<h2><span class="mw-headline">LiveCDs</span></h2>
<p>Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - <a class="external free" title="http://www.packetfocus.com/hackos/" rel="nofollow" href="http://www.packetfocus.com/hackos/">http://www.packetfocus.com/hackos/</a><br>DVL (Damn Vulnerable Linux) - <a class="external free" title="http://www.damnvulnerablelinux.org/" rel="nofollow" href="http://www.damnvulnerablelinux.org/">http://www.damnvulnerablelinux.org/</a></p>
<p><a name="Test_sites_.2F_testing_grounds"></a></p>
<h2><span class="mw-headline">Test sites / testing grounds</span></h2>
<p>SPI Dynamics (live) - <a class="external free" title="http://zero.webappsecurity.com/" rel="nofollow" href="http://zero.webappsecurity.com/">http://zero.webappsecurity.com/</a><br>Cenzic (live) - <a class="external free" title="http://crackme.cenzic.com/" rel="nofollow" href="http://crackme.cenzic.com/">http://crackme.cenzic.com/</a><br>Watchfire (live) - <a class="external free" title="http://demo.testfire.net/" rel="nofollow" href="http://demo.testfire.net/">http://demo.testfire.net/</a><br>Acunetix (live) - <a class="external free" title="http://testphp.acunetix.com/" rel="nofollow" href="http://testphp.acunetix.com/">http://testphp.acunetix.com/</a> <a class="external free" title="http://testasp.acunetix.com" rel="nofollow" href="http://testasp.acunetix.com/">http://testasp.acunetix.com</a> <a class="external free" title="http://testaspnet.acunetix.com" rel="nofollow" href="http://testaspnet.acunetix.com/">http://testaspnet.acunetix.com</a><br>WebMaven / Buggy Bank - <a class="external free" title="http://www.mavensecurity.com/webmaven" rel="nofollow" href="http://www.mavensecurity.com/webmaven">http://www.mavensecurity.com/webmaven</a><br>Foundstone SASS tools - <a class="external free" title="http://www.foundstone.com/us/resources-free-tools.asp" rel="nofollow" href="http://www.foundstone.com/us/resources-free-tools.asp">http://www.foundstone.com/us/resources-free-tools.asp</a><br>Updated HackmeBank - <a class="external free" title="http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html" rel="nofollow" href="http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html">http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html</a><br>OWASP WebGoat - <a class="external free" title="http://www.owasp.org/index.php/OWASP_WebGoat_Project" rel="nofollow" href="http://www.owasp.org/index.php/OWASP_WebGoat_Project">http://www.owasp.org/index.php/OWASP_WebGoat_Project</a><br>OWASP SiteGenerator - <a class="external free" title="http://www.owasp.org/index.php/Owasp_SiteGenerator" rel="nofollow" href="http://www.owasp.org/index.php/Owasp_SiteGenerator">http://www.owasp.org/index.php/Owasp_SiteGenerator</a><br>Stanford SecuriBench - <a class="external free" title="http://suif.stanford.edu/~livshits/securibench/" rel="nofollow" href="http://suif.stanford.edu/~livshits/securibench/">http://suif.stanford.edu/~livshits/securibench/</a><br>SecuriBench Micro - <a class="external free" title="http://suif.stanford.edu/~livshits/work/securibench-micro/" rel="nofollow" href="http://suif.stanford.edu/~livshits/work/securibench-micro/">http://suif.stanford.edu/~livshits/work/securibench-micro/</a></p>
<p><a name="HTTP_proxying_.2F_editing"></a></p>
<h2><span class="mw-headline">HTTP proxying / editing</span></h2>
<p>WebScarab - <a class="external free" title="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project" rel="nofollow" href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project</a><br>Burp - <a class="external free" title="http://www.portswigger.net/" rel="nofollow" href="http://www.portswigger.net/">http://www.portswigger.net/</a><br>Paros - <a class="external free" title="http://www.parosproxy.org/" rel="nofollow" href="http://www.parosproxy.org/">http://www.parosproxy.org/</a><br>Fiddler - <a class="external free" title="http://www.fiddlertool.com/" rel="nofollow" href="http://www.fiddlertool.com/">http://www.fiddlertool.com/</a><br>Web Proxy Editor - <a class="external free" title="http://www.microsoft.com/mspress/companion/0-7356-2187-X/" rel="nofollow" href="http://www.microsoft.com/mspress/companion/0-7356-2187-X/">http://www.microsoft.com/mspress/companion/0-7356-2187-X/</a><br>Pantera - <a class="external free" title="http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project" rel="nofollow" href="http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project">http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project</a><br>Suru - <a class="external free" title="http://www.sensepost.com/research/suru/" rel="nofollow" href="http://www.sensepost.com/research/suru/">http://www.sensepost.com/research/suru/</a><br>httpedit (curses-based) - <a class="external free" title="http://www.neutralbit.com/en/rd/httpedit/" rel="nofollow" href="http://www.neutralbit.com/en/rd/httpedit/">http://www.neutralbit.com/en/rd/httpedit/</a><br>Charles - <a class="external free" title="http://www.xk72.com/charles/" rel="nofollow" href="http://www.xk72.com/charles/">http://www.xk72.com/charles/</a><br>Odysseus - <a class="external free" title="http://www.bindshell.net/tools/odysseus" rel="nofollow" href="http://www.bindshell.net/tools/odysseus">http://www.bindshell.net/tools/odysseus</a><br>Burp, Paros, and WebScarab for Mac OS X - <a class="external free" title="http://www.corsaire.com/downloads/" rel="nofollow" href="http://www.corsaire.com/downloads/">http://www.corsaire.com/downloads/</a><br>Web-application scanning tool from `Network Security Tools'/O'Reilly - <a class="external free" title="http://examples.oreilly.com/networkst/" rel="nofollow" href="http://examples.oreilly.com/networkst/">http://examples.oreilly.com/networkst/</a><br>JS Commander - <a class="external free" title="http://jscmd.rubyforge.org/" rel="nofollow" href="http://jscmd.rubyforge.org/">http://jscmd.rubyforge.org/</a><br>Ratproxy - <a class="external free" title="http://code.google.com/p/ratproxy/" rel="nofollow" href="http://code.google.com/p/ratproxy/">http://code.google.com/p/ratproxy/</a></p>
<p><a name="RSnake.27s_XSS_cheat_sheet_based-tools.2C_webapp_fuzzing.2C_and_encoding_tools"></a></p>
<h2><span class="mw-headline">RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools</span></h2>
<p>Wfuzz - <a class="external free" title="http://www.edge-security.com/wfuzz.php" rel="nofollow" href="http://www.edge-security.com/wfuzz.php">http://www.edge-security.com/wfuzz.php</a><br>ProxMon - <a class="external free" title="http://www.isecpartners.com/proxmon.html" rel="nofollow" href="http://www.isecpartners.com/proxmon.html">http://www.isecpartners.com/proxmon.html</a><br>Wapiti - <a class="external free" title="http://wapiti.sourceforge.net/" rel="nofollow" href="http://wapiti.sourceforge.net/">http://wapiti.sourceforge.net/</a><br>Grabber - <a class="external free" title="http://rgaucher.info/beta/grabber/" rel="nofollow" href="http://rgaucher.info/beta/grabber/">http://rgaucher.info/beta/grabber/</a><br>XSSScan - <a class="external free" title="http://darkcode.ath.cx/scanners/XSSscan.py" rel="nofollow" href="http://darkcode.ath.cx/scanners/XSSscan.py">http://darkcode.ath.cx/scanners/XSSscan.py</a><br>CAL9000 - <a class="external free" title="http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project" rel="nofollow" href="http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project">http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project</a><br>HTMangLe - <a class="external free" title="http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm" rel="nofollow" href="http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm">http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm</a><br>JBroFuzz - <a class="external free" title="http://sourceforge.net/projects/jbrofuzz" rel="nofollow" href="http://sourceforge.net/projects/jbrofuzz">http://sourceforge.net/projects/jbrofuzz</a><br>XSSFuzz - <a class="external free" title="http://ha.ckers.org/blog/20060921/xssfuzz-released/" rel="nofollow" href="http://ha.ckers.org/blog/20060921/xssfuzz-released/">http://ha.ckers.org/blog/20060921/xssfuzz-released/</a><br>WhiteAcid's XSS Assistant - <a class="external free" title="http://www.whiteacid.org/greasemonkey/" rel="nofollow" href="http://www.whiteacid.org/greasemonkey/">http://www.whiteacid.org/greasemonkey/</a><br>Overlong UTF - <a class="external free" title="http://www.microsoft.com/mspress/companion/0-7356-2187-X/" rel="nofollow" href="http://www.microsoft.com/mspress/companion/0-7356-2187-X/">http://www.microsoft.com/mspress/companion/0-7356-2187-X/</a><br>[TGZ] MielieTool (SensePost Research) - <a class="external free" title="http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz" rel="nofollow" href="http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz">http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz</a><br>RegFuzzer: test your regular expression filter - <a class="external free" title="http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter" rel="nofollow" href="http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter">http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter</a><br>screamingCobra - <a class="external free" title="http://www.dachb0den.com/projects/screamingcobra.html" rel="nofollow" href="http://www.dachb0den.com/projects/screamingcobra.html">http://www.dachb0den.com/projects/screamingcobra.html</a><br>SPIKE and SPIKE Proxy - <a class="external free" title="http://immunitysec.com/resources-freesoftware.shtml" rel="nofollow" href="http://immunitysec.com/resources-freesoftware.shtml">http://immunitysec.com/resources-freesoftware.shtml</a><br>RFuzz - <a class="external free" title="http://rfuzz.rubyforge.org/" rel="nofollow" href="http://rfuzz.rubyforge.org/">http://rfuzz.rubyforge.org/</a><br>WebFuzz - <a class="external free" title="http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999" rel="nofollow" href="http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999">http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999</a><br>TestMaker - <a class="external free" title="http://www.pushtotest.com/Docs/downloads/features.html" rel="nofollow" href="http://www.pushtotest.com/Docs/downloads/features.html">http://www.pushtotest.com/Docs/downloads/features.html</a><br>ASP Auditor - <a class="external free" title="http://michaeldaw.org/projects/asp-auditor-v2/" rel="nofollow" href="http://michaeldaw.org/projects/asp-auditor-v2/">http://michaeldaw.org/projects/asp-auditor-v2/</a><br>WSTool - <a class="external free" title="http://wstool.sourceforge.net/" rel="nofollow" href="http://wstool.sourceforge.net/">http://wstool.sourceforge.net/</a><br>Web Hack Control Center (WHCC) - <a class="external free" title="http://ussysadmin.com/whcc/" rel="nofollow" href="http://ussysadmin.com/whcc/">http://ussysadmin.com/whcc/</a><br>Web Text Converter - <a class="external free" title="http://www.microsoft.com/mspress/companion/0-7356-2187-X/" rel="nofollow" href="http://www.microsoft.com/mspress/companion/0-7356-2187-X/">http://www.microsoft.com/mspress/companion/0-7356-2187-X/</a><br>HackBar (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/firefox/3899/" rel="nofollow" href="https://addons.mozilla.org/firefox/3899/">https://addons.mozilla.org/firefox/3899/</a><br>Net-Force Tools (NF-Tools, Firefox Add-on) - <a class="external free" title="http://www.net-force.nl/library/downloads/" rel="nofollow" href="http://www.net-force.nl/library/downloads/">http://www.net-force.nl/library/downloads/</a><br>PostIntercepter (Greasemonkey script) - <a class="external free" title="http://userscripts.org/scripts/show/743" rel="nofollow" href="http://userscripts.org/scripts/show/743">http://userscripts.org/scripts/show/743</a></p>
<p><a name="HTTP_general_testing_.2F_fingerprinting"></a></p>
<h2><span class="mw-headline">HTTP general testing / fingerprinting</span></h2>
<p>Wbox: HTTP testing tool - <a class="external free" title="http://hping.org/wbox/" rel="nofollow" href="http://hping.org/wbox/">http://hping.org/wbox/</a><br>ht://Check - <a class="external free" title="http://htcheck.sourceforge.net/" rel="nofollow" href="http://htcheck.sourceforge.net/">http://htcheck.sourceforge.net/</a><br>Mumsie - <a class="external free" title="http://www.lurhq.com/tools/mumsie.html" rel="nofollow" href="http://www.lurhq.com/tools/mumsie.html">http://www.lurhq.com/tools/mumsie.html</a><br>WebInject - <a class="external free" title="http://www.webinject.org/" rel="nofollow" href="http://www.webinject.org/">http://www.webinject.org/</a><br>Torture.pl Home Page - <a class="external free" title="http://stein.cshl.org/~lstein/torture/" rel="nofollow" href="http://stein.cshl.org/~lstein/torture/">http://stein.cshl.org/~lstein/torture/</a><br>JoeDog's Seige - <a class="external free" title="http://www.joedog.org/JoeDog/Siege/" rel="nofollow" href="http://www.joedog.org/JoeDog/Siege/">http://www.joedog.org/JoeDog/Siege/</a><br>OPEN-LABS: metoscan (http method testing) - <a class="external free" title="http://www.open-labs.org/" rel="nofollow" href="http://www.open-labs.org/">http://www.open-labs.org/</a><br>Load-balancing detector - <a class="external free" title="http://ge.mine.nu/lbd.html" rel="nofollow" href="http://ge.mine.nu/lbd.html">http://ge.mine.nu/lbd.html</a><br>HMAP - <a class="external free" title="http://ujeni.murkyroc.com/hmap/" rel="nofollow" href="http://ujeni.murkyroc.com/hmap/">http://ujeni.murkyroc.com/hmap/</a><br>Net-Square: httprint - <a class="external free" title="http://net-square.com/httprint/" rel="nofollow" href="http://net-square.com/httprint/">http://net-square.com/httprint/</a><br>Wpoison: http stress testing - <a class="external free" title="http://wpoison.sourceforge.net/" rel="nofollow" href="http://wpoison.sourceforge.net/">http://wpoison.sourceforge.net/</a><br>Net-square: MSNPawn - <a class="external free" title="http://net-square.com/msnpawn/index.shtml" rel="nofollow" href="http://net-square.com/msnpawn/index.shtml">http://net-square.com/msnpawn/index.shtml</a><br>hcraft: HTTP Vuln Request Crafter - <a class="external free" title="http://druid.caughq.org/projects/hcraft/" rel="nofollow" href="http://druid.caughq.org/projects/hcraft/">http://druid.caughq.org/projects/hcraft/</a><br>rfp.labs: LibWhisker - <a class="external free" title="http://www.wiretrip.net/rfp/lw.asp" rel="nofollow" href="http://www.wiretrip.net/rfp/lw.asp">http://www.wiretrip.net/rfp/lw.asp</a><br>Nikto - <a class="external free" title="http://www.cirt.net/code/nikto.shtml" rel="nofollow" href="http://www.cirt.net/code/nikto.shtml">http://www.cirt.net/code/nikto.shtml</a><br>twill - <a class="external free" title="http://twill.idyll.org/" rel="nofollow" href="http://twill.idyll.org/">http://twill.idyll.org/</a><br>DirBuster - <a class="external free" title="http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project" rel="nofollow" href="http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project">http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project</a><br>[ZIP] DFF Scanner - <a class="external free" title="http://security-net.biz/files/dff/DFF.zip" rel="nofollow" href="http://security-net.biz/files/dff/DFF.zip">http://security-net.biz/files/dff/DFF.zip</a><br>[ZIP] The Elza project - <a class="external free" title="http://packetstormsecurity.org/web/elza-1.4.7-beta.zip" rel="nofollow" href="http://packetstormsecurity.org/web/elza-1.4.7-beta.zip">http://packetstormsecurity.org/web/elza-1.4.7-beta.zip</a> <a class="external free" title="http://www.stoev.org/elza.html" rel="nofollow" href="http://www.stoev.org/elza.html">http://www.stoev.org/elza.html</a><br>HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled - <a class="external free" title="http://sf.net/projects/hackfox" rel="nofollow" href="http://sf.net/projects/hackfox">http://sf.net/projects/hackfox</a> </p>
<p><a name="Browser-based_HTTP_tampering_.2F_editing_.2F_replaying"></a></p>
<h2><span class="mw-headline">Browser-based HTTP tampering / editing / replaying</span></h2>
<p>TamperIE - <a class="external free" title="http://www.bayden.com/Other/" rel="nofollow" href="http://www.bayden.com/Other/">http://www.bayden.com/Other/</a><br>isr-form - <a class="external free" title="http://www.infobyte.com.ar/developments.html" rel="nofollow" href="http://www.infobyte.com.ar/developments.html">http://www.infobyte.com.ar/developments.html</a><br>Modify Headers (Firefox Add-on) - <a class="external free" title="http://modifyheaders.mozdev.org/" rel="nofollow" href="http://modifyheaders.mozdev.org/">http://modifyheaders.mozdev.org/</a><br>Tamper Data (Firefox Add-on) - <a class="external free" title="http://tamperdata.mozdev.org/" rel="nofollow" href="http://tamperdata.mozdev.org/">http://tamperdata.mozdev.org/</a><br>UrlParams (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/1290/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/1290/">https://addons.mozilla.org/en-US/firefox/addon/1290/</a><br>TestGen4Web (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/1385/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/1385/">https://addons.mozilla.org/en-US/firefox/addon/1385/</a><br>DOM Inspector / Inspect This (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/1806/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/1806/">https://addons.mozilla.org/en-US/firefox/addon/1806/</a> <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/1913/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/1913/">https://addons.mozilla.org/en-US/firefox/addon/1913/</a><br>LiveHTTPHeaders / Header Monitor (Firefox Add-on) - <a class="external free" title="http://livehttpheaders.mozdev.org/" rel="nofollow" href="http://livehttpheaders.mozdev.org/">http://livehttpheaders.mozdev.org/</a> <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/575/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/575/">https://addons.mozilla.org/en-US/firefox/addon/575/</a></p>
<p><a name="Cookie_editing_.2F_poisoning"></a></p>
<h2><span class="mw-headline">Cookie editing / poisoning</span></h2>
