exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 253 RSS Feed

Files

DeXSS 1.2
Posted Jun 12, 2012
Site dexss.org

DeXSS provides a SAX2 Parser to help protect against cross site scripting (XSS) attacks. DeXSS uses TagSoup to parse potentially malformed input, followed by a SAX2 filter pipeline to remove JavaScript from HTML. You can use the DeXSS parser in place of your existing SAX2 parser, or you can use the DeXSS utility to provide a string-to-string conversion.

Changes: This release adds a CSS sanitizer, uses the OSBCP CSS Parser, canonizes CSS in @style, and attempts to remove javascript: and expression(). Inline <style> CSS is still elided.
tags | tool, web, javascript, xss
SHA-256 | 6b2ac847ccc68a5a4b369c54df3b011afeef4702562ef4d6304a3355e16ed115
Mod_auth_pubtkt 0.7
Posted Jun 4, 2012
Site neon1.net

mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.

Changes: The public key can be set per directory instead of only globally. The login URL is now optional, and a new TKTAuthBadIPURL option has been added. Furthermore, the module now compiles with Apache 2.4 and includes a Perl ticket generation module.
tags | web, php
systems | unix
SHA-256 | 8ff3de9c5acc026c6fd74fd8e599c0c2659cd29c51693dbf67a8bf8c609be94e
OWASP Mantra - Lexicon 0.91 Beta
Posted May 11, 2012
Site getmantra.com

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.

Changes: Firefox 12 is now used as the base. NoRedirect Extension, FireEncrypter, Ra.2 XSS scanner, and more have been added. Known issues have been addressed.
tags | web
SHA-256 | 541d48c626a68f4fde63c7fca65c1f14bbaf9ece1f236099d199f6a931b408c7
Zed Attack Proxy 1.4.0.1 Windows Installer
Posted Apr 10, 2012
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Windows installer.

Changes: Syntax highlighting, fuzzdb integration, parameter analysis, enhanced XSS scanner, a port of some watcher checks, plugable extensions, and a load of bug fixes.
tags | tool, web, vulnerability
systems | windows
SHA-256 | 86958b3047d7959d500a914ed62d8b67c713cf75cec79b67db8f06864d33d481
Zed Attack Proxy 1.4.0.1 Mac OS X Release
Posted Apr 10, 2012
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.

Changes: Syntax highlighting, fuzzdb integration, parameter analysis, enhanced XSS scanner, a port of some watcher checks, plugable extensions, and a load of bug fixes.
tags | tool, web, vulnerability
systems | apple, osx
SHA-256 | 370b065d9d57839e4c92ef7044e07775cebbdd9c035a7661037505b2e48065b8
Zed Attack Proxy 1.4.0.1 Linux Release
Posted Apr 10, 2012
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.

Changes: Syntax highlighting, fuzzdb integration, parameter analysis, enhanced XSS scanner, a port of some watcher checks, plugable extensions, and a load of bug fixes.
tags | tool, web, vulnerability
systems | linux, unix
SHA-256 | 3bd683f219f1a8e52a26eeb33d928851074609f5b42bca6c635ca3c707167d50
Xenotix KeylogX Keylogger For Firefox
Posted Feb 24, 2012
Authored by Ajin Abraham | Site xenotix.co.cc

Xenotix KeylogX is a keylogger add-on for Mozilla Firefox. It captures and logs keystrokes sent to the browser and you simply type alt-X to retrieve the data from the logfile.

tags | tool, web
SHA-256 | 67b0971f10df230d180133c5c89d059079a85c82d7ef454d272f3decf994a478
Dradis Information Sharing Tool 2.9.0
Posted Feb 3, 2012
Authored by etd | Site dradis.nomejortu.com

dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.

