OWASP - User contributions [en]

Category:OWASP CAL9000 Project

2006-06-07T11:52:34Z

Caloomis:

'''Welcome to the OWASP CAL9000 project...'''
[[Image:xssAttacks.jpg|thumb|300px|right|CAL9000 in action]]
== Overview ==

CAL9000 brings together a host of web application security testing tools into one convenient package. It is designed to be used in the Firefox browser. CAL9000 functionality may be limited when used with other browsers.

CAL9000 is written in Javascript, so you have full access to the source code. Feel free to modify it to best suit your particular needs. CAL9000 has some powerful features(like executing cross-domain XMLHttpRequests and writing to disk). It is purposefully designed to do some horribly insecure things. Therefore, I would strongly encourage that you only run it locally and NOT off of a web server.

While using CAL9000, the Firefox browser may pop up windows asking you to grant exceptions to its security policy. These are normal and may be safely accepted. If you are leery of approving these requests, you can review the source code until you are comfortable with CAL9000's functionality. I can say with reasonable certainty that CAL9000 will not go crazy and try to kill you.

Please only use this tool for testing your own applications or those that you have been authorized to test.

== Features ==

* XSS Attacks - This is a library of the XSS Attack Info from [http://ha.ckers.org/xss.html RSnake]. You can also try executing the various attacks or using RegEx filters against them.
* Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
* Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
* Scratchpad - A place to save code snippets, notes, results, etc.
* Cheatsheets - Collection of references for various web-related platforms and languages.
* Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
* IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
* String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
* Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
* Testing Checklist - Collection of testing ideas for assessments.
* Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.

== Downloads ==

* RightClick [http://www.digilantesecurity.com/CAL9000/files/CAL9000.zip here] to download the CAL9000 tool.
* RightClick [http://ha.ckers.org/xssAttacks.xml here] to download the latest XSS Attack List XML file from [http://ha.ckers.org/xss.html RSnake's site]. Replace the file of the same name in your "CAL9000/files/xml/" folder.

The online help for CAL9000 can be found [http://www.digilantesecurity.com/CAL9000/help.html here].

== Project Contributors ==

Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed [mailto:cal9000tool@mac.com here] or submitted via the Discussion Tab above.

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Download]]
[[Category:OWASP Tool]]

File:XssAttacks.jpg

2006-06-07T11:51:36Z

Caloomis: Screenshot of CAL9000

Screenshot of CAL9000

Category:OWASP CAL9000 Project

2006-06-06T13:31:48Z

Caloomis: /* Project Contributors */

'''Welcome to the OWASP CAL9000 project...'''

== Overview ==

CAL9000 brings together a host of web application security testing tools into one convenient package. It is designed to be used in the Firefox browser. CAL9000 functionality may be limited when used with other browsers.

CAL9000 is written in Javascript, so you have full access to the source code. Feel free to modify it to best suit your particular needs. CAL9000 has some powerful features(like executing cross-domain XMLHttpRequests and writing to disk). It is purposefully designed to do some horribly insecure things. Therefore, I would strongly encourage that you only run it locally and NOT off of a web server.

While using CAL9000, the Firefox browser may pop up windows asking you to grant exceptions to its security policy. These are normal and may be safely accepted. If you are leery of approving these requests, you can review the source code until you are comfortable with CAL9000's functionality. I can say with reasonable certainty that CAL9000 will not go crazy and try to kill you.

Please only use this tool for testing your own applications or those that you have been authorized to test.

== Features ==

* XSS Attacks - This is a library of the XSS Attack Info from [http://ha.ckers.org/xss.html RSnake]. You can also try executing the various attacks or using RegEx filters against them.
* Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
* Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
* Scratchpad - A place to save code snippets, notes, results, etc.
* Cheatsheets - Collection of references for various web-related platforms and languages.
* Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
* IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
* String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
* Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
* Testing Checklist - Collection of testing ideas for assessments.
* Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.

== Downloads ==

* RightClick [http://www.digilantesecurity.com/CAL9000/files/CAL9000.zip here] to download the CAL9000 tool.
* RightClick [http://ha.ckers.org/xssAttacks.xml here] to download the latest XSS Attack List XML file from [http://ha.ckers.org/xss.html RSnake's site]. Replace the file of the same name in your "CAL9000/files/xml/" folder.

The online help for CAL9000 can be found [http://www.digilantesecurity.com/CAL9000/help.html here].

== Project Contributors ==

Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed [mailto:cal9000tool@mac.com here] or submitted via the Discussion Tab above.

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Download]]
[[Category:OWASP Tool]]

Category talk:OWASP CAL9000 Project

2006-06-06T13:18:04Z

Caloomis:

'''We need your input! Ask questions, make comments or suggest new features for CAL9000 below.'''

== Click the edit+ button to add a comment ==

Edit this page and ask your question here

OWASP CAL9000 Project Roadmap

2006-06-06T13:05:44Z

Caloomis:

The project's overall goal is to...

