Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
b8be1811b5922084c753cd6de2d0b9a6cc88bcfc43203dab14e4d92599a9f218
Michal Zalewski has released some details with links to proof of concept code for a MSIE same-origin bypass race condition, MSIE memory corruption on page transitions, CANVAS implementation crashes, and Safari page transition tailgating.
aada75a86af557c06b7ae5af9b0eebe4b1e6812bafa534a00cb5dd004ecdf459
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
2142d5643305713d9be7fcc82a244048076190851e697b645c49b549a7ae0725
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
51824925542ec9c1f2120b1b5cc8c0bfcf73bceeb9fb57026dc1ad012aa1f8c5
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
2db436645d5c4fd4aa3e24d589a455b9080aa44753040e6cd39990256867c094
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
64074f2927e1d1f4a9dbc4878cdcbb6c98940d01e2588f6f9bdc85fac7498fda
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
e9907b0e2fc105dec78c5bc9fc35d7d54625ed3896eb3d1ee7ece536646a03bb
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
07abd5e607305563bfb83338f034a1191ce24b39d95a1e7104a23f65ac331c5b
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Note that this version is the win32 compiled version. Original code by Michal Zalewski, compiling by David Coomber.
b1b3a50167e875ae8a49b1069e893267ee5dd2ab3c6ef6b733760e63b4bdc904
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
f58a40d021988874c1bac177413c7b07b985721ff1282cd6734623c08fed634b
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
f80bf14e4e0e2aef70ffee1065caee30c845ca9dae1448701ff20d7f6853e261
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
30c7765b960b131246bfe8c25b79d20eae49f282dd0ac3b7e1e293233a446f99
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
6fa417edb887bc2a9b30f10caf309c076293186b24d00cd9af098a7243ff02a0
A simple utility to thoroughly validate DOM, XMLHttpRequest, and cookie security restriction handling in modern web browsers. Notable features include exhaustive hierarchy crawling, cross-domain IPC system for blind write verification, page transition checks, and more.
3193283a884cf29dab7eb6c658285fc4ab255c371456911b95b7541483b34432
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
dae9be447ea202eb4d5eeb0cba317136fe15861630c1562730ff011f8ecb33c7
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
ebfb03563564202d26c9314f19b2cbbdf98cdb2c16d21f6628ccf680af7d3db6
Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
7316d0f0a285a94b48f522cda8e5a4963a67a6b63cbe7e8aaa2dd7ed46a4b9ef
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Note that this version is the win32 compiled version. Original code by Michal Zalewski, compiling by David Coomber.
dd38a277cf5f75bd141c92c52d4a943be4377fb60f3ec5a8fd8b6e6d380f4122
It appears that Microsoft Internet Explorer suffers from a browser entrapment vulnerability in document.open() calls.
1b23865dd5ab90c94ef1fe835486566129d4f40e9c19376db573494978d39288
A vulnerability exists in how Mozilla Firefox handles internal wyciwyg:// pseudo-URIs.
93f02ea123437363186523aeae7e0ca0e0d453814f6ae1c66ad755016eaf7b78
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Note that this version is the win32 compiled version. Original code by Michal Zalewski, compiling by David Coomber.
e5665aaef9dea1dbdd6c08e7f76453874a605f513f2c431e34a940104a886c8e
Multiple vulnerabilities have been discovered that affect Microsoft Internet Explorer and Mozilla Firefox.
44c9aebc984e47399f696a485a24a8b42bac000661c73e65fc9147ffc41af37e
There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites.
21a72e3c2e3f73ba1fa951e5bf911498d17a63954a83b0046a2309ac71528a4b
Firefox suffers from a design flaw that can be used to confuse casual users and evoke a false sense of authority when visiting a fraudulent website. The flaw can be also used to bypass a fix for an old UI spoofing bug that was thought to be addressed.
f6bd7f2d92b5234b2a324dfe908f0423708a3b99e3a54cda6bb17a733bc75aba
Mozilla Firefox versions 2.0.0.1 and below does not handle writes to the location.hostname DOM property.
81515b1e790b10e90b83ec02a5bb06c1e8df12e3cdaad7f108b23389020be511