Tag Archive: XSS


Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Some features: * Multiple Injection points capability with multiple dictionaries * Recursion (When doing …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/02/26/wfuzz/

Medusa Parallel Network Login Auditor

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/02/24/medusa-parallel-network-login-auditor/

The web-application vulnerability scanner

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/02/12/web-application-vulnerability-scanner/


A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/07/25/ratproxy/


w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Supported OS: Windows , Linux Download W3af

Permanent link to this article: http://www.darknessgate.com/2012/07/25/w3af/


Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/07/23/safe3si/


WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/07/23/webscarab/


Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use. XSS-Me Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/07/23/exploit-me/

x5s – XSS security testing assistant

x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. This is not a point and shoot tool, it requires some understanding of how encoding issues lead to XSS, and it requires manual driving. x5s acts as an assistant to the security tester by speeding up the process of …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/07/23/x5s-xss-security-testing-assistant/

Watcher: Web security testing tool and passive vulnerability scanner

Watcher is a Fiddleraddon which aims to assist penetration testers in passively finding Web-application vulnerabilities. The security field today has several good choices for HTTP proxies which assist auditors and pen-testers. We chose to implement this as a plugin for Fiddler which already provides the proxy framework for HTTP debugging. Some reasons to use Watcher …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/07/21/watcher-web-security-testing-tool-and-passive-vulnerability-scanner/


Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/07/21/skipfish/

Page 1 of 212