Difference between revisions of "Phoenix/Tools"

Revision as of 18:13, 17 July 2007

Please send comments or questions to the Phoenix-OWASP mailing-list.

LiveCDs

Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - http://www.packetfocus.com/hackos/
DVL (Damn Vulnerable Linux) - http://www.damnvulnerablelinux.org/

Test sites / testing grounds

SPI Dynamics (live) - http://zero.webappsecurity.com/
Cenzic (live) - http://crackme.cenzic.com/
Watchfire (live) - http://demo.testfire.net/
Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com
WebMaven / Buggy Bank (includes live testsite) - http://www.mavensecurity.com/webmaven
Foundstone SASS tools - http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/s3i_tools.htm
OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator
Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/
SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/

HTTP proxying / editing

WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp - http://www.portswigger.net/
Paros - http://www.parosproxy.org/
Fiddler - http://www.fiddlertool.com/
Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
Suru - http://www.sensepost.com/research/suru/
httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/
Charles - http://www.xk72.com/charles/
Odysseus - http://www.bindshell.net/tools/odysseus
Burp, Paros, and WebScarab for Mac OS X - http://www.corsaire.com/downloads/
Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/
JS Commander - http://jscmd.rubyforge.org/

RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools

Wfuzz - http://www.edge-security.com/wfuzz.php
ProxMon - http://www.isecpartners.com/proxmon.html
Wapiti - http://wapiti.sourceforge.net/
Grabber - http://rgaucher.info/beta/grabber/
XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py
CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm
JBroFuzz - http://sourceforge.net/projects/jbrofuzz
XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/
WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/
Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
[TGZ] MielieTool (SensePost Research) - http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz
RegFuzzer: test your regular expression filter - http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter
screamingCobra - http://www.dachb0den.com/projects/screamingcobra.html
SPIKE and SPIKE Proxy - http://immunitysec.com/resources-freesoftware.shtml
RFuzz - http://rfuzz.rubyforge.org/
WebFuzz - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999
TestMaker - http://www.pushtotest.com/Docs/downloads/features.html
ASP Auditor - http://michaeldaw.org/projects/asp-auditor-v2/
WSTool - http://wstool.sourceforge.net/
Web Hack Control Center (WHCC) - http://ussysadmin.com/whcc/
Web Text Converter - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
HackBar (Firefox Add-on) - https://addons.mozilla.org/firefox/3899/
Net-Force Tools (NF-Tools, Firefox Add-on) - http://www.net-force.nl/library/downloads/
PostIntercepter (Greasemonkey script) - http://userscripts.org/scripts/show/743

HTTP general testing / fingerprinting

Wbox: HTTP testing tool - http://hping.org/wbox/
ht://Check - http://htcheck.sourceforge.net/
Mumsie - http://www.lurhq.com/tools/mumsie.html
WebInject - http://www.webinject.org/
Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/
JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/
OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/
Load-balancing detector - http://ge.mine.nu/lbd.html
HMAP - http://ujeni.murkyroc.com/hmap/
Net-Square: httprint - http://net-square.com/httprint/
Wpoison: http stress testing - http://wpoison.sourceforge.net/
Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml
hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/
rfp.labs: LibWhisker - http://www.wiretrip.net/rfp/lw.asp
Nikto - http://www.cirt.net/code/nikto.shtml
twill - http://twill.idyll.org/
DirBuster - http://www.sittinglittleduck.com/DirBuster/
[ZIP] DFF Scanner - http://security-net.biz/files/dff/DFF.zip
[ZIP] The Elza project - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html

Browser-based HTTP tampering / editing / replaying

TamperIE - http://www.bayden.com/Other/
isr-form - http://www.infobyte.com.ar/developments.html
Modify Headers (Firefox Add-on) - http://modifyheaders.mozdev.org/
Tamper Data (Firefox Add-on) - http://tamperdata.mozdev.org/
UrlParams (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1290/
TestGen4Web (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1385/
DOM Inspector / Inspect This (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/
LiveHTTPHeaders / Header Monitor (Firefox Add-on) - http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/

Cookie editing / poisoning

[TGZ] stompy: session id tool - http://lcamtuf.coredump.cx/stompy.tgz
Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/
CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/
CookiePie (Firefox Add-on) - http://www.nektra.com/oss/firefox/extensions/cookiepie/
CookieSpy - http://www.codeproject.com/shell/cookiespy.asp
Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx

Ajax and XHR scanning

Sahi - http://sahi.co.in/
scRUBYt - http://scrubyt.org/
jQuery - http://jquery.com/
jquery-include - http://www.gnucitizen.org/projects/jquery-include
Sprajax - http://www.denimgroup.com/sprajax.html
Watir - http://wtr.rubyforge.org/
Watij - http://watij.com/
Watin - http://watin.sourceforge.net/
RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/
SpiderTest (Spider Fuzz plugin) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin
Javascript Inline Debugger (jasildbg) - http://jasildbg.googlepages.com/
Firebug Lite - http://www.getfirebug.com/lite.html
firewaitr - http://code.google.com/p/firewatir/

RSS extensions and caching

LiveLines (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/324/
rss-cache - http://www.dubfire.net/chris/projects/rss-cache/

SQL injection scanning

0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php
SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/
JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html
BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html
sqlmap - http://sqlmap.sourceforge.net/
Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/
FG-Injector - http://www.flowgate.net/?lang=en&seccion=herramientas
PRIAMOS - http://www.priamos-project.com/

Web application security malware, backdoors, and evil code

W3AF: Web Application Attack and Audit Framework - http://w3af.sourceforge.net/
Jikto - http://busin3ss.name/jikto-in-the-wild/
XSS Shell - http://ferruh.mavituna.com/article/?1338
XSS-Proxy - http://xss-proxy.sourceforge.net
AttackAPI - http://www.gnucitizen.org/projects/attackapi/
FFsniFF - http://azurit.elbiahosting.sk/ffsniff/
HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/
BeEF - http://www.bindshell.net/tools/beef/
Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/
What is my IP address? - http://reglos.de/myaddress/
xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm
SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/
Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval
Technika - http://www.gnucitizen.org/projects/technika/
Load-AttackAPI bookmarklet - http://www.gnucitizen.org/projects/load-attackapi-bookmarklet
MD's Projects: JS port scanner, pinger, backdoors, etc - http://michaeldaw.org/my-projects/

Web application services that aid in web application security assessment

Netcraft - http://www.netcraft.net
AboutURL - http://www.abouturl.com/
The Scrutinizer - http://www.scrutinizethis.com/
net.toolkit - http://clez.net/
ServerSniff - http://www.serversniff.net/
Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/
Webmaster-Toolkit - http://www.webmaster-toolkit.com/
myIPNeighbbors, et al - http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
PHP charset encoding - http://h4k.in/encoding
data: URL testcases - http://h4k.in/dataurl

Browser-based security fuzzing / checking

Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/
Peach Fuzzer Framework - http://peachfuzz.sourceforge.net/
TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html
PROTOS Test-Suite: c05-http-reply - http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html
COMRaider - http://labs.idefense.com
bcheck - http://bcheck.scanit.be/bcheck/
Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects
LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp
BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/
Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php
Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7
Javascript Website Login Checker - http://ha.ckers.org/weird/javascript-website-login-checker.html
Mozilla Activex - http://www.iol.ie/~locka/mozilla/mozilla.htm
Jungsonn's Black Dragon Project - http://blackdragon.jungsonnstudios.com/
Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - http://ha.ckers.org/mr-t/
Vulnerable Adobe Plugin Detection For UXSS PoC - http://www.0x000000.com/?i=324
About Flash: is your flash up-to-date? - http://www.macromedia.com/software/flash/about/
Test your installation of Java software - http://java.com/en/download/installed.jsp?detect=jre&try=1

PHP static analysis and file inclusion scanning

PHP-SAT.org: Static analysis for PHP - http://www.program-transformation.org/PHP/
Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php
FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25
PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit

Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources

APIDS on Wikipedia - http://en.wikipedia.org/wiki/APIDS
PHP Intrusion Detection System (PHP-IDS) - http://php-ids.org/ http://code.google.com/p/phpids/
dotnetids - http://code.google.com/p/dotnetids/
Secure Science InterScout - http://www.securescience.com/home/newsandevents/news/interscout1.0.html
Remo: whitelist rule editor for mod_security - http://remo.netnea.com/
GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules
The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/
mod_security rules generator - http://noeljackson.com/tools/modsecurity/
Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3
[TGZ] Automatic Rules Generation for Mod_Security - http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz
AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99
Akismet: blog spam defense - http://akismet.com/
Samoa: Formal tools for securing web services - http://research.microsoft.com/projects/samoa/

Web services enumeration / scanning / fuzzing

WebServiceStudio2.0 - http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=65a1d4ea-0f7a-41bd-8494-e916ebc4159c
Net-square: wsChess - http://net-square.com/wschess/index.shtml
WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm
iSecPartners: WSMap, WSBang, etc - http://www.isecpartners.com/tools.html

Web application non-specific static source-code analysis

Pixy: a static analysis tool for detecting XSS vulnerabilities - http://www.seclab.tuwien.ac.at/projects/pixy/
Brixoft.Net: Source Edit - http://www.brixoft.net/prodinfo.asp?id=1
Security compass web application auditing tools (SWAAT) - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project
An even more complete list here - http://www.cs.cmu.edu/~aldrich/courses/654/tools/
A nice list that claims some demos available - http://www.cs.cmu.edu/~aldrich/courses/413/tools.html
A smaller, but also good list - http://spinroot.com/static/

Static analysis for C/C++ (CGI, ISAPI, etc) in web applications

RATS - http://www.securesoftware.com/resources/download_rats.html
ITS4 - http://www.cigital.com/its4/
FlawFinder - http://www.dwheeler.com/flawfinder/
Splint - http://www.splint.org/
Uno - http://spinroot.com/uno/
BOON (Buffer Overrun detectiON) - http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net
Valgrind - http://www.valgrind.org/

Java static analysis, security frameworks, and web application security tools

HDIV Struts - http://hdiv.org/
Orizon - http://sourceforge.net/projects/orizon/
FindBugs: Find bugs in Java programs - http://findbugs.sourceforge.net/
PMD - http://pmd.sourceforge.net/
CUTE: A Concolic Unit Testing Engine for C and Java - http://osl.cs.uiuc.edu/~ksen/cute/
EMMA - http://emma.sourceforge.net/
JLint - http://jlint.sourceforge.net/
Java PathFinder - http://javapathfinder.sourceforge.net/
Fujaba: Move between UML and Java source code - http://wwwcs.uni-paderborn.de/cs/fujaba/
Checkstyle - http://checkstyle.sourceforge.net/
Cookie Revolver Security Framework - http://sourceforge.net/projects/cookie-revolver
tinapoc - http://sourceforge.net/projects/tinapoc
jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
Solex - http://solex.sourceforge.net/
Java Explorer - http://metal.hurlant.com/jexplore/
HTTPClient - http://www.innovation.ch/java/HTTPClient/
another HttpClient - http://jakarta.apache.org/commons/httpclient/
a list of code coverage and analysis tools for Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html

Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET

Orcas - http://msdn.microsoft.com/vstudio/express/future/downloads/default.aspx
Web Development Helper - http://www.nikhilk.net/Project.WebDevHelper.aspx
FxCop - http://blogs.msdn.com/fxcop/ http://www.gotdotnet.com/team/fxcop/
Microsoft Application Verifier - http://www.microsoft.com/technet/prodtechnol/windows/appcompatibility/appverifier.mspx
Microsoft internal tools you can't have yet - http://www.microsoft.com/windows/cse/pa_projects.mspx http://research.microsoft.com/Pex/ http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf

Threat modeling

Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
Amenaza: Attack Tree Modeling (SecurITree) - http://www.amenaza.com/software.php
Octotrike - http://www.octotrike.org/

Add-ons for Firefox that help with general web application security

Add-ons for Firefox that help with Javascript and Ajax web application security

Selenium IDE - http://www.openqa.org/selenium-ide/
Firebug - http://www.joehewitt.com/software/firebug/
Venkman - http://www.mozilla.org/projects/venkman/
Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/
Greasemonkey - http://www.greasespot.net/
Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/
User script compiler - http://arantius.com/misc/greasemonkey/script-compiler
Extension Developer's Extension (Firefox Add-on) - http://ted.mielczarek.org/code/mozilla/extensiondev/
Smart Middle Click (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/3885/

Bookmarklets that aid in web application security

RSnake's security bookmarklets - http://ha.ckers.org/bookmarklets.html
BMlets - http://optools.awardspace.com/bmlet.html
Huge list of bookmarklets - http://www.squarefree.com/bookmarklets/
Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - http://www.blummy.com/
Bookmarklets every blogger should have - http://www.micropersuasion.com/2005/10/bookmarklets_ev.html
Flat Bookmark Editing (Firefox Add-on) - http://n01se.net/chouser/proj/mozhack/
OpenBook and Update Bookmark (Firefox Add-ons) - http://www.chuonthis.com/extensions/

SSL certificate checking / scanning

[ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip
[ZIP] Foundstone SSLDigger - http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip
Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/

Honeyclients, Web Application, and Web Proxy honeypots

Honeyclient Project: an open-source honeyclient - http://www.honeyclient.org/trac/
HoneyC: the low-interaction honeyclient - http://honeyc.sourceforge.net/
Capture: a high-interaction honeyclient - http://capture-hpc.sourceforge.net/
Google Hack Honeypot - http://ghh.sourceforge.net/
PHP.Hop - PHP Honeynet Project - http://www.rstack.org/phphop/
SpyBye - http://www.monkey.org/~provos/spybye/
Honeytokens - http://www.securityfocus.com/infocus/1713

Blackhat SEO and maybe some whitehat SEO

SearchStatus (Firefox Add-on) - http://www.quirk.biz/searchstatus/
SEO for Firefox (Firefox Add-on) - http://tools.seobook.com/firefox/seo-for-firefox.html
SEOQuake (Firefox Add-on) - http://www.seoquake.com/

Footprinting for web application security

Evolution - http://www.paterva.com/evolution-e.html
GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/
Aura: Google API Utility Tools - http://www.sensepost.com/research/aura/
Edge-Security tools - http://www.edge-security.com/soft.php
Fierce Domain Scanner - http://ha.ckers.org/fierce/
Googlegath - http://www.nothink.org/perl/googlegath/
Advanced Dork (Firefox Add-on) - https://addons.mozilla.org/firefox/2144/
Passive Cache (Firefox Add-on) - https://addons.mozilla.org/firefox/977/
CacheOut! (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1453/
BugMeNot Extension (Firefox Add-on) - http://roachfiend.com/archives/2005/02/07/bugmenot/
TrashMail.net Extension (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1813/
DiggiDig (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2819/
Digger (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1467/

Database security assessment

Scuba by Imperva Database Vulnerability Scanner - http://www.imperva.com/scuba/

Browser Defenses

Browser Privacy

TrackMeNot (Firefox Add-on) - https://addons.mozilla.org/firefox/3173/
Privacy Bird - http://www.privacybird.com/

Application and protocol fuzzing (random instead of targeted)

Sulley - http://fuzzing.org/
taof: The Art of Fuzzing - http://sourceforge.net/projects/taof/
zzuf: multipurpose fuzzer - http://sam.zoy.org/zzuf/
autodafé: an act of software torture - http://autodafe.sourceforge.net/
EFS and GPF: Evolutionary Fuzzing System - http://www.appliedsec.com/resources.html

