SecCom Labs » Exploit-Me Exploit-Me is a suite of tools and applications designed to help with application security testing. The Exploit-Me Firefox plugin series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. Along with this SecTor is making the audio of the talk available. Exploit-Me Mobile (Mobile Application) Exploit-Me Mobile (EMM) is an open source project demonstrating common mobile application vulnerabilities in the iOS and Android platforms. Download the whitepaper now! XSS-Me (Firefox Plugin) Cross-Site Scripting (XSS) is a common flaw found in todays web applications. SQL Inject-Me (Firefox Plugin) SQL Injection vulnerabilites can cause a lot of damage to a web application. Access-Me (Firefox Plugin) Access vulnerabilites in an application can allow an attacker to access resources without being authenticated.
Software | RATS - Rough Auditing Tool for Security Welcome to RATS - Rough Auditing Tool for Security RATS - Rough Auditing Tool for Security - is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. As its name implies, the tool performs only a rough analysis of source code. Download RATS RATS is free software. Source tarball: rats-2.3.tar.gz [382K] [ MD5 ] Win32 binary: rats-2.3-win32.zip [220K] [ MD5 ] Requirements RATS requires expat to be installed in order to build and run. Expat can be found at: Installation Building and installation of RATS is simple. . The configuration script is a standard autoconf generation configuration script and accepts many options. make To install after building, simply run make with the install target: make install Running RATS
OWASP DirBuster Project - OWASP - Vimperator This historical page is now part of the OWASP archive.This page contains content that is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were once valid but may now link to sites or pages that no longer exist.Please use the newer Edition(s) like OWASP Zed Attack Proxy Project DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. However tools of this nature are often as only good as the directory and file list they come with. DirBuster Fork Please note that DirBuster is currently an inactive project. However it has essentially been forked by the OWASP ZAP team. The source code for this fork can be found in: News 22nd October 2009 - Perl Module to Parse DirBuster XML output A big thanks to Jabra for producing a Perl module for parsing the XML reports produced by DirBuster. 3rd March 2009 - Version 1.0-RC1
Notification : stratégie - filtrage des URL [0x00] News and Changelog Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) Development just moved to a public github repository: There is a new section below for online tutorials. Read below for Linux compilation notes. CHANGELOG for 8.3 =================== ! (1) Target selection