JaPCrypt stands for Javascript and PHP Encryption. It is a PHP/JavaScript suite that allows data encryption over HTTP.
96ba103d25f01e3d3c3d1a105d6cf5244df6bf93d4e42122e8a5d08c1b8e06ff
A simple utility to thoroughly validate DOM, XMLHttpRequest, and cookie security restriction handling in modern web browsers. Notable features include exhaustive hierarchy crawling, cross-domain IPC system for blind write verification, page transition checks, and more.
3193283a884cf29dab7eb6c658285fc4ab255c371456911b95b7541483b34432
httprecon is an advanced web server fingerprinting tool that makes use of nine test cases when mapping the target service. Source release.
91f9586eb1d62dde8af49f5b3147bb53e12765f765715a3cee066448fe4917f1
httprecon is an advanced web server fingerprinting tool that makes use of nine test cases when mapping the target service. Win32 binary release.
9cd458eff1ac5c4bfc1d2f1bc04c68bfa192fbc60705474af3aa7bbb0acd7305
cookietools is comprised of three pieces. First, the cookiesniffer, which is a simple and powerful cookie sniffer that recognizes (through heuristics) and reconstructs (through libnids) new and existing HTTP connections, parsing any valid or partially valid HTTP message. The output is a set of files containing the gathered information with time-stamps in a format that can be trivially searched and parsed with standard UNIX tools such as grep, awk, cut and sed. It supports wireless (AP_DLT_IEEE802_11) networks. Second, there is a set of bash scripts that are used to quickly analyze the logs of cookiesniffer. In addition to this, there is the cookieserver that allows you to impersonate the cookies of someone else in your browser using the logs of cookiesniffer. This attack is also called "side-jacking", "cookie replay attack" and "HTTP session hijacking".
57cd19528911100ce510569166711f4c2c78f9296973227eebf715cfa948c68b
SQL-Me is a Firefox Add-on tool that was designed to help test for SQL injection vulnerabilities in a given system.
6ce4a02bbb85a9c6c406b35e8f83efda006409c70e3a0585b9b57e72bfa25027
XSS-Me is a Firefox Add-on tool that was designed to help test for cross site scripting vulnerabilities in a given system.
6b9eae1b5cc54430f5eba46d847367a742d51ef3f9b20e6c935d8f20998d0138
SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. Some features include predefined attack patterns, highly customizable attacks, semi-automated cross site scripting checks, and more.
ed7bcff3fefd34be99edafb8554813713aebb26330bb5743201776c9eff34d1e
stproxy is small and simple single-threaded HTTP/SSL proxy server released under the GNU General Public License (GPL). stproxy uses as little resources as possible, while still being very fast and efficient.
502c1cf67367a493af1d9d9ddce76442a9f3bb04215820ed5f86d54ddded2a1b
Susanoo is a simple editor written for Konqueror browser that allows for manipulation of cookies.
97526b4b62ddc620bc9c854a2a10d2537201c7f9b4b7210b9616072b62cd1c7b
w3af, is a Web Application Attack and Audit Framework. The framework and the plugins are fully written in python. Each plugin will add a functionality like cross site scripting detection or SQL injection exploitation.
67d891aa6500e7df47db2f09f38d9e2c51954964e0f2cf5cf740433665379e95
stproxy is small and simple single-threaded HTTP/SSL proxy server released under the GNU General Public License (GPL). stproxy uses as little resources as possible, while still being very fast and efficient.
fe85a1ca11d02b59fb84092f78c148eca26f2675472f09b9aa513321a4b0e469
Fast HTTP Auth Scanner is a new web security scanner for Windows that allows brute-force attacks against web based devices that require HTTP authentication. Source and binary included.
6fdc2f841cacc72e9f514e6f59a51e63dafb283ee4928442ee10a184d4887dfb
w3af, is a Web Application Attack and Audit Framework. The framework and the plugins are fully written in python. Each plugin will add a functionality like cross site scripting detection or SQL injection exploitation.
4ae9586fc7aee75177c4c2701c8d94098691362cb60cee45a98b6e8a184d7ce1
FG-Injector is a tool that leverages the pentester's work by facilitating the exploitation of SQL Injection vulnerabilities. It includes a a powerful proxy feature for intercepting and modifying HTTP requests, a network spy module to allow the analyst view HTTP requests and their corresponding responses and an inference engine for automating SQL injection exploitation. The Inference Engine Module of the FG-Injector Framework automates the generation and injection of SQL statements needed for exploitation of a Blind SQL Injection. This module will work also for regular injections using the same method. It can produce blind injections on web/app servers using MS SQL Server, MySQL, and PostgresSql DBMSs.
74b3c38d6f2099312260d15315e3efffa0931c01dbf652273a76ad062166cd72
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
2aec3da07856ca2b53b834bdba8a820a130854e02426de41d8eabcf6c4c11606
FireCat is a new Firefox Framework Map collection of the most useful security oriented extensions. It stands for FireFox Catalog of Auditing Toolbox. Included is a zip file of the extensions and a pdf that provides a diagram of everything included.
aca465934c0da88a77a3ac6cae3d2b74a86b5147c81b1dbe7dbef16a00a55f00
Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.
fd37d64f7ffe193101da20f6e6e2016105de62948f3976aceaa96f636606fe74
Mod_evasive is a module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive reports abuses via email and syslog facilities. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from requesting the same page more than a few times per second or making more than 50 requests with the same child per second.
07c45139aa313899484a900f0fc162b3e17eb4f60fe474d7f3dd6c9941e95667
Stompy is a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they're predictable or simply vulnerable to brute-force attacks, we do have a problem.
dcd57db394e72ee795957f83e0d04d93a1be556851e9863fb99cda714b1c58de
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
316545c126f11be95deab5fb60d6a26e1aa644f9a8b5972219062ce6521e1491
Refspoof acts like a proxy server and is able to spoof your HTTP referrer and user-agent. This comes in handy to bypass certain authentication mechanisms or user-agent limitations for some download managers.
462eb0a9eca7d32154fd32846ca63fb75e1f3e01df8a7c208d4a14265c2e4f38
googlegath is a free open source utility to obtain informations through Google searches. It could be useful for penetration testing, security scanning, etc. googlegath has been tested on GNU/Linux, *BSD systems.
e754e380fcd9e0ba64eeb22cf691c7a8ed0da8b395cb718921623b3649666ab1
OWASP Pantera Web Assessment Studio (WAS) is a mix between a pentest proxy, an application scanner and an intelligence analysis framework. Pantera leaves the analysis and automatic (repetitive) stuff to the engine, leaving only the important decisions to the security expert. It has been designed by professionals with many years of experience in the application security industry to offer users the necessary features required for them to create secure code. Pantera uses an improved version of SpikeProxy to provide a powerful web application analysis engine.
6b6f0f945f6969baff990576f81c26d86854929c43d50efce784a2d9273952a8
Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.
622c3478515c951189334aa9a60ae7e71dfbbc671d983bf2f4b732a5fdd230a1