@@ Line 3: / Line 3: @@
 ==LiveCDs==
-Monday, January 29, 2007  4:02 PM    828569600 AOC_Labrat-ALPHA-0010.iso - http://www.packetfocus.com/hackos/<br/ >
+Monday, January 29, 2007  4:02 PM    828569600 AOC_Labrat-ALPHA-0010.iso - http://www.packetfocus.com/hackos/<br />
-DVL (Damn Vulnerable Linux) - http://www.damnvulnerablelinux.org/<br/ >
+DVL (Damn Vulnerable Linux) - http://www.damnvulnerablelinux.org/<br />
 ==Test sites / testing grounds==
-SPI Dynamics (live) - http://zero.webappsecurity.com/<br/ >
+SPI Dynamics (live) - http://zero.webappsecurity.com/<br />
-Cenzic (live) - http://crackme.cenzic.com/<br/ >
+Cenzic (live) - http://crackme.cenzic.com/<br />
-Watchfire (live) - http://demo.testfire.net/<br/ >
+Watchfire (live) - http://demo.testfire.net/<br />
-Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com<br/ >
+Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com<br />
-WebMaven / Buggy Bank (includes live testsite) - http://www.mavensecurity.com/webmaven<br/ >
+WebMaven / Buggy Bank (includes live testsite) - http://www.mavensecurity.com/webmaven<br />
-Foundstone SASS tools - http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/s3i_tools.htm<br/ >
+Foundstone SASS tools - http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/s3i_tools.htm<br />
-OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project<br/ >
+OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project<br />
-OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator<br/ >
+OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator<br />
-Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/<br/ >
+Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/<br />
-SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/<br/ >
+SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/<br />
 ==HTTP proxying / editing==
-WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project<br/ >
+WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project<br />
-Burp - http://www.portswigger.net/<br/ >
+Burp - http://www.portswigger.net/<br />
-Paros - http://www.parosproxy.org/<br/ >
+Paros - http://www.parosproxy.org/<br />
-Fiddler - http://www.fiddlertool.com/<br/ >
+Fiddler - http://www.fiddlertool.com/<br />
-Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/<br/ >
+Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/<br />
-Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project<br/ >
+Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project<br />
-Suru - http://www.sensepost.com/research/suru/<br/ >
+Suru - http://www.sensepost.com/research/suru/<br />
-httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/<br/ >
+httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/<br />
-Charles - http://www.xk72.com/charles/<br/ >
+Charles - http://www.xk72.com/charles/<br />
-Odysseus - http://www.bindshell.net/tools/odysseus<br/ >
+Odysseus - http://www.bindshell.net/tools/odysseus<br />
-Burp, Paros, and WebScarab for Mac OS X - http://www.corsaire.com/downloads/<br/ >
+Burp, Paros, and WebScarab for Mac OS X - http://www.corsaire.com/downloads/<br />
-Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/<br/ >
+Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/<br />
-JS Commander - http://jscmd.rubyforge.org/<br/ >
+JS Commander - http://jscmd.rubyforge.org/<br />
 ==RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools==
-Wfuzz - http://www.edge-security.com/wfuzz.php<br/ >
+Wfuzz - http://www.edge-security.com/wfuzz.php<br />
-ProxMon - http://www.isecpartners.com/proxmon.html<br/ >
+ProxMon - http://www.isecpartners.com/proxmon.html<br />
-Wapiti - http://wapiti.sourceforge.net/<br/ >
+Wapiti - http://wapiti.sourceforge.net/<br />
-Grabber - http://rgaucher.info/beta/grabber/<br/ >
+Grabber - http://rgaucher.info/beta/grabber/<br />
-XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py<br/ >
+XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py<br />
-CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project<br/ >
+CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project<br />
-HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm<br/ >
+HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm<br />
-JBroFuzz - http://sourceforge.net/projects/jbrofuzz<br/ >
+JBroFuzz - http://sourceforge.net/projects/jbrofuzz<br />
-XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/<br/ >
+XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/<br />
-WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/<br/ >
+WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/<br />
-Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/<br/ >
+Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/<br />
-[TGZ] MielieTool (SensePost Research) - http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz<br/ >
+[TGZ] MielieTool (SensePost Research) - http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz<br />
-RegFuzzer: test your regular expression filter - http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter<br/ >