<p>[TGZ] stompy: session id tool - <a class="external free" title="http://lcamtuf.coredump.cx/stompy.tgz" rel="nofollow" href="http://lcamtuf.coredump.cx/stompy.tgz">http://lcamtuf.coredump.cx/stompy.tgz</a><br>Add'N Edit Cookies (AnEC, Firefox Add-on) - <a class="external free" title="http://addneditcookies.mozdev.org/" rel="nofollow" href="http://addneditcookies.mozdev.org/">http://addneditcookies.mozdev.org/</a><br>CookieCuller (Firefox Add-on) - <a class="external free" title="http://cookieculler.mozdev.org/" rel="nofollow" href="http://cookieculler.mozdev.org/">http://cookieculler.mozdev.org/</a><br>CookiePie (Firefox Add-on) - <a class="external free" title="http://www.nektra.com/oss/firefox/extensions/cookiepie/" rel="nofollow" href="http://www.nektra.com/oss/firefox/extensions/cookiepie/">http://www.nektra.com/oss/firefox/extensions/cookiepie/</a><br>CookieSpy - <a class="external free" title="http://www.codeproject.com/shell/cookiespy.asp" rel="nofollow" href="http://www.codeproject.com/shell/cookiespy.asp">http://www.codeproject.com/shell/cookiespy.asp</a><br>Cookies Explorer - <a class="external free" title="http://www.dutchduck.com/Features/Cookies.aspx" rel="nofollow" href="http://www.dutchduck.com/Features/Cookies.aspx">http://www.dutchduck.com/Features/Cookies.aspx</a></p>
<p><a name="Ajax_and_XHR_scanning"></a></p>
<h2><span class="mw-headline">Ajax and XHR scanning</span></h2>
<p>Sahi - <a class="external free" title="http://sahi.co.in/" rel="nofollow" href="http://sahi.co.in/">http://sahi.co.in/</a><br>scRUBYt - <a class="external free" title="http://scrubyt.org/" rel="nofollow" href="http://scrubyt.org/">http://scrubyt.org/</a><br>jQuery - <a class="external free" title="http://jquery.com/" rel="nofollow" href="http://jquery.com/">http://jquery.com/</a><br>jquery-include - <a class="external free" title="http://www.gnucitizen.org/projects/jquery-include" rel="nofollow" href="http://www.gnucitizen.org/projects/jquery-include">http://www.gnucitizen.org/projects/jquery-include</a><br>Sprajax - <a class="external free" title="http://www.denimgroup.com/sprajax.html" rel="nofollow" href="http://www.denimgroup.com/sprajax.html">http://www.denimgroup.com/sprajax.html</a><br>Watir - <a class="external free" title="http://wtr.rubyforge.org/" rel="nofollow" href="http://wtr.rubyforge.org/">http://wtr.rubyforge.org/</a><br>Watij - <a class="external free" title="http://watij.com/" rel="nofollow" href="http://watij.com/">http://watij.com/</a><br>Watin - <a class="external free" title="http://watin.sourceforge.net/" rel="nofollow" href="http://watin.sourceforge.net/">http://watin.sourceforge.net/</a><br>RBNarcissus - <a class="external free" title="http://idontsmoke.co.uk/2005/rbnarcissus/" rel="nofollow" href="http://idontsmoke.co.uk/2005/rbnarcissus/">http://idontsmoke.co.uk/2005/rbnarcissus/</a><br>SpiderTest (Spider Fuzz plugin) - <a class="external free" title="http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin" rel="nofollow" href="http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin">http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin</a><br>Javascript Inline Debugger (jasildbg) - <a class="external free" title="http://jasildbg.googlepages.com/" rel="nofollow" href="http://jasildbg.googlepages.com/">http://jasildbg.googlepages.com/</a><br>Firebug Lite - <a class="external free" title="http://www.getfirebug.com/lite.html" rel="nofollow" href="http://www.getfirebug.com/lite.html">http://www.getfirebug.com/lite.html</a><br>firewaitr - <a class="external free" title="http://code.google.com/p/firewatir/" rel="nofollow" href="http://code.google.com/p/firewatir/">http://code.google.com/p/firewatir/</a></p>
<p><a name="RSS_extensions_and_caching"></a></p>
<h2><span class="mw-headline">RSS extensions and caching</span></h2>
<p>LiveLines (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/324/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/324/">https://addons.mozilla.org/en-US/firefox/addon/324/</a><br>rss-cache - <a class="external free" title="http://www.dubfire.net/chris/projects/rss-cache/" rel="nofollow" href="http://www.dubfire.net/chris/projects/rss-cache/">http://www.dubfire.net/chris/projects/rss-cache/</a></p>
<p><a name="SQL_injection_scanning"></a></p>
<h2><span class="mw-headline">SQL injection scanning</span></h2>
<p>0x90.org: home of Absinthe, Mezcal, etc - <a class="external free" title="http://0x90.org/releases.php" rel="nofollow" href="http://0x90.org/releases.php">http://0x90.org/releases.php</a><br>SQLiX - <a class="external free" title="http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project" rel="nofollow" href="http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project">http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project</a><br>sqlninja: a SQL Server injection and takover tool - <a class="external free" title="http://sqlninja.sourceforge.net/" rel="nofollow" href="http://sqlninja.sourceforge.net/">http://sqlninja.sourceforge.net/</a><br>JustinClarke's SQL Brute - <a class="external free" title="http://www.justinclarke.com/archives/2006/03/sqlbrute.html" rel="nofollow" href="http://www.justinclarke.com/archives/2006/03/sqlbrute.html">http://www.justinclarke.com/archives/2006/03/sqlbrute.html</a><br>BobCat - <a class="external free" title="http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html" rel="nofollow" href="http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html">http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html</a><br>sqlmap - <a class="external free" title="http://sqlmap.sourceforge.net/" rel="nofollow" href="http://sqlmap.sourceforge.net/">http://sqlmap.sourceforge.net/</a><br>Scully: SQL Server DB Front-End and Brute-Forcer - <a class="external free" title="http://www.sensepost.com/research/scully/" rel="nofollow" href="http://www.sensepost.com/research/scully/">http://www.sensepost.com/research/scully/</a><br>FG-Injector - <a class="external free" title="http://www.flowgate.net/?lang=en&seccion=herramientas" rel="nofollow" href="http://www.flowgate.net/?lang=en&seccion=herramientas">http://www.flowgate.net/?lang=en&seccion=herramientas</a><br>PRIAMOS - <a class="external free" title="http://www.priamos-project.com/" rel="nofollow" href="http://www.priamos-project.com/">http://www.priamos-project.com/</a></p>
<p><a name="Web_application_security_malware.2C_backdoors.2C_and_evil_code"></a></p>
<h2><span class="mw-headline">Web application security malware, backdoors, and evil code</span></h2>
<p>W3AF: Web Application Attack and Audit Framework - <a class="external free" title="http://w3af.sourceforge.net/" rel="nofollow" href="http://w3af.sourceforge.net/">http://w3af.sourceforge.net/</a><br>Jikto - <a class="external free" title="http://busin3ss.name/jikto-in-the-wild/" rel="nofollow" href="http://busin3ss.name/jikto-in-the-wild/">http://busin3ss.name/jikto-in-the-wild/</a><br>XSS Shell - <a class="external free" title="http://ferruh.mavituna.com/article/?1338" rel="nofollow" href="http://ferruh.mavituna.com/article/?1338">http://ferruh.mavituna.com/article/?1338</a><br>XSS-Proxy - <a class="external free" title="http://xss-proxy.sourceforge.net" rel="nofollow" href="http://xss-proxy.sourceforge.net/">http://xss-proxy.sourceforge.net</a><br>AttackAPI - <a class="external free" title="http://www.gnucitizen.org/projects/attackapi/" rel="nofollow" href="http://www.gnucitizen.org/projects/attackapi/">http://www.gnucitizen.org/projects/attackapi/</a><br>FFsniFF - <a class="external free" title="http://azurit.elbiahosting.sk/ffsniff/" rel="nofollow" href="http://azurit.elbiahosting.sk/ffsniff/">http://azurit.elbiahosting.sk/ffsniff/</a><br>HoneyBlog's web-based junkyard - <a class="external free" title="http://honeyblog.org/junkyard/web-based/" rel="nofollow" href="http://honeyblog.org/junkyard/web-based/">http://honeyblog.org/junkyard/web-based/</a><br>BeEF - <a class="external free" title="http://www.bindshell.net/tools/beef/" rel="nofollow" href="http://www.bindshell.net/tools/beef/">http://www.bindshell.net/tools/beef/</a><br>Firefox Extension Scanner (FEX) - <a class="external free" title="http://www.gnucitizen.org/projects/fex/" rel="nofollow" href="http://www.gnucitizen.org/projects/fex/">http://www.gnucitizen.org/projects/fex/</a><br>What is my IP address? - <a class="external free" title="http://reglos.de/myaddress/" rel="nofollow" href="http://reglos.de/myaddress/">http://reglos.de/myaddress/</a><br>xRumer: blogspam automation tool - <a class="external free" title="http://www.botmaster.net/movies/XFull.htm" rel="nofollow" href="http://www.botmaster.net/movies/XFull.htm">http://www.botmaster.net/movies/XFull.htm</a><br>SpyJax - <a class="external free" title="http://www.merchantos.com/makebeta/tools/spyjax/" rel="nofollow" href="http://www.merchantos.com/makebeta/tools/spyjax/">http://www.merchantos.com/makebeta/tools/spyjax/</a><br>Greasecarnaval - <a class="external free" title="http://www.gnucitizen.org/projects/greasecarnaval" rel="nofollow" href="http://www.gnucitizen.org/projects/greasecarnaval">http://www.gnucitizen.org/projects/greasecarnaval</a><br>Technika - <a class="external free" title="http://www.gnucitizen.org/projects/technika/" rel="nofollow" href="http://www.gnucitizen.org/projects/technika/">http://www.gnucitizen.org/projects/technika/</a><br>Load-AttackAPI bookmarklet - <a class="external free" title="http://www.gnucitizen.org/projects/load-attackapi-bookmarklet" rel="nofollow" href="http://www.gnucitizen.org/projects/load-attackapi-bookmarklet">http://www.gnucitizen.org/projects/load-attackapi-bookmarklet</a><br>MD's Projects: JS port scanner, pinger, backdoors, etc - <a class="external free" title="http://michaeldaw.org/my-projects/" rel="nofollow" href="http://michaeldaw.org/my-projects/">http://michaeldaw.org/my-projects/</a></p>
