JaPCrypt stands for Javascript and PHP Encryption. It is a PHP/JavaScript suite that allows data encryption over HTTP.
96ba103d25f01e3d3c3d1a105d6cf5244df6bf93d4e42122e8a5d08c1b8e06ffA simple utility to thoroughly validate DOM, XMLHttpRequest, and cookie security restriction handling in modern web browsers. Notable features include exhaustive hierarchy crawling, cross-domain IPC system for blind write verification, page transition checks, and more.
3193283a884cf29dab7eb6c658285fc4ab255c371456911b95b7541483b34432httprecon is an advanced web server fingerprinting tool that makes use of nine test cases when mapping the target service. Source release.
91f9586eb1d62dde8af49f5b3147bb53e12765f765715a3cee066448fe4917f1httprecon is an advanced web server fingerprinting tool that makes use of nine test cases when mapping the target service. Win32 binary release.
9cd458eff1ac5c4bfc1d2f1bc04c68bfa192fbc60705474af3aa7bbb0acd7305cookietools is comprised of three pieces. First, the cookiesniffer, which is a simple and powerful cookie sniffer that recognizes (through heuristics) and reconstructs (through libnids) new and existing HTTP connections, parsing any valid or partially valid HTTP message. The output is a set of files containing the gathered information with time-stamps in a format that can be trivially searched and parsed with standard UNIX tools such as grep, awk, cut and sed. It supports wireless (AP_DLT_IEEE802_11) networks. Second, there is a set of bash scripts that are used to quickly analyze the logs of cookiesniffer. In addition to this, there is the cookieserver that allows you to impersonate the cookies of someone else in your browser using the logs of cookiesniffer. This attack is also called "side-jacking", "cookie replay attack" and "HTTP session hijacking".
57cd19528911100ce510569166711f4c2c78f9296973227eebf715cfa948c68bSQL-Me is a Firefox Add-on tool that was designed to help test for SQL injection vulnerabilities in a given system.
6ce4a02bbb85a9c6c406b35e8f83efda006409c70e3a0585b9b57e72bfa25027XSS-Me is a Firefox Add-on tool that was designed to help test for cross site scripting vulnerabilities in a given system.
6b9eae1b5cc54430f5eba46d847367a742d51ef3f9b20e6c935d8f20998d0138SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. Some features include predefined attack patterns, highly customizable attacks, semi-automated cross site scripting checks, and more.
ed7bcff3fefd34be99edafb8554813713aebb26330bb5743201776c9eff34d1estproxy is small and simple single-threaded HTTP/SSL proxy server released under the GNU General Public License (GPL). stproxy uses as little resources as possible, while still being very fast and efficient.
502c1cf67367a493af1d9d9ddce76442a9f3bb04215820ed5f86d54ddded2a1bSusanoo is a simple editor written for Konqueror browser that allows for manipulation of cookies.
97526b4b62ddc620bc9c854a2a10d2537201c7f9b4b7210b9616072b62cd1c7bw3af, is a Web Application Attack and Audit Framework. The framework and the plugins are fully written in python. Each plugin will add a functionality like cross site scripting detection or SQL injection exploitation.
67d891aa6500e7df47db2f09f38d9e2c51954964e0f2cf5cf740433665379e95stproxy is small and simple single-threaded HTTP/SSL proxy server released under the GNU General Public License (GPL). stproxy uses as little resources as possible, while still being very fast and efficient.
fe85a1ca11d02b59fb84092f78c148eca26f2675472f09b9aa513321a4b0e469Fast HTTP Auth Scanner is a new web security scanner for Windows that allows brute-force attacks against web based devices that require HTTP authentication. Source and binary included.
6fdc2f841cacc72e9f514e6f59a51e63dafb283ee4928442ee10a184d4887dfbw3af, is a Web Application Attack and Audit Framework. The framework and the plugins are fully written in python. Each plugin will add a functionality like cross site scripting detection or SQL injection exploitation.
4ae9586fc7aee75177c4c2701c8d94098691362cb60cee45a98b6e8a184d7ce1FG-Injector is a tool that leverages the pentester's work by facilitating the exploitation of SQL Injection vulnerabilities. It includes a a powerful proxy feature for intercepting and modifying HTTP requests, a network spy module to allow the analyst view HTTP requests and their corresponding responses and an inference engine for automating SQL injection exploitation. The Inference Engine Module of the FG-Injector Framework automates the generation and injection of SQL statements needed for exploitation of a Blind SQL Injection. This module will work also for regular injections using the same method. It can produce blind injections on web/app servers using MS SQL Server, MySQL, and PostgresSql DBMSs.
74b3c38d6f2099312260d15315e3efffa0931c01dbf652273a76ad062166cd72Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
2aec3da07856ca2b53b834bdba8a820a130854e02426de41d8eabcf6c4c11606FireCat is a new Firefox Framework Map collection of the most useful security oriented extensions. It stands for FireFox Catalog of Auditing Toolbox. Included is a zip file of the extensions and a pdf that provides a diagram of everything included.
aca465934c0da88a77a3ac6cae3d2b74a86b5147c81b1dbe7dbef16a00a55f00Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.
fd37d64f7ffe193101da20f6e6e2016105de62948f3976aceaa96f636606fe74Mod_evasive is a module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive reports abuses via email and syslog facilities. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from requesting the same page more than a few times per second or making more than 50 requests with the same child per second.
07c45139aa313899484a900f0fc162b3e17eb4f60fe474d7f3dd6c9941e95667Stompy is a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they're predictable or simply vulnerable to brute-force attacks, we do have a problem.
dcd57db394e72ee795957f83e0d04d93a1be556851e9863fb99cda714b1c58dePound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
316545c126f11be95deab5fb60d6a26e1aa644f9a8b5972219062ce6521e1491Refspoof acts like a proxy server and is able to spoof your HTTP referrer and user-agent. This comes in handy to bypass certain authentication mechanisms or user-agent limitations for some download managers.
462eb0a9eca7d32154fd32846ca63fb75e1f3e01df8a7c208d4a14265c2e4f38googlegath is a free open source utility to obtain informations through Google searches. It could be useful for penetration testing, security scanning, etc. googlegath has been tested on GNU/Linux, *BSD systems.
e754e380fcd9e0ba64eeb22cf691c7a8ed0da8b395cb718921623b3649666ab1OWASP Pantera Web Assessment Studio (WAS) is a mix between a pentest proxy, an application scanner and an intelligence analysis framework. Pantera leaves the analysis and automatic (repetitive) stuff to the engine, leaving only the important decisions to the security expert. It has been designed by professionals with many years of experience in the application security industry to offer users the necessary features required for them to create secure code. Pantera uses an improved version of SpikeProxy to provide a powerful web application analysis engine.
6b6f0f945f6969baff990576f81c26d86854929c43d50efce784a2d9273952a8Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.
622c3478515c951189334aa9a60ae7e71dfbbc671d983bf2f4b732a5fdd230a1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed