background preloader

w3af - Open Source Web Application Security Scanner

w3af - Open Source Web Application Security Scanner

Scapy penetration test - Affordable web application attack tools current community your communities Sign up or log in to customize your list. more stack exchange communities Stack Exchange sign up log in tour help Information Security Ask Question Take the 2-minute tour × Information Security Stack Exchange is a question and answer site for Information security professionals. Affordable web application attack tools 5 Answers active oldest votes Your Answer Sign up or log in Sign up using Google Sign up using Facebook Sign up using Stack Exchange Post as a guest discard By posting your answer, you agree to the privacy policy and terms of service. Not the answer you're looking for? Community Bulletin blog Putting the Community back in Wiki Related What tools are available to assess the security of a web application? How can I test my web application for timing attacks? Which languages are better for attacks against websites? Are there any tools for automated penetration testing of Silverlight applications? What is the best tool to anonymize your scans (network/ports)?

Nikto2 Nikto is sponsored by Netsparker, a dead accurate and easy to use web application security solution. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto is not designed as a stealthy tool. Not every check is a security problem, though most are.

SQID - SQL Injection digger SQID sql injection digger. about SQL injection digger is a command line program that looks for SQL injections and common errors in web sites. Current version can perform the following operations: Look for SQL injections and common errors in web site URLs found by performing a google search. sqid is extensible by adding more signatures to its database (sqid.db). Usage Usage: sqid.rb [options] options: -m, --mode MODE Operate in mode MODE. download sqid is licensed under GPL v2. svn checkout next Next release will be additionally able to look for SQL injections in a web page by submitting forms. Please send suggestions, bugs, patches and flames at contact@metaeye.org. Copyright © Metaeye Security

Notification : stratégie - filtrage des URL [0x00] News and Changelog Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) Development just moved to a public github repository: There is a new section below for online tutorials. Read below for Linux compilation notes. CHANGELOG for 8.3 =================== ! Development moved to a public github repository: * Support for upcoming OpenSSL 1.1 added. needs testing. * Fixed hydra redo bug (issue #113) * Updated xhydra for new hydra features and options * Some more command line error checking * Ensured unneeded sockets are closed You can also take a look at the full CHANGES file [0x01] Introduction Welcome to the mini website of the THC Hydra project. (1) Target selection

Nikto Web Scanner Nikto Web Scanner is a Web server scanner that tests Web servers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. The Nikto code itself is Open Source (GPL), however the data files it uses to drive the program are not. [1] Chris Sullo, the CFO of Open Security Foundation has written this scanner for vulnerability assessment. [2] Functions[edit] Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. Variations[edit] There are some variations of Nikto, one of which is MacNikto. References[edit] External links[edit] CIRT Nikto Page

Documentation - Openscap From Openscap The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents. The following sections provide information about using oscap for both, normal users and developers. The user part covers explanation of the most common oscap operations and shows the relevant examples. The developer part provides information on tasks related to OpenSCAP development. An alternative to the oscap command line tool is SCAP Workbench - a GUI application with scanning and tailoring capabilities. This part of documentation explains usage of the most common oscap operations and presents examples based on industry standard data (SCAP content). $ man oscap Installation You can either build the OpenSCAP library and the oscap tool from source code (for details refer to Compilation), or you can use an existing build for your Linux distribution. # yum install openscap-utils Common Usage $ oscap -V Displaying Information About SCAP Content Scanning Check engines

Software >> sslstrip This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. Requirements Python >= 2.5 (apt-get install python) The python "twisted-web" module (apt-get install python-twisted-web) Setup tar zxvf sslstrip-0.9.tar.gz cd sslstrip-0.9 (optional) sudo python . Running sslstrip That should do it. How does this work? First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. At this point, sslstrip receives the traffic and does its magic. Development The current development branch can be found on github.

Related: