Phoenix/Tools

[WIP]

LiveCD Sunday, January 14, 2007 6:54 AM    817811456 AOC_Labrat-ALPHA-0008.iso - http://www.packetfocus.com/hackos/  Web application scanning  Wapiti - http://wapiti.sourceforge.net/ Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/  HTTP proxying / editing  Burp - http://www.portswigger.net/ Paros - http://www.parosproxy.org/ Fiddler - http://www.fiddlertool.com/ Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/ Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project Suru - http://www.sensepost.com/research/suru/ httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/<br/ > Charles - http://www.xk72.com/charles/<br/ > Odysseus - http://www.bindshell.net/tools/odysseus<br/ > <br/ > RSnake's XSS cheat sheet based-tools, fuzzing, and encoding tools<br/ > <br/ > HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm<br/ > JBroFuzz - http://sourceforge.net/projects/jbrofuzz<br/ > CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project<br/ > XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/<br/ > WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/<br/ > Grabber - http://rgaucher.info/beta/grabber/<br/ > Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/<br/ > RFuzz - http://rfuzz.rubyforge.org/<br/ > [ZIP] WebFuzz - http://www.codebreakers-journal.com/index.php/CodeBreakersJournal/article/download/43/69<br/ > <br/ > HTTP general testing / fingerprinting<br/ > Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/<br/ > JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/<br/ > OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/<br/ > Load-balancing detector - http://ge.mine.nu/lbd.html<br/ > HMAP - http://ujeni.murkyroc.com/hmap/<br/ > Net-Square: httprint - http://net-square.com/httprint/<br/ > Wpoison: http stress testing - http://wpoison.sourceforge.net/<br/ > Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml<br/ > hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/<br/ > <br/ > Browser-based HTTP tampering / editing<br/ > TamperIE - http://www.bayden.com/Other/<br/ > isr-form - http://www.infobyte.com.ar/development.html<br/ > TamperData - http://tamperdata.mozdev.org/<br/ > Modify Headers - http://modifyheaders.mozdev.org/<br/ > <br/ > Cookie editing / poisoning<br/ > Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/<br/ > CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/<br/ > CookieSpy - http://www.codeproject.com/shell/cookiespy.asp<br/ > Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx<br/ > <br/ > Ajax and XHR scanning<br/ > Sprajax - http://www.denimgroup.com/sprajax.html<br/ > <br/ > SQL injection scanning<br/ > 0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php<br/ > sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/<br/ > JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html<br/ > BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html<br/ > sqlmap - http://sqlmap.sourceforge.net/<br/ > Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/<br/ > <br/ > Web application security malware, backdoors, and evil code<br/ > XSS Shell - http://ferruh.mavituna.com/article/?1338<br/ > XSS-Proxy - http://xss-proxy.sourceforge.net<br/ > AttackAPI - http://www.gnucitizen.org/projects/attackapi/<br/ > FFsniFF - http://azurit.gigahosting.cz/ffsniff/<br/ > HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/<br/ > BeEF - http://www.bindshell.net/tools/beef/<br/ > Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/<br/ > What is my IP address? - http://reglos.de/myaddress/<br/ > xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm<br/ > Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval<br/ > <br/ > Web application services that aid in web application security assessment<br/ > net.toolkit - http://clez.net/<br/ > ServerSniff - http://www.serversniff.net/<br/ > Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/<br/ > Webmaster-Toolkit - http://www.webmaster-toolkit.com/<br/ > <br/ > Browser-based security fuzzing / checking<br/ > Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi<br/ > hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/<br/ > bcheck - http://bcheck.scanit.be/bcheck/<br/ > Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects<br/ > LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp<br/ > BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/<br/ > Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php<br/ > Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7<br/ > <br/ > PHP file inclusion scanning<br/ > Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php <br/ > FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25 PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit<br/ > <br/ > Web Application Firewall (WAF) rules and resources<br/ > GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules<br/ > The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/<br/ > mod_security rules generator - http://noeljackson.com/tools/modsecurity/<br/ > Akismet: blog spam defense - http://akismet.com/<br/ > <br/ > Web services enumeration / scanning / fuzzing<br/ > Net-square: wsChess - http://net-square.com/wschess/index.shtml<br/ > SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm<br/ > <br/ > Web application static source-code analysis<br/ > Security compass web application auditing tools (SWAAT) - http://www.securitycompass.com/index.html<br/ > <br/ > Add-ons for Firefox that help with general web application security<br/ > Web Developer Toolbar - https://addons.mozilla.org/firefox/60/<br/ > XML Developer Toolbar - https://addons.mozilla.org/firefox/2897/<br/ > HackBar - https://addons.mozilla.org/firefox/3899/<br/ > XForms Buddy - http://beaufour.dk/index.php?sec=misc&pagename=xforms<br/ > MR Tech Local Install - http://www.mrtech.com/extensions/local_install/<br/ > Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html<br/ > IE Tab - https://addons.mozilla.org/firefox/1419/<br/ > User-Agent Switcher - https://addons.mozilla.org/firefox/59/<br/ > FlashBlock - http://flashblock.mozdev.org/<br/ > SeverSwitcher - https://addons.mozilla.org/firefox/2409/<br/ > httpOnly in Firefox - http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html<br/ > SafeCache<br/ > SafeHistory<br/ > PrefBar<br/ > QArchive.org web file checker - https://addons.mozilla.org/firefox/4115/<br/ > HeaderMonitor - https://addons.mozilla.org/firefox/575/<br/ > RefControl - https://addons.mozilla.org/firefox/953/<br/ > refspoof - https://addons.mozilla.org/firefox/667/<br/ > no-referrer<br/ > Fire Encrypter - https://addons.mozilla.org/firefox/3208/<br/ > <br/ > Add-ons for Firefox that help with Javascript and Ajax web application security<br/ > Firebug - http://www.joehewitt.com/software/firebug/<br/ > Venkman - http://www.mozilla.org/projects/venkman/<br/ > Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/<br/ > Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/<br/ > <br/ > Java web application security<br/ > Java Explorer - http://metal.hurlant.com/jexplore/<br/ > <br/ > SSL certificate checking / scanning<br/ > [ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip<br/ > [ZIP] Foundstone SSLDigger - http://foundstone.com/resources/freetooldownload.htm?file=ssldigger.zip<br/ > Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/<br/ > <br/ >