<p><a name="Web_application_services_that_aid_in_web_application_security_assessment"></a></p>
<h2><span class="mw-headline">Web application services that aid in web application security assessment</span></h2>
<p>Netcraft - <a class="external free" title="http://www.netcraft.net" rel="nofollow" href="http://www.netcraft.net/">http://www.netcraft.net</a><br>AboutURL - <a class="external free" title="http://www.abouturl.com/" rel="nofollow" href="http://www.abouturl.com/">http://www.abouturl.com/</a><br>The Scrutinizer - <a class="external free" title="http://www.scrutinizethis.com/" rel="nofollow" href="http://www.scrutinizethis.com/">http://www.scrutinizethis.com/</a><br>net.toolkit - <a class="external free" title="http://clez.net/" rel="nofollow" href="http://clez.net/">http://clez.net/</a><br>ServerSniff - <a class="external free" title="http://www.serversniff.net/" rel="nofollow" href="http://www.serversniff.net/">http://www.serversniff.net/</a><br>Online Microsoft script decoder - <a class="external free" title="http://www.greymagic.com/security/tools/decoder/" rel="nofollow" href="http://www.greymagic.com/security/tools/decoder/">http://www.greymagic.com/security/tools/decoder/</a><br>Webmaster-Toolkit - <a class="external free" title="http://www.webmaster-toolkit.com/" rel="nofollow" href="http://www.webmaster-toolkit.com/">http://www.webmaster-toolkit.com/</a><br>myIPNeighbbors, et al - <a class="external free" title="http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address" rel="nofollow" href="http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address">http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address</a><br>PHP charset encoding - <a class="external free" title="http://h4k.in/encoding" rel="nofollow" href="http://h4k.in/encoding">http://h4k.in/encoding</a><br>data: URL testcases - <a class="external free" title="http://h4k.in/dataurl" rel="nofollow" href="http://h4k.in/dataurl">http://h4k.in/dataurl</a></p>
<p><a name="Browser-based_security_fuzzing_.2F_checking"></a></p>
<h2><span class="mw-headline">Browser-based security fuzzing / checking</span></h2>
<p>Zalewski's MangleMe - <a class="external free" title="http://lcamtuf.coredump.cx/mangleme/mangle.cgi" rel="nofollow" href="http://lcamtuf.coredump.cx/mangleme/mangle.cgi">http://lcamtuf.coredump.cx/mangleme/mangle.cgi</a><br>hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - <a class="external free" title="http://metasploit.com/users/hdm/tools/" rel="nofollow" href="http://metasploit.com/users/hdm/tools/">http://metasploit.com/users/hdm/tools/</a><br>Peach Fuzzer Framework - <a class="external free" title="http://peachfuzz.sourceforge.net/" rel="nofollow" href="http://peachfuzz.sourceforge.net/">http://peachfuzz.sourceforge.net/</a><br>TagBruteForcer - <a class="external free" title="http://research.eeye.com/html/tools/RT20060801-3.html" rel="nofollow" href="http://research.eeye.com/html/tools/RT20060801-3.html">http://research.eeye.com/html/tools/RT20060801-3.html</a><br>PROTOS Test-Suite: c05-http-reply - <a class="external free" title="http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html" rel="nofollow" href="http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html">http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html</a><br>COMRaider - <a class="external free" title="http://labs.idefense.com" rel="nofollow" href="http://labs.idefense.com/">http://labs.idefense.com</a><br>bcheck - <a class="external free" title="http://bcheck.scanit.be/bcheck/" rel="nofollow" href="http://bcheck.scanit.be/bcheck/">http://bcheck.scanit.be/bcheck/</a><br>Stop-Phishing: Projects page - <a class="external free" title="http://www.indiana.edu/~phishing/?projects" rel="nofollow" href="http://www.indiana.edu/~phishing/?projects">http://www.indiana.edu/~phishing/?projects</a><br>LinkScanner - <a class="external free" title="http://linkscanner.explabs.com/linkscanner/default.asp" rel="nofollow" href="http://linkscanner.explabs.com/linkscanner/default.asp">http://linkscanner.explabs.com/linkscanner/default.asp</a><br>BrowserCheck - <a class="external free" title="http://www.heise-security.co.uk/services/browsercheck/" rel="nofollow" href="http://www.heise-security.co.uk/services/browsercheck/">http://www.heise-security.co.uk/services/browsercheck/</a><br>Cross-browser Exploit Tests - <a class="external free" title="http://www.jungsonnstudios.com/cool.php" rel="nofollow" href="http://www.jungsonnstudios.com/cool.php">http://www.jungsonnstudios.com/cool.php</a><br>Stealing information using DNS pinning demo - <a class="external free" title="http://www.jumperz.net/index.php?i=2&a=1&b=7" rel="nofollow" href="http://www.jumperz.net/index.php?i=2&a=1&b=7">http://www.jumperz.net/index.php?i=2&a=1&b=7</a><br>Javascript Website Login Checker - <a class="external free" title="http://ha.ckers.org/weird/javascript-website-login-checker.html" rel="nofollow" href="http://ha.ckers.org/weird/javascript-website-login-checker.html">http://ha.ckers.org/weird/javascript-website-login-checker.html</a><br>Mozilla Activex - <a class="external free" title="http://www.iol.ie/~locka/mozilla/mozilla.htm" rel="nofollow" href="http://www.iol.ie/~locka/mozilla/mozilla.htm">http://www.iol.ie/~locka/mozilla/mozilla.htm</a><br>Jungsonn's Black Dragon Project - <a class="external free" title="http://blackdragon.jungsonnstudios.com/" rel="nofollow" href="http://blackdragon.jungsonnstudios.com/">http://blackdragon.jungsonnstudios.com/</a><br>Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - <a class="external free" title="http://ha.ckers.org/mr-t/" rel="nofollow" href="http://ha.ckers.org/mr-t/">http://ha.ckers.org/mr-t/</a><br>Vulnerable Adobe Plugin Detection For UXSS PoC - <a class="external free" title="http://www.0x000000.com/?i=324" rel="nofollow" href="http://www.0x000000.com/?i=324">http://www.0x000000.com/?i=324</a><br>About Flash: is your flash up-to-date? - <a class="external free" title="http://www.macromedia.com/software/flash/about/" rel="nofollow" href="http://www.macromedia.com/software/flash/about/">http://www.macromedia.com/software/flash/about/</a><br>Test your installation of Java software - <a class="external free" title="http://java.com/en/download/installed.jsp?detect=jre&try=1" rel="nofollow" href="http://java.com/en/download/installed.jsp?detect=jre&try=1">http://java.com/en/download/installed.jsp?detect=jre&try=1</a><br>WebPageFingerprint - Light-weight Greasemonkey Fuzzer - <a class="external free" title="http://userscripts.org/scripts/show/30285" rel="nofollow" href="http://userscripts.org/scripts/show/30285">http://userscripts.org/scripts/show/30285</a> </p>
<p><a name="PHP_static_analysis_and_file_inclusion_scanning"></a></p>
<h2><span class="mw-headline">PHP static analysis and file inclusion scanning</span></h2>
<p>PHP-SAT.org: Static analysis for PHP - <a class="external free" title="http://www.program-transformation.org/PHP/" rel="nofollow" href="http://www.program-transformation.org/PHP/">http://www.program-transformation.org/PHP/</a><br>Unl0ck Research Team: tool for searching in google for include bugs - <a class="external free" title="http://unl0ck.net/tools.php" rel="nofollow" href="http://unl0ck.net/tools.php">http://unl0ck.net/tools.php</a><br>FIS: File Inclusion Scanner - <a class="external free" title="http://www.segfault.gr/index.php?cat_id=3&cont_id=25" rel="nofollow" href="http://www.segfault.gr/index.php?cat_id=3&cont_id=25">http://www.segfault.gr/index.php?cat_id=3&cont_id=25</a><br>PHPSecAudit - <a class="external free" title="http://developer.spikesource.com/projects/phpsecaudit" rel="nofollow" href="http://developer.spikesource.com/projects/phpsecaudit">http://developer.spikesource.com/projects/phpsecaudit</a></p>
<p><a name="PHP_Defensive_Tools"></a></p>
<h2><span class="mw-headline">PHP Defensive Tools</span></h2>
<p>PHPInfoSec - Check phpinfo configuration for security - <a class="external free" title="http://phpsec.org/projects/phpsecinfo/" rel="nofollow" href="http://phpsec.org/projects/phpsecinfo/">http://phpsec.org/projects/phpsecinfo/</a> </p>
<p>A Greasemonkey Replacement can be found at <a class="external free" title="http://yehg.net/lab/#tools.greasemonkey" rel="nofollow" href="http://yehg.net/lab/#tools.greasemonkey">http://yehg.net/lab/#tools.greasemonkey</a> </p>
<p><br>Php-Brute-Force-Attack Detector - Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. <a class="external free" title="http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip" rel="nofollow" href="http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip">http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip</a> </p>
<p><br>PHP-Login-Info-Checker - Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlic </p>
<p><a class="external free" title="http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip" rel="nofollow" href="http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip">http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip</a> </p>
<p><a class="external free" title="http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip" rel="nofollow" href="http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip">http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip</a> </p>
<p><br>php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. <a class="external free" title="http://code.google.com/p/ddos-shield/" rel="nofollow" href="http://code.google.com/p/ddos-shield/">http://code.google.com/p/ddos-shield/</a> </p>
<p><br>PHPMySpamFIGHTER - <a class="external free" title="http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip" rel="nofollow" href="http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip">http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip</a> <a class="external free" title="http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar" rel="nofollow" href="http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar">http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar</a> </p>
<p><a name="Web_Application_Firewall_.28WAF.29_and_Intrusion_Detection_.28APIDS.29_rules_and_resources"></a></p>
<h2><span class="mw-headline">Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources</span></h2>
<p>APIDS on Wikipedia - <a class="external free" title="http://en.wikipedia.org/wiki/APIDS" rel="nofollow" href="http://en.wikipedia.org/wiki/APIDS">http://en.wikipedia.org/wiki/APIDS</a><br>PHP Intrusion Detection System (PHP-IDS) - <a class="external free" title="http://php-ids.org/" rel="nofollow" href="http://php-ids.org/">http://php-ids.org/</a> <a class="external free" title="http://code.google.com/p/phpids/" rel="nofollow" href="http://code.google.com/p/phpids/">http://code.google.com/p/phpids/</a><br>dotnetids - <a class="external free" title="http://code.google.com/p/dotnetids/" rel="nofollow" href="http://code.google.com/p/dotnetids/">http://code.google.com/p/dotnetids/</a><br>Secure Science InterScout - <a class="external free" title="http://www.securescience.com/home/newsandevents/news/interscout1.0.html" rel="nofollow" href="http://www.securescience.com/home/newsandevents/news/interscout1.0.html">http://www.securescience.com/home/newsandevents/news/interscout1.0.html</a><br>Remo: whitelist rule editor for mod_security - <a class="external free" title="http://remo.netnea.com/" rel="nofollow" href="http://remo.netnea.com/">http://remo.netnea.com/</a><br>GotRoot: ModSecuirty rules - <a class="external free" title="http://www.gotroot.com/tiki-index.php?page=mod_security+rules" rel="nofollow" href="http://www.gotroot.com/tiki-index.php?page=mod_security+rules">http://www.gotroot.com/tiki-index.php?page=mod_security+rules</a><br>The Web Security Gateway (WSGW) - <a class="external free" title="http://wsgw.sourceforge.net/" rel="nofollow" href="http://wsgw.sourceforge.net/">http://wsgw.sourceforge.net/</a><br>mod_security rules generator - <a class="external free" title="http://noeljackson.com/tools/modsecurity/" rel="nofollow" href="http://noeljackson.com/tools/modsecurity/">http://noeljackson.com/tools/modsecurity/</a><br>Mod_Anti_Tamper - <a class="external free" title="http://www.wisec.it/projects.php?id=3" rel="nofollow" href="http://www.wisec.it/projects.php?id=3">http://www.wisec.it/projects.php?id=3</a><br>[TGZ] Automatic Rules Generation for Mod_Security - <a class="external free" title="http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz" rel="nofollow" href="http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz">http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz</a><br>AQTRONIX WebKnight - <a class="external free" title="http://www.aqtronix.com/?PageID=99" rel="nofollow" href="http://www.aqtronix.com/?PageID=99">http://www.aqtronix.com/?PageID=99</a><br>Akismet: blog spam defense - <a class="external free" title="http://akismet.com/" rel="nofollow" href="http://akismet.com/">http://akismet.com/</a><br>Samoa: Formal tools for securing web services - <a class="external free" title="http://research.microsoft.com/projects/samoa/" rel="nofollow" href="http://research.microsoft.com/projects/samoa/">http://research.microsoft.com/projects/samoa/</a></p>
<p><a name="Web_services_enumeration_.2F_scanning_.2F_fuzzing"></a></p>
<h2><span class="mw-headline">Web services enumeration / scanning / fuzzing</span></h2>
<p>WebServiceStudio2.0 - <a class="external free" title="http://www.codeplex.com/WebserviceStudio" rel="nofollow" href="http://www.codeplex.com/WebserviceStudio">http://www.codeplex.com/WebserviceStudio</a><br>Net-square: wsChess - <a class="external free" title="http://net-square.com/wschess/index.shtml" rel="nofollow" href="http://net-square.com/wschess/index.shtml">http://net-square.com/wschess/index.shtml</a><br>WSFuzzer - <a class="external free" title="http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project" rel="nofollow" href="http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project">http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project</a><br>SIFT: web method search tool - <a class="external free" title="http://www.sift.com.au/73/171/sift-web-method-search-tool.htm" rel="nofollow" href="http://www.sift.com.au/73/171/sift-web-method-search-tool.htm">http://www.sift.com.au/73/171/sift-web-method-search-tool.htm</a><br>iSecPartners: WSMap, WSBang, etc - <a class="external free" title="http://www.isecpartners.com/tools.html" rel="nofollow" href="http://www.isecpartners.com/tools.html">http://www.isecpartners.com/tools.html</a></p>
<p><a name="Web_application_non-specific_static_source-code_analysis"></a></p>
<h2><span class="mw-headline">Web application non-specific static source-code analysis</span></h2>
<p>Pixy: a static analysis tool for detecting XSS vulnerabilities - <a class="external free" title="http://www.seclab.tuwien.ac.at/projects/pixy/" rel="nofollow" href="http://www.seclab.tuwien.ac.at/projects/pixy/">http://www.seclab.tuwien.ac.at/projects/pixy/</a><br>Brixoft.Net: Source Edit - <a class="external free" title="http://www.brixoft.net/prodinfo.asp?id=1" rel="nofollow" href="http://www.brixoft.net/prodinfo.asp?id=1">http://www.brixoft.net/prodinfo.asp?id=1</a><br>Security compass web application auditing tools (SWAAT) - <a class="external free" title="http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project" rel="nofollow" href="http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project">http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project</a><br>An even more complete list here - <a class="external free" title="http://www.cs.cmu.edu/~aldrich/courses/654/tools/" rel="nofollow" href="http://www.cs.cmu.edu/~aldrich/courses/654/tools/">http://www.cs.cmu.edu/~aldrich/courses/654/tools/</a><br>A nice list that claims some demos available - <a class="external free" title="http://www.cs.cmu.edu/~aldrich/courses/413/tools.html" rel="nofollow" href="http://www.cs.cmu.edu/~aldrich/courses/413/tools.html">http://www.cs.cmu.edu/~aldrich/courses/413/tools.html</a><br>A smaller, but also good list - <a class="external free" title="http://spinroot.com/static/" rel="nofollow" href="http://spinroot.com/static/">http://spinroot.com/static/</a></p>
<p><a name="Static_analysis_for_C.2FC.2B.2B_.28CGI.2C_ISAPI.2C_etc.29_in_web_applications"></a></p>
<h2><span class="mw-headline">Static analysis for C/C++ (CGI, ISAPI, etc) in web applications</span></h2>
<p>RATS - <a class="external free" title="http://www.securesoftware.com/resources/download_rats.html" rel="nofollow" href="http://www.securesoftware.com/resources/download_rats.html">http://www.securesoftware.com/resources/download_rats.html</a><br>ITS4 - <a class="external free" title="http://www.cigital.com/its4/" rel="nofollow" href="http://www.cigital.com/its4/">http://www.cigital.com/its4/</a><br>FlawFinder - <a class="external free" title="http://www.dwheeler.com/flawfinder/" rel="nofollow" href="http://www.dwheeler.com/flawfinder/">http://www.dwheeler.com/flawfinder/</a><br>Splint - <a class="external free" title="http://www.splint.org/" rel="nofollow" href="http://www.splint.org/">http://www.splint.org/</a><br>Uno - <a class="external free" title="http://spinroot.com/uno/" rel="nofollow" href="http://spinroot.com/uno/">http://spinroot.com/uno/</a><br>BOON (Buffer Overrun detectiON) - <a class="external free" title="http://www.cs.berkeley.edu/~daw/boon/" rel="nofollow" href="http://www.cs.berkeley.edu/~daw/boon/">http://www.cs.berkeley.edu/~daw/boon/</a> <a class="external free" title="http://boon.sourceforge.net" rel="nofollow" href="http://boon.sourceforge.net/">http://boon.sourceforge.net</a><br>Valgrind - <a class="external free" title="http://www.valgrind.org/" rel="nofollow" href="http://www.valgrind.org/">http://www.valgrind.org/</a></p>