+RegFuzzer: test your regular expression filter - http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter<br />
-screamingCobra - http://www.dachb0den.com/projects/screamingcobra.html<br/ >
+screamingCobra - http://www.dachb0den.com/projects/screamingcobra.html<br />
-SPIKE and SPIKE Proxy - http://immunitysec.com/resources-freesoftware.shtml<br/ >
+SPIKE and SPIKE Proxy - http://immunitysec.com/resources-freesoftware.shtml<br />
-RFuzz - http://rfuzz.rubyforge.org/<br/ >
+RFuzz - http://rfuzz.rubyforge.org/<br />
-WebFuzz - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999<br/ >
+WebFuzz - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999<br />
-TestMaker - http://www.pushtotest.com/Docs/downloads/features.html<br/ >
+TestMaker - http://www.pushtotest.com/Docs/downloads/features.html<br />
-ASP Auditor - http://michaeldaw.org/projects/asp-auditor-v2/<br/ >
+ASP Auditor - http://michaeldaw.org/projects/asp-auditor-v2/<br />
-WSTool - http://wstool.sourceforge.net/<br/ >
+WSTool - http://wstool.sourceforge.net/<br />
-Web Hack Control Center (WHCC) - http://ussysadmin.com/whcc/<br/ >
+Web Hack Control Center (WHCC) - http://ussysadmin.com/whcc/<br />
-Web Text Converter - http://www.microsoft.com/mspress/companion/0-7356-2187-X/<br/ >
+Web Text Converter - http://www.microsoft.com/mspress/companion/0-7356-2187-X/<br />
-HackBar (Firefox Add-on) - https://addons.mozilla.org/firefox/3899/<br/ >
+HackBar (Firefox Add-on) - https://addons.mozilla.org/firefox/3899/<br />
-Net-Force Tools (NF-Tools, Firefox Add-on) - http://www.net-force.nl/library/downloads/<br/ >
+Net-Force Tools (NF-Tools, Firefox Add-on) - http://www.net-force.nl/library/downloads/<br />
-PostIntercepter (Greasemonkey script) - http://userscripts.org/scripts/show/743<br/ >
+PostIntercepter (Greasemonkey script) - http://userscripts.org/scripts/show/743<br />
 ==HTTP general testing / fingerprinting==
-Wbox: HTTP testing tool - http://hping.org/wbox/<br/ >
+Wbox: HTTP testing tool - http://hping.org/wbox/<br />
-ht://Check - http://htcheck.sourceforge.net/<br/ >
+ht://Check - http://htcheck.sourceforge.net/<br />
-Mumsie - http://www.lurhq.com/tools/mumsie.html<br/ >
+Mumsie - http://www.lurhq.com/tools/mumsie.html<br />
-WebInject - http://www.webinject.org/<br/ >
+WebInject - http://www.webinject.org/<br />
-Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/<br/ >
+Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/<br />
-JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/<br/ >
+JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/<br />
-OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/<br/ >
+OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/<br />
-Load-balancing detector - http://ge.mine.nu/lbd.html<br/ >
+Load-balancing detector - http://ge.mine.nu/lbd.html<br />
-HMAP - http://ujeni.murkyroc.com/hmap/<br/ >
+HMAP - http://ujeni.murkyroc.com/hmap/<br />
-Net-Square: httprint - http://net-square.com/httprint/<br/ >
+Net-Square: httprint - http://net-square.com/httprint/<br />
-Wpoison: http stress testing - http://wpoison.sourceforge.net/<br/ >
+Wpoison: http stress testing - http://wpoison.sourceforge.net/<br />
-Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml<br/ >
+Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml<br />
-hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/<br/ >
+hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/<br />
-rfp.labs: LibWhisker - http://www.wiretrip.net/rfp/lw.asp<br/ >
+rfp.labs: LibWhisker - http://www.wiretrip.net/rfp/lw.asp<br />
-Nikto - http://www.cirt.net/code/nikto.shtml<br/ >
+Nikto - http://www.cirt.net/code/nikto.shtml<br />
-twill - http://twill.idyll.org/<br/ >
+twill - http://twill.idyll.org/<br />
-DirBuster - http://www.sittinglittleduck.com/DirBuster/<br/ >
+DirBuster - http://www.sittinglittleduck.com/DirBuster/<br />
-[ZIP] DFF Scanner - http://security-net.biz/files/dff/DFF.zip<br/ >
+[ZIP] DFF Scanner - http://security-net.biz/files/dff/DFF.zip<br />
-[ZIP] The Elza project - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html<br/ >
+[ZIP] The Elza project - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html<br />
 ==Browser-based HTTP tampering / editing / replaying==
-TamperIE - http://www.bayden.com/Other/<br/ >
+TamperIE - http://www.bayden.com/Other/<br />
-isr-form - http://www.infobyte.com.ar/developments.html<br/ >
+isr-form - http://www.infobyte.com.ar/developments.html<br />
-Modify Headers (Firefox Add-on) - http://modifyheaders.mozdev.org/<br/ >
+Modify Headers (Firefox Add-on) - http://modifyheaders.mozdev.org/<br />
-Tamper Data (Firefox Add-on) - http://tamperdata.mozdev.org/<br/ >
+Tamper Data (Firefox Add-on) - http://tamperdata.mozdev.org/<br />
-UrlParams (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1290/<br/ >
+UrlParams (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1290/<br />
-TestGen4Web (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1385/<br/ >
+TestGen4Web (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1385/<br />
