Section: .. / web /
| /// File Name: |
w3af-beta5.tar.bz2 |
Description:
|
w3af, is a Web Application Attack and Audit Framework. The framework and the plugins are fully written in python. Each plugin will add a functionality like cross site scripting detection or SQL injection exploitation.
| | Author: | Andres Riancho | | Homepage: | http://w3af.sourceforge.net/ | | Changes: | This version implements some really interesting features like virtual daemons and w3afAgents. | | File Size: | 10275597 | | Last Modified: | Oct 22 18:08:31 2007 |
| MD5 Checksum: | e6e662fc3e221756641b6456ad008bb6 |
|
| /// File Name: |
w3af-10Jun2007.tar.bz2 |
Description:
|
w3af, is a Web Application Attack and Audit Framework. The framework and the plugins are fully written in python. Each plugin will add a functionality like cross site scripting detection or SQL injection exploitation.
| | Author: | Andres Riancho | | Homepage: | http://w3af.sourceforge.net/ | | File Size: | 9673706 | | Last Modified: | Jun 12 20:10:04 2007 |
| MD5 Checksum: | d7bd1cc6c25bf2ce71270805da9633c9 |
|
| /// File Name: |
FormScalpelv1.0.11BETA.zip |
Description:
|
Form Scalpel v1.0.11 for Windows is designed to aid security professionals to assess the resilience of a web sites forms to various forms of attack. Given the growing sophistication and variety of sites and development techniques utilized, a generic tool specifically aimed at making this job easier was required. Thus "Form Scalpel" was born. The tool automatically extracts form/s from a given web page and automatically splits out all fields for editing and manipulation - making it a simple task to formulate detailed GET and POST requests. The application supports HTTP and HTTPS connections and will function over proxy servers.
| | Author: | Curryman | | Homepage: | http://ugc.org.uk/~curryman | | File Size: | 2740611 | | Last Modified: | Sep 20 00:40:47 2001 |
| MD5 Checksum: | cc2ae1b4a6b71dd864d1bab764dc9e8c |
|
| /// File Name: |
FG-Injector-0.9a.tar.bz2 |
Description:
|
FG-Injector is a tool that leverages the pentester's work by facilitating the exploitation of SQL Injection vulnerabilities. It includes a a powerful proxy feature for intercepting and modifying HTTP requests, a network spy module to allow the analyst view HTTP requests and their corresponding responses and an inference engine for automating SQL injection exploitation. The Inference Engine Module of the FG-Injector Framework automates the generation and injection of SQL statements needed for exploitation of a Blind SQL Injection. This module will work also for regular injections using the same method. It can produce blind injections on web/app servers using MS SQL Server, MySQL, and PostgresSql DBMSs.
| | Homepage: | http://www.flowgate.net/ | | File Size: | 2107215 | | Last Modified: | Apr 20 22:57:47 2007 |
| MD5 Checksum: | bf8954ef2c77f16f70b919e7f9d813a6 |
|
| /// File Name: |
dradis-v1.2.tar.gz |
Description:
|
dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.
| | Author: | etd | | Homepage: | http://dradis.nomejortu.com/ | | File Size: | 2011899 | | Last Modified: | May 7 13:42:52 2008 |
| MD5 Checksum: | 481beae4f13e322aad1066ba943aafd4 |
|
| /// File Name: |
WebStorm1_2.zip |
Description:
|
WebStorm is an IP scanner for Windows which checks webserver versions. Features include Webserver type filtering, option to use a HTTP Proxy server for scans, and saving the list or just IP's in the list to a file.
| | Author: | Askin | | File Size: | 1824771 | | Last Modified: | Jan 31 00:35:15 2002 |
| MD5 Checksum: | 681a0ca1f28aed8bdcfc7f0d41f87556 |
|
| /// File Name: |
Pantera_Release_0.1.1.zip |
Description:
|
OWASP Pantera Web Assessment Studio (WAS) is a mix between a pentest proxy, an application scanner and an intelligence analysis framework. Pantera leaves the analysis and automatic (repetitive) stuff to the engine, leaving only the important decisions to the security expert. It has been designed by professionals with many years of experience in the application security industry to offer users the necessary features required for them to create secure code. Pantera uses an improved version of SpikeProxy to provide a powerful web application analysis engine.
