sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the …
Category: Web Application Security
Permanent link to this article: https://www.darknessgate.com/2015/05/13/sqlmap-2/
IronWASP
ronwasp by Lavakumar is another great web application pentesting tools and like ZAP it also provides application proxy to intercept and perform manual testing. It has certain other features which are not provided by other similar tools, such as SSRF exploitation, SAP scanner and Scripting within the interface. Under the tools tab we can get …
Permanent link to this article: https://www.darknessgate.com/2015/05/06/ironwasp/
OWASP Zed Attack Proxy Project
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners …
Permanent link to this article: https://www.darknessgate.com/2015/05/06/owasp-zed-attack-proxy-project/
Grendel-Scan
A tool for automated security scanning of web applications. Many features are also present for manual penetration testing. http://sourceforge.net/projects/grendel/files/
Permanent link to this article: https://www.darknessgate.com/2015/03/01/grendel-scan/
Wfuzz
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Some features: * Multiple Injection points capability with multiple dictionaries * Recursion (When doing …
Permanent link to this article: https://www.darknessgate.com/2015/02/26/wfuzz/
The web-application vulnerability scanner
Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, …
Permanent link to this article: https://www.darknessgate.com/2015/02/12/web-application-vulnerability-scanner/
ratproxy
A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script …
Permanent link to this article: https://www.darknessgate.com/2012/07/25/ratproxy/
Samurai Web Testing Framework
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use …
Permanent link to this article: https://www.darknessgate.com/2012/07/25/samurai-web-testing-framework/
Paros – for web application security assessment
“Paros” for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified. Download Paros
Permanent link to this article: https://www.darknessgate.com/2012/07/25/paros-for-web-application-security-assessment/
W3af
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Supported OS: Windows , Linux Download W3af
Permanent link to this article: https://www.darknessgate.com/2012/07/25/w3af/
Burp Suite
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Free Version Features: An intercepting proxy, which lets you inspect and modify traffic …
Permanent link to this article: https://www.darknessgate.com/2012/07/24/burp-suite/
- 1
- 2
Data Hiding Techniques in Windows OS
Hands-on guide to understanding, detecting and using today’s most popular techniques in digital data hiding and exploring hidden data under the Windows® OS
Subscribe By Email
Get the news by Email