Provide a centralized framework for the organization and use of a variety of tools that can
assist web application security testers with their manual testing efforts.

In the near term, we are focused on the following tactical goals...

# Soliciting comments, suggestions and feature requests from users.
# Exploring ways to enhance the functionality of the tool when used in browsers other than Firefox.

Here are the current tasks defined to help us achieve these goals...

* ...

[[Category:OWASP CAL9000 Project]]

OWASP CAL9000 Project Roadmap

2006-06-06T13:04:53Z

Caloomis:

The project's overall goal is to...

Provide a centralized framework for the organization and use of a variety of tools that can
assist web application security testers with their manual testing efforts.

In the near term, we are focused on the following tactical goals...

# Soliciting comments, suggestions and feature requests from users.
# Exploring ways to enhance the functionality of the tool while used in browsers other than Firefox.

Here are the current tasks defined to help us achieve these goals...

* ...

[[Category:OWASP CAL9000 Project]]

Category:OWASP CAL9000 Project

2006-06-06T01:18:04Z

Caloomis: /* Overview */

'''Welcome to the OWASP CAL9000 project...'''

== Overview ==

CAL9000 brings together a host of web application security testing tools into one convenient package. It is designed to be used in the Firefox browser. CAL9000 functionality may be limited when used with other browsers.

CAL9000 is written in Javascript, so you have full access to the source code. Feel free to modify it to best suit your particular needs. CAL9000 has some powerful features(like executing cross-domain XMLHttpRequests and writing to disk). It is purposefully designed to do some horribly insecure things. Therefore, I would strongly encourage that you only run it locally and NOT off of a web server.

While using CAL9000, the Firefox browser may pop up windows asking you to grant exceptions to its security policy. These are normal and may be safely accepted. If you are leery of approving these requests, you can review the source code until you are comfortable with CAL9000's functionality. I can say with reasonable certainty that CAL9000 will not go crazy and try to kill you.

Please only use this tool for testing your own applications or those that you have been authorized to test.

== Features ==

* XSS Attacks - This is a library of the XSS Attack Info from [http://ha.ckers.org/xss.html RSnake]. You can also try executing the various attacks or using RegEx filters against them.
* Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
* Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
* Scratchpad - A place to save code snippets, notes, results, etc.
* Cheatsheets - Collection of references for various web-related platforms and languages.
* Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
* IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
* String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
* Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
* Testing Checklist - Collection of testing ideas for assessments.
* Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.

== Downloads ==

* RightClick [http://www.digilantesecurity.com/CAL9000/files/CAL9000.zip here] to download the CAL9000 tool.
* RightClick [http://ha.ckers.org/xssAttacks.xml here] to download the latest XSS Attack List XML file from [http://ha.ckers.org/xss.html RSnake's site]. Replace the file of the same name in your "CAL9000/files/xml/" folder.

The online help for CAL9000 can be found [http://www.digilantesecurity.com/CAL9000/help.html here].

== Project Contributors ==

Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed [mailto:cal9000tool@mac.com here].

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Download]]
[[Category:OWASP Tool]]

Category:OWASP CAL9000 Project

2006-06-06T01:01:55Z

Caloomis: /* Downloads */

'''Welcome to the OWASP CAL9000 project...'''

== Overview ==

== Features ==

* XSS Attacks - This is a library of the XSS Attack Info from [http://ha.ckers.org/xss.html RSnake]. You can also try executing the various attacks or using RegEx filters against them.
* Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
* Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
* Scratchpad - A place to save code snippets, notes, results, etc.
* Cheatsheets - Collection of references for various web-related platforms and languages.
* Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
* IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
* String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
* Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
* Testing Checklist - Collection of testing ideas for assessments.
* Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.

== Downloads ==

* RightClick [http://www.digilantesecurity.com/CAL9000/files/CAL9000.zip here] to download the CAL9000 tool.
* RightClick [http://ha.ckers.org/xssAttacks.xml here] to download the latest XSS Attack List XML file from [http://ha.ckers.org/xss.html RSnake's site]. Replace the file of the same name in your "CAL9000/files/xml/" folder.

The online help for CAL9000 can be found [http://www.digilantesecurity.com/CAL9000/help.html here].

== Project Contributors ==

Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed [mailto:cal9000tool@mac.com here].

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Download]]
[[Category:OWASP Tool]]

Category:OWASP CAL9000 Project

2006-06-06T00:58:30Z

Caloomis: /* Roadmap */

'''Welcome to the OWASP CAL9000 project...'''

== Overview ==

== Features ==

* XSS Attacks - This is a library of the XSS Attack Info from [http://ha.ckers.org/xss.html RSnake]. You can also try executing the various attacks or using RegEx filters against them.
* Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
* Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
* Scratchpad - A place to save code snippets, notes, results, etc.
* Cheatsheets - Collection of references for various web-related platforms and languages.
* Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
* IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
* String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
* Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
* Testing Checklist - Collection of testing ideas for assessments.
* Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.

