AdminLoginFnder is a perl script that scans webservers for administrative login / control panel sections.
c6352f572295348d638d3e75f43a032da8cb5d74c8e64a799be012aef074e564
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
1c9176931e9eb16200b5f597d7e02aa077d50ac84bc99faa3d877cb9a2fa7907
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
4f7aab33039ef0826cbb1473f80c7de5c0319bb5c435c94688e44069e395bcd8
WebEnum is a tool to enumerate http responses to dynamically generated queries. It is a flexible universal tool to perform penetration testing on web servers. It's useful for guessing resource names and columns size in SQL injection, bruteforce web accounts and passwords, discovery web directories and files, fuzz HTTP requests including GET, POST and HTTP Header, and audit webserver behaviours generating multiple HTTP requests.
96f96eb0922e314f7f118166ad01b8b86180e3bc6fde7ae95205f299e1056956
Download Indexed Cache is a proof of concept script that implements the Google SOAP Search API to retrieve content indexed within the Google Cache to support the "Search Engine Reconnaissance" section of the OWASP Testing Guide version 3.
42571e3120e00887108e79161991c1e09c0a3fb72178bd4a81286effe45c918f
WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
cdeb79db86c92b37ee6aef9f12f6a6178982e75ecd8468ae3754bfb915c35df1
This is a simple script that attempts to check if a CGI script suffers from an input validation command execution vulnerability.
ee39234eb7bfde6be7b06a471b85c22615c756334e75f9853f44970c002c335b
IPv6 Hacking - IPv6 enumeration tool. Supports host enumeration, TCP port scanning, and find AAAA IPv6 host record.
babbfce2ca0a7c77ef1a1ff338b745d7f23442aaeba6097deebbd34f69e4d102
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
7266766b712bc00e0299f97a39549b351e1594a72c96c91399a2d01357ce289d
Umap (UPNP Map) attempts to scan open TCP ports on the hosts behind a UPNP enabled Internet Gateway Device(IGD) NAT. It sends SOAP requests to map ports and then attempts to connect to the mapped ports discovering hosts and services behind the device's NAT.
8e483e902d0fd518df5635f2f6c1c2075aa43ca5cda810b93e7ba1ebec756e3f
Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
89e9edf66437efedf5fad8134fc523e4293b7917f1b8346840c540c6dbdfa9ff
Padding Oracle Exploit Tool (POET). This tool demonstrates a powerful side-channel attack known as the padding oracle attack.
c5777abae995bdbc2b61ee3cdec92eb8df6ec1f9f3399908c8c1f9437adba0e0
Simple Log File Analyzer is a tool that looks for different attack attempts in Apache2 access logs. Written in Python.
dc83d6b8d40632e18697f4392d2309499e45fec75ed2aede879735ffae1421de
iScanner is a free open source tool written in Ruby that lets you detect and remove malicious code from webpages.
d4c9d2d99009583dad4b5bbf6475c12f5129ef7ea541f342fd1848abe5f98f0b
Simple SQL Injection Vulnerability Scanner is a tool that helps you find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work. Written in Python.
96063e29053ad04993390a1466220d3646a0934ad8abc17d8811741f2145659a
WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
0ac0df0abf6e8e36d2d884fa1131410d54795f793c79a33b866246e2069bd4b7
This tool is called the Automated Joomla SQL Injection Exploiter.
b7a442a7e45bc0b1442049e0a08758e0b677ea61b0b13261acede0d565aa4984
Darkjumper is a scanner that checks for SQL injection, local file inclusion, and remote file inclusion vulnerabilities.
0f037590da60c4f1aa9f6ddc5b8eb9332328e3aa64a7ceecedef30769b52a22c
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
8646406446808a3bf250d6247fa27345d4552b9e67a4c5257c33719a579ff644
iScanner is a free open source tool written in Ruby that lets you detect and remove malicious code from webpages.
8cac6c9a5c49b87e3a7190d441bba01a1173469b816326f9286f03b8ef38d46f
WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
de9e6e8be69942bfb60ac6211dab149dbee1f67f0217105def741a0f6804663a
WhatWeb next generation web scanner identifies what websites are running. Released at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand. Written in Ruby for Linux. Flexible plugin architecture with over 70 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
aceeab845573c4cd8661eb2c47f2086cfd6616595069ba6227bdfd86bf423c08
This Ruby script scans a given site looking for administrator login pages.
4807fc91ca699c013d3390a37be1c780e241a1029fe00cbc5dffd54990d56312
This tarball has a couple of bash scripts that use netcat to brute force ftp and scan for local and remote file inclusion vulnerabilities.
e19a0914b0f6880f78c49d6c67f5ecd55462ffd15303f6b5a94f170bc503365b
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
7fb576e16c3f05c9be726475382cdbd4c91cdb4277029e92a5cdccf479c2f3eb