toolwar.com/search/label/Framework" target="_blank">framework</a>. It  provides Zero False Positive scan results with its unique Triple Browser  Engine (Trident, WebKit, and Gecko) embedded <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner.</a> It is claimed to  have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS  Payloads for effective XSS vulnerability detection and WAF Bypass. It  is incorporated with a feature rich <a href="http://www.toolwar.com/search/label/Information-Gathering" target="_blank">Information Gathering</a> module for  target Reconnaissance. The Exploit Framework includes highly offensive  XSS <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> modules for <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration</a> Testing and Proof of Concept  creation. </div>
<div style="text-align: justify;">
<div style="border: none; color: black; font-size: 120%; margin: 0;">
<br />
<span style="font-size: small;"><b>SCANNER MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">Manual Mode Scanner
</span></li>
<li><span style="font-size: small;">Auto Mode Scanner
</span></li>
<li><span style="font-size: small;">DOM Scanner
</span></li>
<li><span style="font-size: small;">Multiple Parameter Scanner
</span></li>
<li><span style="font-size: small;">POST Request Scanner
</span></li>
<li><span style="font-size: small;">Header Scanner
</span></li>
<li><span style="font-size: small;">Fuzzer
</span></li>
<li><span style="font-size: small;">Hidden Parameter Detector
</span></li>
</ul>
<span style="font-size: small;">
</span><span style="font-size: small;"><b>INFORMATION GATHERING MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">WAF Fingerprinting
</span></li>
<li><span style="font-size: small;">Victim Fingerprinting
</span></li>
<li><span style="font-size: small;">Browser Fingerprinting
</span></li>
<li><span style="font-size: small;">Browser Features Detector
</span></li>
<li><span style="font-size: small;">Ping Scan
</span></li>
<li><span style="font-size: small;">Port Scan
</span></li>
<li><span style="font-size: small;">Internal Network Scan
</span></li>
</ul>
<span style="font-size: small;">
</span><span style="font-size: small;"><b>EXPLOITATION MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">Send Message
</span></li>
<li><span style="font-size: small;">Cookie Thief
</span></li>
<li><span style="font-size: small;">Phisher
</span></li>
<li><span style="font-size: small;">Tabnabbing
</span></li>
<li><span style="font-size: small;">Keylogger
</span></li>
<li><span style="font-size: small;">HTML5 DDoSer
</span></li>
<li><span style="font-size: small;">Load File
</span></li>
<li><span style="font-size: small;">Executable Drive By
</span></li>
<li><span style="font-size: small;">JavaScript Shell
</span></li>
<li><span style="font-size: small;">Reverse HTTP WebShell
</span></li>
<li><span style="font-size: small;">Drive-By Reverse Shell
</span></li>
<li><span style="font-size: small;">Metasploit Browser Exploit
</span></li>
<li><span style="font-size: small;">Firefox Reverse Shell Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Session Stealer Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Keylogger Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox DDoSer Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Linux Credential File Stealer Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Download and Execute Addon (Persistent)
</span></li>
</ul>
<span style="font-size: small;">
</span><span style="font-size: small;"><b>UTILITY MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">WebKit Developer Tools
</span></li>
<li><span style="font-size: small;">Payload Encoder
</span></li>
<li><span style="font-size: small;">JavaScript Beautify
</span></li>
<li><span style="font-size: small;">Hash Calculator
</span></li>
<li><span style="font-size: small;">Hash Detector
</span></li>
</ul>
</div>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/dCo5BCJWOdA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Windows :: </b><span style="color: #3d85c6;"><span style="background-color: white;"><a href="http://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rarhttp://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rar" target="_blank">OWASP Xenotix v4.5</a> </span></span></div>
<div style="text-align: justify;">
<b>Official Websites :: </b>http://www.owasp.org/</div>
</div>

Xenotix XSS Exploit Framework v4.5 :: Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework . It...