Changes: This release added a Retina Network Security Scanner upload plugin and a Zed Attack Proxy upload plugin. The Nessus, Nikto, and Nmap upload plugins are now orders of magnitude faster. A VulnDB import plugin was added to support VulnDB HQ integration. The First Time User's Wizard was updated. Rails was upgraded to version 3.2.
tags | tool, web
systems | unix
SHA-256 | acd6962974b366615d52eda38b9efa9e28463c266a80b88cccc0bfb5f0026dea
OWASP Mantra Armada 0.81 Beta
Posted Dec 31, 2011
Site getmantra.com

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.

Changes: New add-ons have been added. The base itself has been upgraded. Galley integration has been added along with a better look and feel.
tags | tool, web
SHA-256 | 384cc6304a9f881aea8174598cb196a3476ff4511782032d9cc6022cb4240905
Pound Reverse HTTP Proxy 2.6
Posted Dec 29, 2011
Authored by roseg | Site apsis.ch

Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.

Changes: Support for SNI via multiple Cert directives. A pre-defined number of threads for better performance on small hardware. Translation of hexadecimal characters in the URL for pattern matching. Support for a "Disabled" directive in the configuration. More detailed error logging. Allows multiple AddHeader directives.
tags | tool, web
systems | linux
SHA-256 | 0ad25e3652e22117abbc17a70b5d8913e05991318a5506bc7437e662616fdf21
WordPress AES-Edition 0.0.2
Posted Nov 25, 2011
Authored by Skraps | Site code.google.com

WordPress AES-Edition is a modified version of WordPress that implements use of AES.

tags | web
SHA-256 | e2f502cb8fdb0c59b98cba8ed87e9202bdbe753de19f273a5b7224c99090a74a
w3af Web Application Attack and Audit Framework 1.1
Posted Nov 10, 2011
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Increased performance using gzip encoding, hundreds of bugs fixed, enhanced embedded bug report system added and more.
tags | tool, remote, web, local, xss, sql injection, python, file inclusion
SHA-256 | 0bf3cec513931b9bf20e6f753dedeaab57b5cad303489ab9ff365786c04d9444
OWASP Mantra c0c0n 11 / AppSecLatam 11 0.71 Beta
Posted Oct 27, 2011
Site getmantra.com

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.

tags | tool, web
SHA-256 | 7ab4f46f7750e54e54d0f6721053ab9635778e313da8e2369ad9bfd717a28242
Dradis Information Sharing Tool 2.8.0
Posted Oct 11, 2011
Authored by etd | Site dradis.nomejortu.com

dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.

Changes: This release has a cleaner three-column layout, smarter AJAX polling and auto-updating, a new version of the Nmap upload plugin, and a new version of the Nessus upload plugin. ./verify.sh now checks that libxml2 is installed.
tags | tool, web
systems | unix
SHA-256 | 8ada50ae477251e389b2c04f9f4cbd299647c98939664b86d46904985dd0c40c
Zed Attack Proxy (ZAP) 1.3.2
Posted Sep 28, 2011
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Linux releases are all included in this file.

Changes: Various updates and enhancements.
tags | web, vulnerability
systems | linux, windows, apple, osx
SHA-256 | 318b8a7ac7957abf70378a1b16c1e6d177b97355de8922a2a727da46027d793a
Lanuguage Pack For ZAP 1.3.2
Posted Sep 27, 2011
Authored by Psiinon | Site owasp.org

This is the language pack for Zed Attack Proxy (ZAP). Languages supported include English, Brazilian Portuguese, Chinese, Danish, French, German, Greek, Indonesian, Japanese, Polish, and Spanish.

tags | web
SHA-256 | 6183ff2dcbca1d90de8be214492f2c35ec55b93ada75f15714619cc720a1aaa9
Zed Attack Proxy (ZAP) Client API 0.1 Alpha
Posted Sep 27, 2011
Authored by Psiinon | Site owasp.org

This is the client API for the Zed Attack Proxy (ZAP).

tags | web
SHA-256 | 6d7cff323c60e89b38a9a849a33616a16931393cd68b4f5494c52abb8537b820
URLCrazy Domain Name Typo Tool 0.4
Posted Sep 15, 2011
Authored by Andrew Horton | Site morningstarsecurity.com

