This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Phoenix/Tools"

From OWASP
Jump to: navigation, search
Line 14: Line 14:
 
Paros - http://www.parosproxy.org/<br/ >
 
Paros - http://www.parosproxy.org/<br/ >
 
Fiddler - http://www.fiddlertool.com/<br/ >
 
Fiddler - http://www.fiddlertool.com/<br/ >
Web Proxy Editor<br/ >
+
Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/<br/ >
 
Pantera<br/ >
 
Pantera<br/ >
 
Suru<br/ >
 
Suru<br/ >
Line 27: Line 27:
 
XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/<br/ >
 
XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/<br/ >
 
WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/<br/ >
 
WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/<br/ >
 +
Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/<br/ >
 
<br/ >
 
<br/ >
 
<b>HTTP general testing / fingerprinting</b><br/ >
 
<b>HTTP general testing / fingerprinting</b><br/ >
Line 35: Line 36:
 
Net-Square: httprint - http://net-square.com/httprint/<br/ >
 
Net-Square: httprint - http://net-square.com/httprint/<br/ >
 
Wpoison: http stress testing - http://wpoison.sourceforge.net/<br/ >
 
Wpoison: http stress testing - http://wpoison.sourceforge.net/<br/ >
Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml
+
Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml<br/ >
 
<br/ >
 
<br/ >
 
<b>Browser-based HTTP tampering / editing</b><br/ >
 
<b>Browser-based HTTP tampering / editing</b><br/ >
Line 90: Line 91:
 
<b>Web application static source-code analysis</b><br/ >
 
<b>Web application static source-code analysis</b><br/ >
 
Security compass web application auditing tools (SWAAT) - http://www.securitycompass.com/index.html<br/ >
 
Security compass web application auditing tools (SWAAT) - http://www.securitycompass.com/index.html<br/ >
 +
<br/ >
 +
<b>Add-ons for Firefox that help with general web application security</b><br/ >
 +
Web Developer Toolbar - https://addons.mozilla.org/firefox/60/<br/ >
 +
MR Tech Local Install - http://www.mrtech.com/extensions/local_install/<br/ >
 +
Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html<br/ >
 +
IE Tab - https://addons.mozilla.org/firefox/1419/<br/ >
 +
<br/ >
 +
<b>Add-ons for Firefox that help with Javascript and Ajax web application security</b><br/ >
 +
Firebug - http://www.joehewitt.com/software/firebug/<br/ >
 +
Venkman - http://www.mozilla.org/projects/venkman/<br/ >
 +
<br/ >
 +
<b>Java web application security</b><br/ >
 +
Java Explorer - http://metal.hurlant.com/jexplore/<br/ >
 
<br/ >
 
<br/ >

Revision as of 01:31, 19 January 2007

[WIP]

LiveCD
Sunday, January 14, 2007 6:54 AM 817811456 AOC_Labrat-ALPHA-0008.iso - http://www.packetfocus.com/hackos/

Web application scanning

Wapiti - http://wapiti.sourceforge.net/
Web-applciation scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/

HTTP proxying / editing

Burp - http://www.portswigger.net/
Paros - http://www.parosproxy.org/
Fiddler - http://www.fiddlertool.com/
Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
Pantera
Suru
httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/
Charles
Odysseus

RSnake's XSS cheat sheet based-tools and encoding tools

HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm
JBroFuzz - http://sourceforge.net/projects/jbrofuzz
XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/
WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/
Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/

HTTP general testing / fingerprinting
Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/
JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/
OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/
Load-balancing detector - http://ge.mine.nu/lbd.html
Net-Square: httprint - http://net-square.com/httprint/
Wpoison: http stress testing - http://wpoison.sourceforge.net/
Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml

Browser-based HTTP tampering / editing
TamperIE - http://www.bayden.com/Other/
isr-form - http://www.infobyte.com.ar/development.html
TamperData - http://tamperdata.mozdev.org/
Modify Headers - http://modifyheaders.mozdev.org/

Cookie editing / poisoning
CookieSpy - http://www.codeproject.com/shell/cookiespy.asp
Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx

Ajax and XHR scanning
Sprajax - http://www.denimgroup.com/sprajax.html

SQL injection scanning
0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php
sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/
JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html

Web application security malware, backdoors, and evil code
AttackAPI - http://www.gnucitizen.org/projects/attackapi/
FFsniFF - http://azurit.gigahosting.cz/ffsniff/
HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/
BeEF - http://www.bindshell.net/tools/beef/

Web application services that aid in web application security assessment
net.toolkit - http://clez.net/
ServerSniff - http://www.serversniff.net/
Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/
Webmaster-Toolkit - http://www.webmaster-toolkit.com/

Browser-based security fuzzing / checking
Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/
bcheck - http://bcheck.scanit.be/bcheck/
Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects
LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp

PHP file inclusion scanning
Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php
FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25
PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit

Web Application Firewall (WAF) rules and resources
GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules
Akismet: blog spam defense - http://akismet.com/

Web services enumeration / scanning / fuzzing
Net-square: wsChess - http://net-square.com/wschess/index.shtml
SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm

Web application static source-code analysis
Security compass web application auditing tools (SWAAT) - http://www.securitycompass.com/index.html

Add-ons for Firefox that help with general web application security
Web Developer Toolbar - https://addons.mozilla.org/firefox/60/
MR Tech Local Install - http://www.mrtech.com/extensions/local_install/
Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html
IE Tab - https://addons.mozilla.org/firefox/1419/

Add-ons for Firefox that help with Javascript and Ajax web application security
Firebug - http://www.joehewitt.com/software/firebug/
Venkman - http://www.mozilla.org/projects/venkman/

Java web application security
Java Explorer - http://metal.hurlant.com/jexplore/

Retrieved from "https://wiki.owasp.org/index.php?title=Phoenix/Tools&oldid=15596"