== Downloads ==

* Click [http://www.digilantesecurity.com/CAL9000/files/CAL9000.zip here] to download the CAL9000 tool.
* Click [http://ha.ckers.org/xssAttacks.xml here] to download the latest XSS Attack List XML file from [http://ha.ckers.org/xss.html RSnake's site]. Replace the file of the same name in your "CAL9000/files/xml/" folder.

The online help for CAL9000 can be found [http://www.digilantesecurity.com/CAL9000/help.html here].

== Project Contributors ==

Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed [mailto:cal9000tool@mac.com here].

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Download]]
[[Category:OWASP Tool]]

Category:OWASP CAL9000 Project

2006-06-06T00:53:20Z

Caloomis: /* Downloads */

'''Welcome to the OWASP CAL9000 project...'''

== Overview ==

== Features ==

* XSS Attacks - This is a library of the XSS Attack Info from [http://ha.ckers.org/xss.html RSnake]. You can also try executing the various attacks or using RegEx filters against them.
* Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
* Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
* Scratchpad - A place to save code snippets, notes, results, etc.
* Cheatsheets - Collection of references for various web-related platforms and languages.
* Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
* IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
* String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
* Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
* Testing Checklist - Collection of testing ideas for assessments.
* Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.

== Downloads ==

* Click [http://www.digilantesecurity.com/CAL9000/files/CAL9000.zip here] to download the CAL9000 tool.
* Click [http://ha.ckers.org/xssAttacks.xml here] to download the latest XSS Attack List XML file from [http://ha.ckers.org/xss.html RSnake's site]. Replace the file of the same name in your "CAL9000/files/xml/" folder.

The online help for CAL9000 can be found [http://www.digilantesecurity.com/CAL9000/help.html here].

== Project Contributors ==

Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed [mailto:cal9000tool@mac.com here].

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Tool]]

Category:OWASP CAL9000 Project

2006-06-06T00:42:32Z

Caloomis:

'''Welcome to the OWASP CAL9000 project...'''

== Overview ==

== Features ==

* XSS Attacks - This is a library of the XSS Attack Info from [http://ha.ckers.org/xss.html RSnake]. You can also try executing the various attacks or using RegEx filters against them.
* Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
* Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
* Scratchpad - A place to save code snippets, notes, results, etc.
* Cheatsheets - Collection of references for various web-related platforms and languages.
* Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
* IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
* String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
* Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
* Testing Checklist - Collection of testing ideas for assessments.
* Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.

== Downloads ==

* Click [http://www.digilantesecurity.com/files/CAL9000.zip here] to download the CAL9000 tool.
* Click [http://ha.ckers.org/xssAttacks.xml here] to download the latest XSS Attack List XML file from [http://ha.ckers.org/xss.html RSnake's site].
Replace the file of the same name in your "CAL9000/files/xml/" folder.

== Project Contributors ==

Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed [mailto:cal9000tool@mac.com here].

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Tool]]

Category:OWASP CAL9000 Project

2006-06-06T00:10:07Z

Caloomis: /* Project Contributors */

'''Welcome to the OWASP CAL9000 project...'''

== Overview ==

== Features ==

* XSS Attacks - This is a listing of the XSS Attack Info from RSnake. You can also try executing the various attacks or using RegEx filters against them.
* Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
* Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
* Scratchpad - A place to save code snippets, notes, results, etc.
* Cheatsheets - Collection of references for various web-related platforms and languages.
* Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
* IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
* String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
* Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
* Testing Checklist - Collection of testing ideas for assessments.
* Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.

== Downloads ==

== Project Contributors ==

Chris Loomis wrote the CAL9000 tool and currently runs the project. Any and all questions, comments or suggestions are welcome and may be directed [mailto:cal9000tool@mac.com here].

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Tool]]

Category:OWASP CAL9000 Project

2006-06-05T23:41:45Z

Caloomis: /* Features */

'''Welcome to the OWASP CAL9000 project...'''

== Overview ==

== Features ==

* XSS Attacks - This is a listing of the XSS Attack Info from RSnake. You can also try executing the various attacks or using RegEx filters against them.
* Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
* Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
* Scratchpad - A place to save code snippets, notes, results, etc.
* Cheatsheets - Collection of references for various web-related platforms and languages.
* Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
* IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
* String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
* Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
* Testing Checklist - Collection of testing ideas for assessments.
* Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.

== Downloads ==

== Project Contributors ==

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Tool]]

Category:OWASP CAL9000 Project

2006-06-05T23:34:08Z

Caloomis:

'''Welcome to the OWASP CAL9000 project...'''

== Overview ==

== Features ==

== Downloads ==

== Project Contributors ==

== Roadmap ==
Please refer to the [[OWASP CAL9000 Project Roadmap]] for current tasks.

[[Category:OWASP Project]]
[[Category:OWASP Tool]]