DVWA (Damn Vulnerable Web Application) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s1600/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Screenshot-Damn Vulnerable Web App (DVWA)" border="0" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s400/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" title="Screenshot-Damn Vulnerable Web App (DVWA)" width="400" /></a></div>
<div style="text-align: justify;">
<b>Damn Vulnerable Web App (DVWA)</b> is a <i>PHP/MySQL web application</i> that  is <i>damn vulnerable</i>. Its main goals are to be an aid for security  professionals to test their skills and tools in a legal environment,  help web developers better understand the processes of securing web  applications and aid teachers/students to teach/learn web application  security in a class room environment.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ywnVlyuP7SY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe> </div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
 <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/B75FgRT2npc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Zip ::</b> <a href="https://github.com/RandomStorm/DVWA/archive/v1.0.8.zip" target="_blank">DVWA 1.0.8</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.dvwa.co.uk/">http://www.dvwa.co.uk/</a></div>

DVWA (Damn Vulnerable Web Application) :: Framework

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable . Its main goals are to be an aid for security ...

Search Admin Page :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdcso7UY1h5XykvO-IVJgbC7WBbxEMzF5qNNokr9_1Qn_h3XUVzOaC9vF31WIxkYIrecDz-y7AY_03oY1TckohiD4gHeEPavrbbxUXu6xIISF-n-pX8cy3XbCkg9aCHwdwPVMqZ85x5ADg/s1600/admin-page-logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a><img alt="admin page logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj97Ace25MACKbume5zTfWwhcH97pPJJSgUkBumonW7ThiP9l85PtQfgOS2xUDDoi1qwpu5I_PzD9J79Lo5Jfy68wAxHwkX8ONP6t6bIuVeXeA2mrmh7aRVkY7u9rYcJKpXkE_Oeu6RStIr/s1600/admin+page.jpg" title="admin page logo" /></div>
<br />
<b>Search Admin Page</b> is a script that written in python. With the help <i>admin page finder script</i> we can find admin panel of website. This codes searches for admin pages, and in the future will also execute SQL/XSS injections and return the outputs.  <br />
  <br />
<b>Download Here ::</b> <a href="https://github.com/ephexeve/Search-admin-page/archive/master.zip" target="_blank">Search Admin Finder (.py)</a><br />
<b>Source ::</b> https://github.com/ephexeve/Search-admin-page

Search Admin Page :: Tools

Search Admin Page is a script that written in python. With the help admin page finder script we can find admin panel of website. This c...

WAppEx (Web Application Exploiter) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy69Bs634VQydTJdv0uGtFpQKr3ts7eZw6ppQEaiyIybkyhkxNo7FP1mBlS7oZ-MTfnVkAX0YqJg5yifhrgQ90taO_P751HCiUSd3hrXBXP1-qD46VxnlmEySD4yRYu_eyy_XS5xdzAJwO/s1600/wappex+screenshot+toolwar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="WAppEx Screenshot ToolWar" border="0" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy69Bs634VQydTJdv0uGtFpQKr3ts7eZw6ppQEaiyIybkyhkxNo7FP1mBlS7oZ-MTfnVkAX0YqJg5yifhrgQ90taO_P751HCiUSd3hrXBXP1-qD46VxnlmEySD4yRYu_eyy_XS5xdzAJwO/s400/wappex+screenshot+toolwar.png" title="WAppEx Screenshot ToolWar" width="400" /></a></div>
<div style="text-align: justify;">
<b>WAppEx</b> is an integrated <i>Web Application security</i>  assessment and exploitation platform designed with the whole spectrum of  security professionals to web application hobbyists in mind. It  suggests a security assessment model which revolves around an extensible  exploit database. Further, it complements the power with various tools  required to perform all stages of a web application attack.</div>
<div style="text-align: justify;">
The Exploit Database contains the all the logic associated with  trivial fingerprinting, exploitation techniques, and payloads that  address a wide range of web application vulnerabilities with the  emphasis being on high-risk and zero-day vulnerabilities.</div>
<div style="text-align: justify;">
Some of the vulnerabilities already bundled within the Exploit  Database include Local File Disclosure (LFD), Local File Inclusion  (LFI), Remote File Inclusion (RFI), SQL Injection (SQLI), Remote OS  Command Execution (RCE), and Server-side Code Injection (SCI). WAppEx  can detect these vulnerabilities in a target, take full advantage of it,  and through neatly designed payload codes get as much access to the  exploited target as possible in as short a time as possible. Some of the  payloads included within the database are various reverse shells,  arbitrary code execution, command execution, arbitrary file upload…</div>
<div style="text-align: justify;">
Since all the attack logic rests in the form of scripts within the  Exploit Database, it is easily extensible, flexible and updatable  through community servers. Users, too, can add mature, sophisticated  exploits and payloads in the same fashion. The database grows on a daily  basis, and our dedicated team of research and development are working  non-stop to maintain the richest, most up-to-date aggregate of exploits.  The number of exploits is soon bound to surpass hundreds. Meanwhile,  users can share their own created exploits and payloads with the  community and contribute to this growing momentum.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/6IXFN5fTvNk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://itsecteam.com/counter/?files=WAppEx/WAppEx2.0.exe" target="_blank">WAppEx 2.0.exe</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b>http://www.itsecteam.com/ </div>
</div>