URLCrazy enables the study of domainname typos and URL hijacking. URLCrazy is a domainname typo generator that generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: It now also supports bit flipped domains. Urlcrazy is written in Ruby.
tags | tool, web
systems | unix
SHA-256 | 1508aab43633f915ded61710cf102778608f8c3ac34461c12982e8e8afa13a57
w3af Web Application Attack and Audit Framework 1.0
Posted May 25, 2011
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Code base has been stabilized. Additions include an auto-update feature, web application payloads, PHP static code analyzer, and more.
tags | remote, web, local, xss, sql injection, python, file inclusion
SHA-256 | 9aaa651e706fe0c4c2cff95879d614cdcb9791e5120cccc527fcb82922d76fc8
Dradis Information Sharing Tool 2.7.0
Posted Apr 20, 2011
Authored by etd | Site dradis.nomejortu.com

dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.

Changes: This release has an improved command line API with Thor. A new Configuration Manager to handle all plugin config settings. A new Upload Manager that runs uploads in the background and updates the interface through AJAX. New plugins: Metasploit import; NeXpose (.xml) upload; OpenVAS (.xml) upload; SureCheck (.sc) upload; w3af (.xml) upload; and Web Exploitation Framework (wXf) upload. The Nessus plugin supports .nessus v2. Vuln::DB import has been updated to support the latest release. Bugs fixed: #2888332 and #2973256. Rails has been updated to 3.0.6.
tags | web
systems | unix
SHA-256 | c8c5c324156e7960e3faa20e6ef569ecc3d82808b161102ebb63052564e9d4ba
w3af Web Application Attack and Audit Framework 1.0 RC5
Posted Jan 19, 2011
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Improvements include new vulnerability checks, more stable code and an approximate 15% performance boost in the overall speed of your scan.
tags | tool, remote, web, local, xss, sql injection, python, file inclusion
SHA-256 | afdd6a37613b8f67cc991a864aeafc32f534399eb0c712a77d8422be363deb32
Zed Attack Proxy (ZAP) 1.1.0
Posted Dec 6, 2010
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.

Changes: OWASP rebranding, Brute Force scanner c/o the OWASP DirBuster project, Port scanner, Active scan tab, and more.
tags | web, vulnerability
systems | linux, windows, apple, osx
SHA-256 | 0142ba35e4b28b85e2e94843a844834439d3f4151a2dec3f69755b3def89d455
w3af Web Application Attack and Audit Framework 1.0 RC4
Posted Nov 3, 2010
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Improvements of the GUI and more.
tags | remote, web, local, xss, sql injection, python, file inclusion
SHA-256 | e36997741f1b457a6eefa1e1c8454ef87e0d9023592db876a6c300d82d468b24
Zed Attack Proxy (ZAP) 1.0.0
Posted Oct 5, 2010
Authored by Psiinon | Site owasp.org

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X, Windows and Cross Platform releases are all included in this file.

tags | web, vulnerability
systems | windows, apple, osx
SHA-256 | 91e84d4d8c33fdbfa8e41f39c4f82e45db20959792a1fa9ddfe0c442f33bb47e
iExploder 1.7.2
Posted Sep 21, 2010
Authored by Thomas Stromberg | Site code.google.com

iExploder is like a fire hydrant full of bad HTML and CSS code to test the stability and security of web browsers. Available as a standalone webserver or CGI script, it continuously feeds browsers bad data in the hope that they will eventually crash. It is designed to run for hours, or even days until the browser crashes. namebench was initially written as a QA tool for the Mozilla Project to test the Firefox 1.0 release, and is now included and used by Apple's Webkit project.

Changes: This release adds a second redirect for confirming crash conditions in order to duplicate page transition crashes. It fixes a bug that broke subtest isolation when running tests in random order.
tags | web, cgi
systems | apple
SHA-256 | b4ef8f5c26215580696167fa50ab9b0e33fb7b37c37004c226ce14cf7b13e4fa
Page 3 of 11
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close