This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Category:OWASP CAL9000 Project

Revision as of 01:01, 6 June 2006 by Caloomis (talk | contribs) (Downloads)

Jump to: navigation, search

Welcome to the OWASP CAL9000 project...



  • XSS Attacks - This is a library of the XSS Attack Info from RSnake. You can also try executing the various attacks or using RegEx filters against them.
  • Character Encoder/Decoder - Encodes and decodes the following: URL, Hex, Unicode, Html(Decimal), Base64, MD5. Encode only for Sha1 and Sha256.
  • Simple Http Requests - Send GET, POST, HEAD, TRACE, OPTIONS, PUT and DELETE requests and see the results.
  • Scratchpad - A place to save code snippets, notes, results, etc.
  • Cheatsheets - Collection of references for various web-related platforms and languages.
  • Page Info - Splits out the Forms in a target page, as well as the source for internal and external Scripts.
  • IP Encoder/Decoder - Go to/from IP, Dword, Hex and Octal addresses.
  • String Generator - Create alpha(i), numeric(1) or special(!) strings of almost any length.
  • Scroogle Search - A privacy-friendly scrape of Google results w/Advanced Operators.
  • Testing Checklist - Collection of testing ideas for assessments.
  • Save State/Load State - Allows you to save CAL9000 textarea and text field contents and reload them when you are ready to resume testing.


  • RightClick here to download the CAL9000 tool.
  • RightClick here to download the latest XSS Attack List XML file from RSnake's site. Replace the file of the same name in your "CAL9000/files/xml/" folder.

The online help for CAL9000 can be found here.

Project Contributors

Chris Loomis wrote the CAL9000 tool and currently leads the project. Any and all questions, comments or suggestions are welcome and may be directed here.


Please refer to the OWASP CAL9000 Project Roadmap for current tasks.

Pages in category "OWASP CAL9000 Project"

This category contains only the following page.