Category:OWASP CAL9000 Project
Welcome to the OWASP CAL9000 project...
CAL9000 brings together a host of web application security testing tools into one convenient package. It is designed to be used in the Firefox browser. CAL9000 functionality may be limited when used with other browsers.
While using CAL9000, the Firefox browser may pop up windows asking you to grant exceptions to its security policy. These are normal and may be safely accepted. If you are reluctant to approve these requests, you can review the source code until you are comfortable with CAL9000's functionality. I can say with reasonable certainty that CAL9000 will not go crazy and try to kill you.
Please only use this tool for testing your own applications or those that you have been authorized to test.
- XSS Attacks - This is a library of the XSS Attack Info from RSnake. You can also try testing the various attacks or using RegEx filters against them.
- Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
- Scratchpad - A place to save code snippets, notes, results, etc.
- Cheatsheets - Collection of references for various web-related platforms and languages.
- Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
- IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
- String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
- Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
- Testing Checklist - Collection of testing ideas for assessments.
- Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.
- Selected Text Processing - Allows you to process selected text inside of a textarea instead of the entire contents of a textarea.
LATEST RELEASE - Version 1.1 released July 30, 2006. See the OWASP CAL9000 Project Roadmap for details.
- RightClick here to download the CAL9000 tool.
- RightClick here to download the latest XSS Attack List XML file from RSnake's site. Replace the file of the same name in your "CAL9000/files/xml/" folder.
The online help for CAL9000 can be found here.
Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed here or submitted via the Discussion Tab above.
Thanks to everyone who has emailed me their comments and great suggestions for enhancing CAL9000. Keep the ideas coming! Special thanks to Achim Hoffmann for his significant contributions of code and time to the project.
Please refer to the OWASP CAL9000 Project Roadmap for current tasks.
Pages in category "OWASP CAL9000 Project"
This category contains only the following page.