<p><a name="Java_static_analysis.2C_security_frameworks.2C_and_web_application_security_tools"></a></p>
<h2><span class="mw-headline">Java static analysis, security frameworks, and web application security tools</span></h2>
<p>LAPSE - <a class="external free" title="http://suif.stanford.edu/~livshits/work/lapse/" rel="nofollow" href="http://suif.stanford.edu/~livshits/work/lapse/">http://suif.stanford.edu/~livshits/work/lapse/</a> <br>HDIV Struts - <a class="external free" title="http://hdiv.org/" rel="nofollow" href="http://hdiv.org/">http://hdiv.org/</a><br>Orizon - <a class="external free" title="http://sourceforge.net/projects/orizon/" rel="nofollow" href="http://sourceforge.net/projects/orizon/">http://sourceforge.net/projects/orizon/</a><br>FindBugs: Find bugs in Java programs - <a class="external free" title="http://findbugs.sourceforge.net/" rel="nofollow" href="http://findbugs.sourceforge.net/">http://findbugs.sourceforge.net/</a><br>PMD - <a class="external free" title="http://pmd.sourceforge.net/" rel="nofollow" href="http://pmd.sourceforge.net/">http://pmd.sourceforge.net/</a><br>CUTE: A Concolic Unit Testing Engine for C and Java - <a class="external free" title="http://osl.cs.uiuc.edu/~ksen/cute/" rel="nofollow" href="http://osl.cs.uiuc.edu/~ksen/cute/">http://osl.cs.uiuc.edu/~ksen/cute/</a><br>EMMA - <a class="external free" title="http://emma.sourceforge.net/" rel="nofollow" href="http://emma.sourceforge.net/">http://emma.sourceforge.net/</a><br>JLint - <a class="external free" title="http://jlint.sourceforge.net/" rel="nofollow" href="http://jlint.sourceforge.net/">http://jlint.sourceforge.net/</a><br>Java PathFinder - <a class="external free" title="http://javapathfinder.sourceforge.net/" rel="nofollow" href="http://javapathfinder.sourceforge.net/">http://javapathfinder.sourceforge.net/</a><br>Fujaba: Move between UML and Java source code - <a class="external free" title="http://wwwcs.uni-paderborn.de/cs/fujaba/" rel="nofollow" href="http://wwwcs.uni-paderborn.de/cs/fujaba/">http://wwwcs.uni-paderborn.de/cs/fujaba/</a><br>Checkstyle - <a class="external free" title="http://checkstyle.sourceforge.net/" rel="nofollow" href="http://checkstyle.sourceforge.net/">http://checkstyle.sourceforge.net/</a><br>Cookie Revolver Security Framework - <a class="external free" title="http://sourceforge.net/projects/cookie-revolver" rel="nofollow" href="http://sourceforge.net/projects/cookie-revolver">http://sourceforge.net/projects/cookie-revolver</a><br>tinapoc - <a class="external free" title="http://sourceforge.net/projects/tinapoc" rel="nofollow" href="http://sourceforge.net/projects/tinapoc">http://sourceforge.net/projects/tinapoc</a><br>jarsigner - <a class="external free" title="http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html" rel="nofollow" href="http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html">http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html</a><br>Solex - <a class="external free" title="http://solex.sourceforge.net/" rel="nofollow" href="http://solex.sourceforge.net/">http://solex.sourceforge.net/</a><br>Java Explorer - <a class="external free" title="http://metal.hurlant.com/jexplore/" rel="nofollow" href="http://metal.hurlant.com/jexplore/">http://metal.hurlant.com/jexplore/</a><br>HTTPClient - <a class="external free" title="http://www.innovation.ch/java/HTTPClient/" rel="nofollow" href="http://www.innovation.ch/java/HTTPClient/">http://www.innovation.ch/java/HTTPClient/</a><br>another HttpClient - <a class="external free" title="http://jakarta.apache.org/commons/httpclient/" rel="nofollow" href="http://jakarta.apache.org/commons/httpclient/">http://jakarta.apache.org/commons/httpclient/</a><br>a list of code coverage and analysis tools for Java - <a class="external free" title="http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html" rel="nofollow" href="http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html">http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html</a></p>
<p><a name="Microsoft_.NET_static_analysis_and_security_framework_tools.2C_mostly_for_ASP.NET_and_ASP.NET_AJAX.2C_but_also_C.23_and_VB.NET"></a></p>
<h2><span class="mw-headline">Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET</span></h2>
<ul>
<li>Visual Studio 2008 Code Analysis, available in:
<ul>
<li>VSTS 2008 Development Edition (<a class="external free" title="http://msdn.microsoft.com/vsts2008/products/bb933752.aspx" rel="nofollow" href="http://msdn.microsoft.com/vsts2008/products/bb933752.aspx">http://msdn.microsoft.com/vsts2008/products/bb933752.aspx</a>) and </li>
<li>VSTS 2008 Team Suite (<a class="external free" title="http://msdn.microsoft.com/vsts2008/products/bb933735.aspx" rel="nofollow" href="http://msdn.microsoft.com/vsts2008/products/bb933735.aspx">http://msdn.microsoft.com/vsts2008/products/bb933735.aspx</a>) </li>
</ul>
</li>
<li>Visual Studio 2005 Code Analyzer, available in:
<ul>
<li>Visual Studio 2005 Team Edition for Software Developers (<a class="external free" title="http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx" rel="nofollow" href="http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx">http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx</a>) </li>
<li>Visual Studio 2005 Team Suite (<a class="external free" title="http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx" rel="nofollow" href="http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx">http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx</a>) </li>
</ul>
</li>
<li>Web Development Helper - <a class="external free" title="http://www.nikhilk.net/Project.WebDevHelper.aspx" rel="nofollow" href="http://www.nikhilk.net/Project.WebDevHelper.aspx">http://www.nikhilk.net/Project.WebDevHelper.aspx</a> </li>
<li>FxCop:
<ul>
<li>(blog) <a class="external free" title="http://blogs.msdn.com/fxcop/" rel="nofollow" href="http://blogs.msdn.com/fxcop/">http://blogs.msdn.com/fxcop/</a> </li>
<li>(download) <a class="external free" title="http://code.msdn.microsoft.com/codeanalysis" rel="nofollow" href="http://code.msdn.microsoft.com/codeanalysis">http://code.msdn.microsoft.com/codeanalysis</a> </li>
</ul>
</li>
<li>Microsoft internal tools you can't have yet:
<ul>
<li>
<a class="external free" title="http://www.microsoft.com/windows/cse/pa_projects.mspx" rel="nofollow" href="http://www.microsoft.com/windows/cse/pa_projects.mspx">http://www.microsoft.com/windows/cse/pa_projects.mspx</a> </li>
<li>
<a class="external free" title="http://research.microsoft.com/Pex/" rel="nofollow" href="http://research.microsoft.com/Pex/">http://research.microsoft.com/Pex/</a> </li>
<li><a class="external free" title="http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf" rel="nofollow" href="http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf">http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf</a></li>
</ul>
</li>
</ul>
<p><a name="Threat_modeling"></a></p>
<h2><span class="mw-headline">Threat modeling</span></h2>
<p>Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - <a class="external free" title="http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en" rel="nofollow" href="http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en">http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en</a><br>Amenaza: Attack Tree Modeling (SecurITree) - <a class="external free" title="http://www.amenaza.com/software.php" rel="nofollow" href="http://www.amenaza.com/software.php">http://www.amenaza.com/software.php</a><br>Octotrike - <a class="external free" title="http://www.octotrike.org/" rel="nofollow" href="http://www.octotrike.org/">http://www.octotrike.org/</a></p>
<p><a name="Add-ons_for_Firefox_that_help_with_general_web_application_security"></a></p>
<h2><span class="mw-headline">Add-ons for Firefox that help with general web application security</span></h2>