WAppEx (Web Application Exploiter) :: Tools

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security p...

OWASP Bricks (Web Application Security Learning Platform) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="owasp bricks logo toolwar" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxsW3jxRxCdfOllufBaZ0_uBwcmN-L7j2Fru8xOc1lTFeRLUMkcvyN_lnUYOrjG-Cv-Kr7b_qYk_j1a9LcRAikKyTgFkdJ9FQiNFFmJxMlrHdzndXtyTN6QhxPsCgBWGFX6oyy1lcxLLeR/s200/owasp+bricks+logo+toolwar.png" title="owasp bricks logo toolwar" width="199" /></div>
<div style="text-align: justify;">
<b>OWASP Bricks</b> is a <i>Web application security learning platform</i> built on PHP and MySQL. <b>Bricks</b> is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
<b>Bricks</b> is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
<b>Bricks</b> is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.</div>
<b></b><br />
<b></b><br />
<b></b><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/j5I0wPvQxTg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/mCo6ajvBv50?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>D</b><b>ownload Here :: </b><a href="http://sourceforge.net/projects/owaspbricks/files/Atrai%20-%201.8/OWASP%20Bricks%20-%20Atrai.zip/download" target="_blank">OWASP Bricks v1.8</a><br />
<b>Official Website :: </b>http://sechow.com/<b><br /></b></div>

OWASP Bricks (Web Application Security Learning Platform) :: Framework

OWASP Bricks is a Web application security learning platform built on PHP and MySQL. Bricks is a deliberately vulnerable web applicat...

Vega (Web Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="vega scanner logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitqDoBTtkOWZbJB0V8gJz3IkgP9erP4PYe2g0GG_Yy1h0owqXN7iIoOt6_0ZGHotmGgJUAsjT1XP8PoV330tgVjFZjEvyHtvN7NybCqt60IAafpqq3fE7IoBM0cA88uyjM6qtiEiQbLOW9/s1600/vega+scanner+logo.JPG" title="vega scanner logo" /></div>
<div style="text-align: justify;">
<b>Vega</b> is a free and open source scanner and testing platform to test the  security of web applications. Vega can help you find and validate SQL  Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive  information,        and other vulnerabilities. It is written in Java, GUI based, and  runs on <b>Linux</b>,        <b>OS X</b>, and <b>Windows</b>.       <br />
<br />
Vega includes an automated scanner for quick tests and an  intercepting proxy for tactical inspection. The Vega scanner finds XSS  (cross-site scripting), SQL injection, and other vulnerabilities.       Vega can be extended using a powerful API in the language of the  web: <b>Javascript</b>.<br />
<div id="modules">
<h3>
Modules</h3>
<ul id="modulesList">
<li>Cross Site Scripting (XSS)</li>
<li>SQL Injection</li>
<li>Directory Traversal</li>
<li>URL Injection</li>
<li>Error Detection</li>
<li>File Uploads</li>
<li>Sensitive Data Discovery</li>
</ul>
<div id="core">
<h3>
Core</h3>
<ul id="coreList">
<li>Automated Crawler and Vulnerability Scanner</li>
<li>Consistent UI</li>
<li>Website Crawler</li>
<li>Intercepting Proxy</li>
<li>SSL MITM</li>
<li>Content Analysis</li>
<li>Extensibility through a Powerful Javascript Module API</li>
<li>Customizable alerts</li>
<li>Database and Shared Data Model</li>
</ul>
</div>
</div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/X3BGO9U8zuU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://www.subgraph.com/downloads/VegaSetup32.exe">Microsoft Windows 32-bit (x86)</a><br />
                               <a href="http://www.subgraph.com/downloads/VegaBuild-linux.gtk.x86.zip">Linux GTK 32-bit Intel</a><br />
                               <a href="http://www.subgraph.com/downloads/Vega.dmg">Mac OS X 32-bit Intel</a>  <b> </b><br />
<b>Official Website :: </b>http://www.subgraph.com/ 
</div>
</div>

Vega (Web Vulnerability Scanner) :: Tools

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and valid...

Owasp Mantra (Browser Based Web Security Framework) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Owasp Mantra logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRrctdBWOhmYDQr246V7zjjW9kQoBxnS08108GujNouk7J1REEDUIjd6xdFgb7tlZvc9AGb1xJ1_E1wXBIkhT4Rg6ILFmQmUQkgns4JDBPiUh4Juv9Xy6p3vvVRuT2Wt2AqC8o3fI5OSGf/s1600/Owasp+Mantra+Logo.jpg" title="Owasp Mantra logo" /></div>
<b></b><br />
<div style="text-align: justify;">
<b><span itemprop="description">OWASP Mantra</span></b><span itemprop="description"> is a  Free and Open Source <i>Browser Based Web Security Framework</i></span><b>. OWASP Mantra</b> is a collection of free and open source  tools integrated into a web browser, which can become handy for  students, penetration testers, web application developers,security  professionals etc. It is portable, ready-to-run, compact and follows the  true spirit of free and open source software. </div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>OWASP Mantra</b>  is lite, flexible, portable and user friendly with a nice graphical  user interface. You can carry it in memory cards, flash drives, CD/DVDs,  etc. It can be run natively on Linux, Windows and Mac platforms. It can  also be installed on to your system within minutes. Mantra is  absolutely free of cost and takes no time for you to set up. </div>
<div style="text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/CRJkGZlV6Vk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download" target="_blank">OWASP Mantra</a> (for Windows)<b>
</b></div>
<div style="text-align: justify;">
                              <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download" target="_blank"> OWASP Mantra</a> (for Linux)<b> </b></div>
<div style="text-align: justify;">
                              <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download" target="_blank"> OWASP Mantra </a>(for MAC)<b> </b></div>
<div style="text-align: justify;">
<b>Official Website ::</b>  http://www.getmantra.com/</div>
</div>

Owasp Mantra (Browser Based Web Security Framework) :: Framework

OWASP Mantra is a Free and Open Source Browser Based Web Security Framework . OWASP Mantra is a collection of free and open source ...

