background preloader

w3af - Open Source Web Application Security Scanner

w3af - Open Source Web Application Security Scanner
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. Our framework is proudly developed using Python to be easy to use and extend, and licensed under GPLv2.0. The easiest way to learn about what w3af is and how you can use it to secure your web applications is to take our project tour and read our FAQ.

http://w3af.org/

Related:  HPVACPenetration Testing Tools and How2s

Stanford Javascript Crypto Library The Stanford Javascript Crypto Library (hosted here on GitHub) is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. SJCL is easy to use: simply run sjcl.encrypt("password", "data") to encrypt data, or sjcl.decrypt("password", "encrypted-data") to decrypt it. For users with more complex security requirements, there is a much more powerful API, described in the documentation and illustrated in this demo page. SJCL is small but powerful.

Burp Suite Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun. SecCom Labs » Exploit-Me Exploit-Me is a suite of tools and applications designed to help with application security testing. The Exploit-Me Firefox plugin series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. Along with this SecTor is making the audio of the talk available. Exploit-Me Mobile (Mobile Application)

OWASP DirBuster Project - OWASP - Vimperator This historical page is now part of the OWASP archive.This page contains content that is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were once valid but may now link to sites or pages that no longer exist.Please use the newer Edition(s) like OWASP Zed Attack Proxy Project DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. Notification : stratégie - filtrage des URL [0x00] News and Changelog Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) Development just moved to a public github repository: There is a new section below for online tutorials. Read below for Linux compilation notes. CHANGELOG for 8.3 =================== ! Development moved to a public github repository: * Support for upcoming OpenSSL 1.1 added. needs testing. * Fixed hydra redo bug (issue #113) * Updated xhydra for new hydra features and options * Some more command line error checking * Ensured unneeded sockets are closed You can also take a look at the full CHANGES file [0x01] Introduction Welcome to the mini website of the THC Hydra project.

end-to-end - End-To-End End-To-End is a Chrome extension that helps you encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP. This is the source code for the alpha release of the End-To-End Chrome extension. It's built upon a newly developed, JavaScript-based crypto library. End-To-End implements the OpenPGP standard, IETF RFC 4880, enabling key generation, encryption, decryption, digital signature, and signature verification. We’re releasing this code to enable community review; it is not yet ready for general use. OWASP Zed Attack Proxy Project Involvement in the development of ZAP is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

RATS - Rough Auditing Tool for Security Welcome to RATS - Rough Auditing Tool for Security RATS - Rough Auditing Tool for Security - is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.

Related:  Security