| | Author: | Pantera Proxy | | Homepage: | http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project | | File Size: | 1786718 | | Last Modified: | Oct 30 15:52:50 2006 |
| MD5 Checksum: | f6c29bb2d28ad6f0cbaab6d51bcd2b84 |
|
| /// File Name: |
Pantera_Release_0.1.2.zip |
Description:
|
OWASP Pantera Web Assessment Studio (WAS) is a mix between a pentest proxy, an application scanner and an intelligence analysis framework. Pantera leaves the analysis and automatic (repetitive) stuff to the engine, leaving only the important decisions to the security expert. It has been designed by professionals with many years of experience in the application security industry to offer users the necessary features required for them to create secure code. Pantera uses an improved version of SpikeProxy to provide a powerful web application analysis engine.
| | Author: | Pantera Proxy | | Homepage: | http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project | | Changes: | Tons of changes - See changelog. | | File Size: | 1207676 | | Last Modified: | Nov 30 13:23:57 2006 |
| MD5 Checksum: | 8ac3928d4351c9f49819ffc2d3e1a274 |
|
| /// File Name: |
httprecon-1.3.zip |
Description:
|
httprecon is an advanced web server fingerprinting tool that makes use of nine test cases when mapping the target service. Win32 binary release.
| | Author: | Marc Ruef | | Homepage: | http://www.computec.ch/projekte/httprecon/ | | File Size: | 990438 | | Last Modified: | Dec 11 22:57:13 2007 |
| MD5 Checksum: | 4dea03e14a51c0bf95600e9eb0b0993e |
|
| /// File Name: |
SH_Tool_1.1.0.exe |
Description:
|
Security Hardening Tool for Web Servers. Examines the web server's security configuration and provides heuristic analysis of the web server's configuration files to detect security configuration errors.
| | Homepage: | http://www.syhunt.com | | File Size: | 963584 | | Last Modified: | May 12 20:03:37 2004 |
| MD5 Checksum: | 22a1695c356ec42f31e7b985d1431b95 |
|
| /// File Name: |
sslclient.tar.gz |
Description:
|
The SSL client stress tool is a small program which is capable of stress testing any SSL-based server. It has been tested with Apache+mod_ssl and IIS. It can be easily modified to stress test any custom SSL implementation, and can also stress test static-page HTTP servers.
| | Homepage: | http://sslclient.sourceforge.net | | File Size: | 953451 | | Last Modified: | Dec 31 00:51:18 2000 |
| MD5 Checksum: | 543b9c72c39fd59fb7f3d6dbdeb61e30 |
|
| /// File Name: |
wbclk256.zip |
Description:
|
WebClicker v2.56 uses public proxies to create artificial banner ad clicks. Emulates complete browser HTTP transfer and can be used for banner/link exchanges and toplists as well.
| | Author: | Moritz Bartl | | Homepage: | http://www.headstrong.de | | Changes: | customizable proxy timeout, play WAV sound file when done, flashes window when done, minimizing the simple form is now possible, improved memory management and a few more bugs fixed. | | File Size: | 665743 | | Last Modified: | Feb 26 00:22:51 2002 |
| MD5 Checksum: | 146167107b4ca5dde0f49960a2050601 |
|
| /// File Name: |
modsecurity-apache_2.1.0.tar.gz |
Description:
|
Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.
| | Homepage: | http://www.modsecurity.org/ | | Changes: | Improved performance and reduced memory consumption (200% improvement). Includes the generic Web application security rules from the Core Rules project. The manual has been extensively improved. | | File Size: | 650133 | | Last Modified: | Mar 4 04:00:21 2007 |
| MD5 Checksum: | 2e919766f2878c4ee46334816004dd15 |
|
| /// File Name: |
SP147.tgz |
Description:
|
SPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL 0.5.1 from the SPIKE Web page. Several working examples are included. Screenshot available here. Changelog available here.
| | Author: | Dave Aitel | | Homepage: | http://www.immunitysec.com/spike.html | | Changes: | Internet Explorer compatibility has been fixed, the core engine is more capable against a wider range of web pages and it is now possible to restrict use of the proxy. | | File Size: | 622289 | | Last Modified: | Jan 31 16:48:25 2003 |
| MD5 Checksum: | 1e99a36ca340970366bf96f460ec3602 |
|
| /// File Name: |
spikeproxy-1.4.6.tar.gz |
Description:
|
SPIKE proxy is a web application analysis tool which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, form rewriting, SQL injection detection, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here. Changelog available here.
| | Author: | Dave Aitel | | Homepage: | http://www.immunitysec.com/spike.html | | Changes: | Fixed NTLM support for some people, Added "False 404 Detection" which can be customized through the Configuration menu. | | File Size: | 621209 | | Last Modified: | Nov 19 01:23:23 2002 |
| MD5 Checksum: | 209f932aee7e3047c52e9783424b9dac |
|
| /// File Name: |
GetRAW.tar.gz |
Description:
|
GetRAW for Windows will query any web server on any given port for banner, date, server, content modification, ETag, Accept-Range, Content Length, current connection and content. Uses the perl IO::Socket::INET module. Includes source and win32 executable.
| | Author: | x1b | | File Size: | 567068 | | Last Modified: | Jan 9 03:45:42 2004 |
| MD5 Checksum: | 63e1c04929b85905dce3097e3e49225a |
|
| /// File Name: |
yaph-0.91.tar.gz |
Description:
|
YAPH, or Yet Another Proxy Hunter, is a stealth proxy hunter that finds public access proxy servers on the Internet and validates proxy lists. YAPH reveals SOCK4, SOCKS5 and HTTP (CONNECT method) proxies.
| | Author: | Proxy Labs | | Homepage: | http://www.proxylabs.com/yaph/ | | File Size: | 492260 | | Last Modified: | Feb 10 22:56:48 2003 |
| MD5 Checksum: | 8e224cc7a6d8e4cab4c6daa21cfa0837 |
|
| /// File Name: |
achilles-0-27.zip |
Description:
|
Achilles is a tool for Windows designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session?s data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
| | Homepage: | http://www.digizen-security.com/projects.html | | File Size: | 433167 | | Last Modified: | Aug 16 01:06:47 2001 |
| MD5 Checksum: | 53c77733109f3d7b33a5143703e8cf05 |
|
| /// File Name: |
tunnel_finder_1.1.zip |
Description:
|
Tunnel Finder v1.1 is a proxy checker that can display information from a list of proxies by searching for proxy servers that permit the CONNECT command allowing an end user to achieve a higher level of anonymity. Checks for SSL proxies as well.
| | Author: | OblivionBlack | | Changes: | Improved scanning engine now more fast. Added SSL check to active proxies. Added possibility to sort proxies in list new save list option. | | File Size: | 430297 | | Last Modified: | Dec 8 06:40:25 2002 |
| MD5 Checksum: | 88373ab9b5b67560121e16cb0297d618 |
|
| /// File Name: |
TunnelFinder.zip |
Description:
|
Tunnel finder is a particular proxy checker that can display information from a list of proxies by searching for proxy servers that permit the CONNECT command allowing an end user to achieve a higher level of anonymity.
| | Author: | OblivionBlack | | File Size: | 429260 | | Last Modified: | Oct 25 01:16:48 2002 |
| MD5 Checksum: | 473f676f21c52b399d99b58b496aec10 |
|
| /// File Name: |
Achilles-0-16-b.zip |
Description:
|
Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP sessions data in either direction and give the user the ability to alter the data before transmission. When in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
| | Homepage: | http://www.digizen-security.com/projects.html | | File Size: | 415805 | | Last Modified: | Dec 21 18:08:05 2000 |
| MD5 Checksum: | f97848d8b940fc4115a5457a1dde15aa |
|
| /// File Name: |
screamingCobra-1.04.tar.gz |
Description:
|
ScreamingCobra is an application for remote vulnerability discovery in ANY UNKNOWN web applications such as CGIs and PHP pages. Simply put, it attempts to find vulnerabilities in all web applications on a host without knowing anything about the applications. Modern CGI scanners scan a host for CGIs with known vulnerabilities. ScreamingCobra is able to 'find' the actual vulnerabilities in ANY CGI, whether it has been discovered before or not.
| | Author: | Samy Kamkar | | Homepage: | http://cobra.LucidX.com | | Changes: | Several bug fixes, support for adding attacking techiques and a Windows binary has been added. | | File Size: | 414990 | | Last Modified: | Jan 13 21:23:34 2002 |
| MD5 Checksum: | a36d646cb96a64a95f7aa2f5c07224e7 |
|
| /// File Name: |
modsecurity-apache-1.9.1.tar.gz |
Description:
|
Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.
| | Homepage: | http://www.modsecurity.org/ | | Changes: | Some small security improvements, and improvements, also some enhancements. | | File Size: | 395659 | | Last Modified: | Dec 1 01:51:54 2005 |
| MD5 Checksum: | d648ba26b1dba708a06344072bea984c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