<p>Web Developer Toolbar - <a class="external free" title="https://addons.mozilla.org/firefox/60/" rel="nofollow" href="https://addons.mozilla.org/firefox/60/">https://addons.mozilla.org/firefox/60/</a><br>Plain Old Webserver (POW) - <a class="external free" title="https://addons.mozilla.org/firefox/3002/" rel="nofollow" href="https://addons.mozilla.org/firefox/3002/">https://addons.mozilla.org/firefox/3002/</a><br>XML Developer Toolbar - <a class="external free" title="https://addons.mozilla.org/firefox/2897/" rel="nofollow" href="https://addons.mozilla.org/firefox/2897/">https://addons.mozilla.org/firefox/2897/</a><br>Public Fox - <a class="external free" title="https://addons.mozilla.org/firefox/3911/" rel="nofollow" href="https://addons.mozilla.org/firefox/3911/">https://addons.mozilla.org/firefox/3911/</a><br>XForms Buddy - <a class="external free" title="http://beaufour.dk/index.php?sec=misc&pagename=xforms" rel="nofollow" href="http://beaufour.dk/index.php?sec=misc&pagename=xforms">http://beaufour.dk/index.php?sec=misc&pagename=xforms</a><br>MR Tech Local Install - <a class="external free" title="http://www.mrtech.com/extensions/local_install/" rel="nofollow" href="http://www.mrtech.com/extensions/local_install/">http://www.mrtech.com/extensions/local_install/</a><br>Nightly Tester Tools - <a class="external free" title="http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html" rel="nofollow" href="http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html">http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html</a><br>IE Tab - <a class="external free" title="https://addons.mozilla.org/firefox/1419/" rel="nofollow" href="https://addons.mozilla.org/firefox/1419/">https://addons.mozilla.org/firefox/1419/</a><br>User-Agent Switcher - <a class="external free" title="https://addons.mozilla.org/firefox/59/" rel="nofollow" href="https://addons.mozilla.org/firefox/59/">https://addons.mozilla.org/firefox/59/</a><br>ServerSwitcher - <a class="external free" title="https://addons.mozilla.org/firefox/2409/" rel="nofollow" href="https://addons.mozilla.org/firefox/2409/">https://addons.mozilla.org/firefox/2409/</a><br>HeaderMonitor - <a class="external free" title="https://addons.mozilla.org/firefox/575/" rel="nofollow" href="https://addons.mozilla.org/firefox/575/">https://addons.mozilla.org/firefox/575/</a><br>RefControl - <a class="external free" title="https://addons.mozilla.org/firefox/953/" rel="nofollow" href="https://addons.mozilla.org/firefox/953/">https://addons.mozilla.org/firefox/953/</a><br>refspoof - <a class="external free" title="https://addons.mozilla.org/firefox/667/" rel="nofollow" href="https://addons.mozilla.org/firefox/667/">https://addons.mozilla.org/firefox/667/</a><br>No-Referrer - <a class="external free" title="https://addons.mozilla.org/firefox/1999/" rel="nofollow" href="https://addons.mozilla.org/firefox/1999/">https://addons.mozilla.org/firefox/1999/</a><br>LocationBar^2 - <a class="external free" title="https://addons.mozilla.org/firefox/4014/" rel="nofollow" href="https://addons.mozilla.org/firefox/4014/">https://addons.mozilla.org/firefox/4014/</a><br>SpiderZilla - <a class="external free" title="http://spiderzilla.mozdev.org/" rel="nofollow" href="http://spiderzilla.mozdev.org/">http://spiderzilla.mozdev.org/</a><br>Slogger - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/143" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/143">https://addons.mozilla.org/en-US/firefox/addon/143</a><br>Fire Encrypter - <a class="external free" title="https://addons.mozilla.org/firefox/3208/" rel="nofollow" href="https://addons.mozilla.org/firefox/3208/">https://addons.mozilla.org/firefox/3208/</a></p>
<p><a name="Add-ons_for_Firefox_that_help_with_Javascript_and_Ajax_web_application_security"></a></p>
<h2><span class="mw-headline">Add-ons for Firefox that help with Javascript and Ajax web application security</span></h2>
<p>Selenium IDE - <a class="external free" title="http://www.openqa.org/selenium-ide/" rel="nofollow" href="http://www.openqa.org/selenium-ide/">http://www.openqa.org/selenium-ide/</a><br>Firebug - <a class="external free" title="http://www.joehewitt.com/software/firebug/" rel="nofollow" href="http://www.joehewitt.com/software/firebug/">http://www.joehewitt.com/software/firebug/</a><br>Venkman - <a class="external free" title="http://www.mozilla.org/projects/venkman/" rel="nofollow" href="http://www.mozilla.org/projects/venkman/">http://www.mozilla.org/projects/venkman/</a><br>Chickenfoot - <a class="external free" title="http://groups.csail.mit.edu/uid/chickenfoot/" rel="nofollow" href="http://groups.csail.mit.edu/uid/chickenfoot/">http://groups.csail.mit.edu/uid/chickenfoot/</a><br>Greasemonkey - <a class="external free" title="http://www.greasespot.net/" rel="nofollow" href="http://www.greasespot.net/">http://www.greasespot.net/</a><br>Greasemonkey compiler - <a class="external free" title="http://www.letitblog.com/greasemonkey-compiler/" rel="nofollow" href="http://www.letitblog.com/greasemonkey-compiler/">http://www.letitblog.com/greasemonkey-compiler/</a><br>User script compiler - <a class="external free" title="http://arantius.com/misc/greasemonkey/script-compiler" rel="nofollow" href="http://arantius.com/misc/greasemonkey/script-compiler">http://arantius.com/misc/greasemonkey/script-compiler</a><br>Extension Developer's Extension (Firefox Add-on) - <a class="external free" title="http://ted.mielczarek.org/code/mozilla/extensiondev/" rel="nofollow" href="http://ted.mielczarek.org/code/mozilla/extensiondev/">http://ted.mielczarek.org/code/mozilla/extensiondev/</a><br>Smart Middle Click (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/3885/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/3885/">https://addons.mozilla.org/en-US/firefox/addon/3885/</a></p>
<p><a name="Bookmarklets_that_aid_in_web_application_security"></a></p>
<h2><span class="mw-headline">Bookmarklets that aid in web application security</span></h2>
<p>RSnake's security bookmarklets - <a class="external free" title="http://ha.ckers.org/bookmarklets.html" rel="nofollow" href="http://ha.ckers.org/bookmarklets.html">http://ha.ckers.org/bookmarklets.html</a><br>BMlets - <a class="external free" title="http://optools.awardspace.com/bmlet.html" rel="nofollow" href="http://optools.awardspace.com/bmlet.html">http://optools.awardspace.com/bmlet.html</a><br>Huge list of bookmarklets - <a class="external free" title="http://www.squarefree.com/bookmarklets/" rel="nofollow" href="http://www.squarefree.com/bookmarklets/">http://www.squarefree.com/bookmarklets/</a><br>Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - <a class="external free" title="http://www.blummy.com/" rel="nofollow" href="http://www.blummy.com/">http://www.blummy.com/</a><br>Bookmarklets every blogger should have - <a class="external free" title="http://www.micropersuasion.com/2005/10/bookmarklets_ev.html" rel="nofollow" href="http://www.micropersuasion.com/2005/10/bookmarklets_ev.html">http://www.micropersuasion.com/2005/10/bookmarklets_ev.html</a><br>Flat Bookmark Editing (Firefox Add-on) - <a class="external free" title="http://n01se.net/chouser/proj/mozhack/" rel="nofollow" href="http://n01se.net/chouser/proj/mozhack/">http://n01se.net/chouser/proj/mozhack/</a><br>OpenBook and Update Bookmark (Firefox Add-ons) - <a class="external free" title="http://www.chuonthis.com/extensions/" rel="nofollow" href="http://www.chuonthis.com/extensions/">http://www.chuonthis.com/extensions/</a></p>
<p><a name="SSL_certificate_checking_.2F_scanning"></a></p>
<h2><span class="mw-headline">SSL certificate checking / scanning</span></h2>
<p>[ZIP] THCSSLCheck - <a class="external free" title="http://thc.org/root/tools/THCSSLCheck.zip" rel="nofollow" href="http://thc.org/root/tools/THCSSLCheck.zip">http://thc.org/root/tools/THCSSLCheck.zip</a><br>[ZIP] Foundstone SSLDigger - <a class="external free" title="http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip" rel="nofollow" href="http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip">http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip</a><br>Cert Viewer Plus (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/firefox/1964/" rel="nofollow" href="https://addons.mozilla.org/firefox/1964/">https://addons.mozilla.org/firefox/1964/</a></p>
<p><a name="Honeyclients.2C_Web_Application.2C_and_Web_Proxy_honeypots"></a></p>
<h2><span class="mw-headline">Honeyclients, Web Application, and Web Proxy honeypots</span></h2>
<p>Honeyclient Project: an open-source honeyclient - <a class="external free" title="http://www.honeyclient.org/trac/" rel="nofollow" href="http://www.honeyclient.org/trac/">http://www.honeyclient.org/trac/</a> <br>HoneyC: the low-interaction honeyclient - <a class="external free" title="http://honeyc.sourceforge.net/" rel="nofollow" href="http://honeyc.sourceforge.net/">http://honeyc.sourceforge.net/</a><br>Capture: a high-interaction honeyclient - <a class="external free" title="http://capture-hpc.sourceforge.net/" rel="nofollow" href="http://capture-hpc.sourceforge.net/">http://capture-hpc.sourceforge.net/</a><br>Google Hack Honeypot - <a class="external free" title="http://ghh.sourceforge.net/" rel="nofollow" href="http://ghh.sourceforge.net/">http://ghh.sourceforge.net/</a><br>PHP.Hop - PHP Honeynet Project - <a class="external free" title="http://www.rstack.org/phphop/" rel="nofollow" href="http://www.rstack.org/phphop/">http://www.rstack.org/phphop/</a><br>SpyBye - <a class="external free" title="http://www.monkey.org/~provos/spybye/" rel="nofollow" href="http://www.monkey.org/~provos/spybye/">http://www.monkey.org/~provos/spybye/</a><br>Honeytokens - <a class="external free" title="http://www.securityfocus.com/infocus/1713" rel="nofollow" href="http://www.securityfocus.com/infocus/1713">http://www.securityfocus.com/infocus/1713</a></p>
<p><a name="Blackhat_SEO_and_maybe_some_whitehat_SEO"></a></p>
<h2><span class="mw-headline">Blackhat SEO and maybe some whitehat SEO</span></h2>
<p>SearchStatus (Firefox Add-on) - <a class="external free" title="http://www.quirk.biz/searchstatus/" rel="nofollow" href="http://www.quirk.biz/searchstatus/">http://www.quirk.biz/searchstatus/</a><br>SEO for Firefox (Firefox Add-on) - <a class="external free" title="http://tools.seobook.com/firefox/seo-for-firefox.html" rel="nofollow" href="http://tools.seobook.com/firefox/seo-for-firefox.html">http://tools.seobook.com/firefox/seo-for-firefox.html</a><br>SEOQuake (Firefox Add-on) - <a class="external free" title="http://www.seoquake.com/" rel="nofollow" href="http://www.seoquake.com/">http://www.seoquake.com/</a></p>