XSSF (Cross Site Scripting Framework) :: Frameworks

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
 <img alt="xssf logo" border="0" height="78" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRD7_Qf3uczuo0jjl0Zn_xPYsVPilG-slUfjqxWr6RMznK9kSfykhHi_5W-1840tZGKc1ZvtGq8u5QN8FR7UESwAG-5eb_FgAwzBqGQGXISA38J5LPbFteBRt4N5f9hiDXxFAsRLttzrq9/s1600/xssf+logo.png" title="xssf logo" width="200" /> </div>
<div style="text-align: justify;">
The <b>Cross-Site Scripting Framework </b>(<b>XSSF</b>) is a  security tool designed to turn the XSS vulnerability exploitation task  into a much easier work. The <b>XSSF</b> project aims to demonstrate the real  dangers of XSS vulnerabilities, vulgarizing their exploitation. This  project is created solely for education, penetration testing and lawful  research purposes.  </div>
<div style="text-align: justify;">
XSSF allows creating a <b>communication channel</b>  with the targeted browser (from a XSS vulnerability) in order to  perform further attacks. Users are free to select existing modules (a  module = an attack) in order to target specific browsers. </div>
<div style="text-align: justify;">
XSSF  provides a powerfull documented API, which facilitates development of  modules and attacks. In addition, its integration into the <b>Metasploit Framework</b> allows users to launch MSF browser based exploit easilly from an XSS vulnerability. </div>
<div style="text-align: justify;">
In  addition, an interesting though exploiting an XSS inside a victim's  browser could be to browse website on attacker's browser, using the  connected victim's session. In most of cases, simply stealing the victim  cookie will be sufficient to realize this action. But in minority of  cases (intranets, network tools portals, etc.), cookie won't be useful  for an external attacker. That's why <b>XSSF Tunnel</b> was created to help the attacker to help the attacker browsing on affected domain using the victim's session. </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/AhUhOirEfTE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: left;">
<br />
<b>Download Here ::</b> <a href="https://xssf.googlecode.com/files/XSSF-3.0.zip" target="_blank">XSSF-3.0.zip</a></div>
<div style="text-align: left;">
<b>Source :: </b>https://code.google.com/p/xssf/</div>
</div>

XSSF (Cross Site Scripting Framework) :: Frameworks

The Cross-Site Scripting Framework ( XSSF ) is a security tool designed to turn the XSS vulnerability exploitation task into a much...

Wavsep (Web Application Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="wavsep toolwar" border="0" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMSoRbPxK7O4Yj9z_uKOjtWacWbm1y998Bf2-i_alefuOMauXKrwgdJxF8pcp09hpZ7d49PMUzgrTmZ7eRH199RCw1d4rlsbz6PmOvb-bY3Au-exVkvJpmGS6OVdOe61ns-Q5MZPGO89_r/s1600/Wavsep+logo.png" title="wavsep toolwar" width="640" /></div>
<div style="text-align: justify;">
<b>Wavsep</b> is a <b>Web Application Vulnerability Scanner Evaluation Project.</b> and <b>Wavsep</b> is a <i>vulnerable web application</i> designed to help assessing the features,
 quality and accuracy of web application vulnerability scanners. </div>
<div style="text-align: justify;">
This
 evaluation platform contains a collection of unique vulnerable web 
pages that can be used to test the various properties of web application
 scanners. </div>
<div style="text-align: justify;">
Although some of the test cases are vulnerable to additional exposures, 
the purpose of each test case is to evaluate the detection accuracy of 
one type of exposure, and thus, “out of scope” exposures should be 
ignored when evaluating the accuracy of vulnerability scanners.  </div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war-linux.zip" target="_blank">Wavsep 1.2</a> (for Linux)<b></b></div>
<div style="text-align: justify;">
                               <a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war.zip" target="_blank">Wavsep 1.2</a> (for Windows)<b><br /></b></div>
<div style="text-align: justify;">
<b>Read More :: </b>https://code.google.com/p/wavsep/</div>
</div>

Wavsep (Web Application Vulnerability Scanner) :: Tools

Wavsep is a Web Application Vulnerability Scanner Evaluation Project. and Wavsep is a vulnerable web application designed to help as...

ProxyStrike (Web Application Proxy) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge78U7MQQKmBqqrofRPUEQ8S5bYcppmr1mk7FrI-pqVmZXoW3WPniXtP2cfLNP1GdtGlQzq165Y2DSHUK7MACZoWV7Bu4izxybRx63m-unu5dcdFSeHnTLGfhyI6rsmrtNjga-GHs1EE8F/s1600/proxystrike+logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="86" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge78U7MQQKmBqqrofRPUEQ8S5bYcppmr1mk7FrI-pqVmZXoW3WPniXtP2cfLNP1GdtGlQzq165Y2DSHUK7MACZoWV7Bu4izxybRx63m-unu5dcdFSeHnTLGfhyI6rsmrtNjga-GHs1EE8F/s1600/proxystrike+logo.jpg" width="400" /></a></div>
<div style="text-align: justify;">
<b>ProxyStrike v2.1</b> is an active Web Application Proxy.  It's a tool designed to find vulnerabilities while browsing  an  application. It was created because the problems we faced in the  pentests of web applications that depends heavily on Javascript, not  many web scanners did it good in this stage, so we came with this proxy.  </div>
<div style="text-align: justify;">
Right now it has available Sql injection and XSS plugins.  Both  plugins are designed to catch as many vulnerabilities  as we can, it's  that why the SQL Injection plugin is a  Python port of the great  DarkRaver "Sqlibf". </div>
<div style="text-align: justify;">
The process is very simple, ProxyStrike runs  like a proxy listening in port 8008 by default, so you have to browse  the desired web site setting your browser to use ProxyStrike as a proxy,  and ProxyStrike will analyze all the paremeters in background mode. For  the user is a passive proxy because you won't see any different in the  behaviour of the application, but in the background is very active. :) </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/l8kioy4QX7U?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://proxystrike.googlecode.com/files/proxystrike-2.2.tar.bz2">ProxyStrike-2.2.tar.gz</a> (for Linux)<br />
                               <a href="http://proxystrike.googlecode.com/files/ProxyStrike-2.2.zip" target="_blank">ProxyStrike-2.2.zip  </a>(for Windows)<b>  </b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> http://www.edge-security.com/proxystrike.php</div>
</div>

ProxyStrike (Web Application Proxy) :: Tools

ProxyStrike v2.1 is an active Web Application Proxy. It's a tool designed to find vulnerabilities while browsing an application....

Wapiti (Vulnerability Scanner for Web Applications) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Wapiti Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_vAvYcVPv2XdyfBL7FvNMBsXInHGcYgu5w0H4yb8E4dSyA-eU7KHJry7W8hCJLZWQQNL50PY4hjXSWX9F2RgbL8k0a9CFw4r0wU4Y-ay2rmGZWsFrXXfX-gb7gs97ZXxXCtujF3TnqglK/s1600/wapiti+logo.gif" title="Wapiti Logo" /></div>
<div style="text-align: justify;">
<b>Wapiti </b>is a vulnerability scanner for web applications. It currently  search vulnerabilities like XSS, SQL and XPath injections, file  inclusions, command execution, LDAP injections, CRLF injections... It  use the Python programming language.<b> </b></div>
<div style="text-align: justify;">
<b>Wapiti</b> allows you to audit the security of your web applications.  It performs "<b>black-box</b>" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.Once it gets this list, <b>Wapiti</b> acts like a <i>fuzzer,</i> <i>injecting payloads</i> to see if a script is vulnerable.</div>
<div style="text-align: justify;">
<b>Wapiti </b>can detect the following vulnerabilities : </div>
<ul style="text-align: justify;">
<li>File Handling Errors (Local and remote include/require, fopen, readfile...)</li>
<li>Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)</li>
<li>XSS (Cross Site Scripting) Injection</li>
<li>LDAP Injection</li>
<li>Command Execution detection (eval(), system(), passtru()...)</li>
<li>CRLF Injection (HTTP Response Splitting, session fixation...)</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RaoEcKMZL6Q?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://sourceforge.net/projects/wapiti/files/latest/download" target="_blank">Wapiti 2.2.1.zip</a><b>
</b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> http://wapiti.sourceforge.net/</div>
</div>

Wapiti (Vulnerability Scanner for Web Applications) :: Tools

Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file i...

Subscribe to: Posts ( Atom )