<p><a name="Footprinting_for_web_application_security"></a></p>
<h2><span class="mw-headline">Footprinting for web application security</span></h2>
<p>Evolution - <a class="external free" title="http://www.paterva.com/evolution-e.html" rel="nofollow" href="http://www.paterva.com/evolution-e.html">http://www.paterva.com/evolution-e.html</a><br>GooSweep - <a class="external free" title="http://www.mcgrewsecurity.com/projects/goosweep/" rel="nofollow" href="http://www.mcgrewsecurity.com/projects/goosweep/">http://www.mcgrewsecurity.com/projects/goosweep/</a><br>Aura: Google API Utility Tools - <a class="external free" title="http://www.sensepost.com/research/aura/" rel="nofollow" href="http://www.sensepost.com/research/aura/">http://www.sensepost.com/research/aura/</a><br>Edge-Security tools - <a class="external free" title="http://www.edge-security.com/soft.php" rel="nofollow" href="http://www.edge-security.com/soft.php">http://www.edge-security.com/soft.php</a><br>Fierce Domain Scanner - <a class="external free" title="http://ha.ckers.org/fierce/" rel="nofollow" href="http://ha.ckers.org/fierce/">http://ha.ckers.org/fierce/</a><br>Googlegath - <a class="external free" title="http://www.nothink.org/perl/googlegath/" rel="nofollow" href="http://www.nothink.org/perl/googlegath/">http://www.nothink.org/perl/googlegath/</a><br>Advanced Dork (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/firefox/2144/" rel="nofollow" href="https://addons.mozilla.org/firefox/2144/">https://addons.mozilla.org/firefox/2144/</a><br>Passive Cache (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/firefox/977/" rel="nofollow" href="https://addons.mozilla.org/firefox/977/">https://addons.mozilla.org/firefox/977/</a><br>CacheOut! (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/1453/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/1453/">https://addons.mozilla.org/en-US/firefox/addon/1453/</a><br>BugMeNot Extension (Firefox Add-on) - <a class="external free" title="http://roachfiend.com/archives/2005/02/07/bugmenot/" rel="nofollow" href="http://roachfiend.com/archives/2005/02/07/bugmenot/">http://roachfiend.com/archives/2005/02/07/bugmenot/</a><br>TrashMail.net Extension (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/1813/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/1813/">https://addons.mozilla.org/en-US/firefox/addon/1813/</a><br>DiggiDig (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/2819/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/2819/">https://addons.mozilla.org/en-US/firefox/addon/2819/</a><br>Digger (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/1467/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/1467/">https://addons.mozilla.org/en-US/firefox/addon/1467/</a></p>
<p><a name="Database_security_assessment"></a></p>
<h2><span class="mw-headline">Database security assessment</span></h2>
<p>Scuba by Imperva Database Vulnerability Scanner - <a class="external free" title="http://www.imperva.com/scuba/" rel="nofollow" href="http://www.imperva.com/scuba/">http://www.imperva.com/scuba/</a></p>
<p><a name="Browser_Defenses"></a></p>
<h2><span class="mw-headline">Browser Defenses</span></h2>
<p>DieHard - <a class="external free" title="http://www.diehard-software.org/" rel="nofollow" href="http://www.diehard-software.org/">http://www.diehard-software.org/</a><br>LocalRodeo (Firefox Add-on) - <a class="external free" title="http://databasement.net/labs/localrodeo/" rel="nofollow" href="http://databasement.net/labs/localrodeo/">http://databasement.net/labs/localrodeo/</a><br>NoMoXSS - <a class="external free" title="http://www.seclab.tuwien.ac.at/projects/jstaint/" rel="nofollow" href="http://www.seclab.tuwien.ac.at/projects/jstaint/">http://www.seclab.tuwien.ac.at/projects/jstaint/</a><br>Request Rodeo - <a class="external free" title="http://savannah.nongnu.org/projects/requestrodeo" rel="nofollow" href="http://savannah.nongnu.org/projects/requestrodeo">http://savannah.nongnu.org/projects/requestrodeo</a><br>FlashBlock (Firefox Add-on) - <a class="external free" title="http://flashblock.mozdev.org/" rel="nofollow" href="http://flashblock.mozdev.org/">http://flashblock.mozdev.org/</a><br>CookieSafe (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/2497" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/2497">https://addons.mozilla.org/en-US/firefox/addon/2497</a><br>NoScript (Firefox Add-on) - <a class="external free" title="http://www.noscript.net/" rel="nofollow" href="http://www.noscript.net/">http://www.noscript.net/</a><br>FormFox (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/1579/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/1579/">https://addons.mozilla.org/en-US/firefox/addon/1579/</a><br>Adblock (Firefox Add-on) - <a class="external free" title="http://adblock.mozdev.org/" rel="nofollow" href="http://adblock.mozdev.org/">http://adblock.mozdev.org/</a><br>httpOnly in Firefox (Firefox Add-on) - <a class="external free" title="http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html" rel="nofollow" href="http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html">http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html</a><br>SafeCache (Firefox Add-on) - <a class="external free" title="http://www.safecache.com/" rel="nofollow" href="http://www.safecache.com/">http://www.safecache.com/</a><br>SafeHistory (Firefox Add-on) - <a class="external free" title="http://www.safehistory.com/" rel="nofollow" href="http://www.safehistory.com/">http://www.safehistory.com/</a><br>PrefBar (Firefox Add-on) - <a class="external free" title="http://prefbar.mozdev.org/" rel="nofollow" href="http://prefbar.mozdev.org/">http://prefbar.mozdev.org/</a><br>All-in-One Sidebar (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/1027/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/1027/">https://addons.mozilla.org/en-US/firefox/addon/1027/</a><br>QArchive.org web file checker (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/firefox/4115/" rel="nofollow" href="https://addons.mozilla.org/firefox/4115/">https://addons.mozilla.org/firefox/4115/</a><br>Update Notified (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/en-US/firefox/addon/2098/" rel="nofollow" href="https://addons.mozilla.org/en-US/firefox/addon/2098/">https://addons.mozilla.org/en-US/firefox/addon/2098/</a><br>FireKeeper - <a class="external free" title="http://firekeeper.mozdev.org/" rel="nofollow" href="http://firekeeper.mozdev.org/">http://firekeeper.mozdev.org/</a><br>Greasemonkey: XSS Malware Script Detector - <a class="external free" title="http://yehg.net/lab/#tools.greasemonkey" rel="nofollow" href="http://yehg.net/lab/#tools.greasemonkey">http://yehg.net/lab/#tools.greasemonkey</a> </p>
<p><a name="Browser_Privacy"></a></p>
<h2><span class="mw-headline">Browser Privacy</span></h2>
<p>TrackMeNot (Firefox Add-on) - <a class="external free" title="https://addons.mozilla.org/firefox/3173/" rel="nofollow" href="https://addons.mozilla.org/firefox/3173/">https://addons.mozilla.org/firefox/3173/</a><br>Privacy Bird - <a class="external free" title="http://www.privacybird.com/" rel="nofollow" href="http://www.privacybird.com/">http://www.privacybird.com/</a></p>
<p><a name="Application_and_protocol_fuzzing_.28random_instead_of_targeted.29"></a></p>
<h2><span class="mw-headline">Application and protocol fuzzing (random instead of targeted)</span></h2>
<p>Sulley - <a class="external free" title="http://fuzzing.org/" rel="nofollow" href="http://fuzzing.org/">http://fuzzing.org/</a><br>taof: The Art of Fuzzing - <a class="external free" title="http://sourceforge.net/projects/taof/" rel="nofollow" href="http://sourceforge.net/projects/taof/">http://sourceforge.net/projects/taof/</a><br>zzuf: multipurpose fuzzer - <a class="external free" title="http://sam.zoy.org/zzuf/" rel="nofollow" href="http://sam.zoy.org/zzuf/">http://sam.zoy.org/zzuf/</a><br>autodafé: an act of software torture - <a class="external free" title="http://autodafe.sourceforge.net/" rel="nofollow" href="http://autodafe.sourceforge.net/">http://autodafe.sourceforge.net/</a><br>EFS and GPF: Evolutionary Fuzzing System - <a class="external free" title="http://www.appliedsec.com/resources.html" rel="nofollow" href="http://www.appliedsec.com/resources.html">http://www.appliedsec.com/resources.html</a></p>
<!--
NewPP limit report
Preprocessor node count: 398/1000000
Post-expand include size: 0/2097152 bytes
Template argument size: 0/2097152 bytes
Expensive parser function count: 0/100
--><!-- Saved in parser cache with key wiki1134:pcache:idhash:4059-0!1!0!!en!2!edit=0 and timestamp 20090402210602 -->
<div class="printfooter">Retrieved from "<a href="http://www.owasp.org/index.php/Phoenix/Tools">http://www.owasp.org/index.php/Phoenix/Tools</a>"</div>
<!-- end content -->
Logo

更多推荐