-DOM Inspector / Inspect This (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/<br/ >
+DOM Inspector / Inspect This (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/<br />
-LiveHTTPHeaders / Header Monitor (Firefox Add-on) - http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/<br/ >
+LiveHTTPHeaders / Header Monitor (Firefox Add-on) - http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/<br />
 ==Cookie editing / poisoning==
-[TGZ] stompy: session id tool - http://lcamtuf.coredump.cx/stompy.tgz<br/ >
+[TGZ] stompy: session id tool - http://lcamtuf.coredump.cx/stompy.tgz<br />
-Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/<br/ >
+Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/<br />
-CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/<br/ >
+CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/<br />
-CookiePie (Firefox Add-on) - http://www.nektra.com/oss/firefox/extensions/cookiepie/<br/ >
+CookiePie (Firefox Add-on) - http://www.nektra.com/oss/firefox/extensions/cookiepie/<br />
-CookieSpy - http://www.codeproject.com/shell/cookiespy.asp<br/ >
+CookieSpy - http://www.codeproject.com/shell/cookiespy.asp<br />
-Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx<br/ >
+Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx<br />
 ==Ajax and XHR scanning==
-Sahi - http://sahi.co.in/<br/ >
+Sahi - http://sahi.co.in/<br />
-scRUBYt - http://scrubyt.org/<br/ >
+scRUBYt - http://scrubyt.org/<br />
-jQuery - http://jquery.com/<br/ >
+jQuery - http://jquery.com/<br />
-jquery-include - http://www.gnucitizen.org/projects/jquery-include<br/ >
+jquery-include - http://www.gnucitizen.org/projects/jquery-include<br />
-Sprajax - http://www.denimgroup.com/sprajax.html<br/ >
+Sprajax - http://www.denimgroup.com/sprajax.html<br />
-Watir - http://wtr.rubyforge.org/<br/ >
+Watir - http://wtr.rubyforge.org/<br />
-Watij - http://watij.com/<br/ >
+Watij - http://watij.com/<br />
-Watin - http://watin.sourceforge.net/<br/ >
+Watin - http://watin.sourceforge.net/<br />
-RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/<br/ >
+RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/<br />
-SpiderTest (Spider Fuzz plugin) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin<br/ >
+SpiderTest (Spider Fuzz plugin) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin<br />
-Javascript Inline Debugger (jasildbg) - http://jasildbg.googlepages.com/<br/ >
+Javascript Inline Debugger (jasildbg) - http://jasildbg.googlepages.com/<br />
-Firebug Lite - http://www.getfirebug.com/lite.html<br/ >
+Firebug Lite - http://www.getfirebug.com/lite.html<br />
-firewaitr - http://code.google.com/p/firewatir/<br/ >
+firewaitr - http://code.google.com/p/firewatir/<br />
 ==RSS extensions and caching==
-LiveLines (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/324/<br/ >
+LiveLines (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/324/<br />
-rss-cache - http://www.dubfire.net/chris/projects/rss-cache/<br/ >
+rss-cache - http://www.dubfire.net/chris/projects/rss-cache/<br />
 ==SQL injection scanning==
-x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php<br/ >
+x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php<br />
-SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project<br/ >
+SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project<br />
-sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/<br/ >
+sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/<br />
-JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html<br/ >
+JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html<br />
-BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html<br/ >
+BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html<br />
-sqlmap - http://sqlmap.sourceforge.net/<br/ >
+sqlmap - http://sqlmap.sourceforge.net/<br />
-Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/<br/ >
+Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/<br />
-FG-Injector - http://www.flowgate.net/?lang=en&seccion=herramientas<br/ >
+FG-Injector - http://www.flowgate.net/?lang=en&seccion=herramientas<br />
-PRIAMOS - http://www.priamos-project.com/<br/ >
+PRIAMOS - http://www.priamos-project.com/<br />
 ==Web application security malware, backdoors, and evil code==
-W3AF: Web Application Attack and Audit Framework - http://w3af.sourceforge.net/<br/ >
+W3AF: Web Application Attack and Audit Framework - http://w3af.sourceforge.net/<br />
-Jikto - http://busin3ss.name/jikto-in-the-wild/<br/ >
+Jikto - http://busin3ss.name/jikto-in-the-wild/<br />
-XSS Shell - http://ferruh.mavituna.com/article/?1338<br/ >
+XSS Shell - http://ferruh.mavituna.com/article/?1338<br />
-XSS-Proxy - http://xss-proxy.sourceforge.net<br/ >
+XSS-Proxy - http://xss-proxy.sourceforge.net<br />
-AttackAPI - http://www.gnucitizen.org/projects/attackapi/<br/ >
+AttackAPI - http://www.gnucitizen.org/projects/attackapi/<br />
-FFsniFF - http://azurit.elbiahosting.sk/ffsniff/<br/ >
+FFsniFF - http://azurit.elbiahosting.sk/ffsniff/<br />
-HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/<br/ >
+HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/<br />
-BeEF - http://www.bindshell.net/tools/beef/<br/ >
+BeEF - http://www.bindshell.net/tools/beef/<br />
-Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/<br/ >
+Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/<br />
-What is my IP address? - http://reglos.de/myaddress/<br/ >
+What is my IP address? - http://reglos.de/myaddress/<br />
-xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm<br/ >
+xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm<br />
-SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/<br/ >
+SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/<br />
-Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval<br/ >
+Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval<br />
-Technika - http://www.gnucitizen.org/projects/technika/<br/ >
+Technika - http://www.gnucitizen.org/projects/technika/<br />
-Load-AttackAPI bookmarklet - http://www.gnucitizen.org/projects/load-attackapi-bookmarklet<br/ >
+Load-AttackAPI bookmarklet - http://www.gnucitizen.org/projects/load-attackapi-bookmarklet<br />
-MD's Projects: JS port scanner, pinger, backdoors, etc - http://michaeldaw.org/my-projects/<br/ >
+MD's Projects: JS port scanner, pinger, backdoors, etc - http://michaeldaw.org/my-projects/<br />
 ==Web application services that aid in web application security assessment==
-Netcraft - http://www.netcraft.net<br/ >
+Netcraft - http://www.netcraft.net<br />
-AboutURL - http://www.abouturl.com/<br/ >
+AboutURL - http://www.abouturl.com/<br />
-The Scrutinizer - http://www.scrutinizethis.com/<br/ >
+The Scrutinizer - http://www.scrutinizethis.com/<br />
-net.toolkit - http://clez.net/<br/ >
+net.toolkit - http://clez.net/<br />
-ServerSniff - http://www.serversniff.net/<br/ >
+ServerSniff - http://www.serversniff.net/<br />
-Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/<br/ >
+Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/<br />
-Webmaster-Toolkit - http://www.webmaster-toolkit.com/<br/ >
+Webmaster-Toolkit - http://www.webmaster-toolkit.com/<br />
-myIPNeighbbors, et al - http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address<br/ >
+myIPNeighbbors, et al - http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address<br />
-PHP charset encoding - http://h4k.in/encoding<br/ >
+PHP charset encoding - http://h4k.in/encoding<br />
-data: URL testcases - http://h4k.in/dataurl<br/ >
+data: URL testcases - http://h4k.in/dataurl<br />
 ==Browser-based security fuzzing / checking==
-Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi<br/ >
+Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi<br />
-hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/<br/ >
+hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/<br />
-Peach Fuzzer Framework - http://peachfuzz.sourceforge.net/<br/ >
+Peach Fuzzer Framework - http://peachfuzz.sourceforge.net/<br />
-TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html<br/ >
+TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html<br />
-PROTOS Test-Suite: c05-http-reply - http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html<br/ >
+PROTOS Test-Suite: c05-http-reply - http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html<br />
-COMRaider - http://labs.idefense.com<br/ >
+COMRaider - http://labs.idefense.com<br />
-bcheck - http://bcheck.scanit.be/bcheck/<br/ >
+bcheck - http://bcheck.scanit.be/bcheck/<br />
-Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects<br/ >
+Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects<br />
-LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp<br/ >
+LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp<br />
-BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/<br/ >
+BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/<br />
-Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php<br/ >
+Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php<br />
-Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7<br/ >
+Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7<br />
-Javascript Website Login Checker - http://ha.ckers.org/weird/javascript-website-login-checker.html<br/ >
+Javascript Website Login Checker - http://ha.ckers.org/weird/javascript-website-login-checker.html<br />
-Mozilla Activex - http://www.iol.ie/~locka/mozilla/mozilla.htm<br/ >
+Mozilla Activex - http://www.iol.ie/~locka/mozilla/mozilla.htm<br />
-Jungsonn's Black Dragon Project - http://blackdragon.jungsonnstudios.com/<br/ >
+Jungsonn's Black Dragon Project - http://blackdragon.jungsonnstudios.com/<br />
-Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - http://ha.ckers.org/mr-t/<br/ >
+Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - http://ha.ckers.org/mr-t/<br />
-Vulnerable Adobe Plugin Detection For UXSS PoC - http://www.0x000000.com/?i=324<br/ >
+Vulnerable Adobe Plugin Detection For UXSS PoC - http://www.0x000000.com/?i=324<br />
-About Flash: is your flash up-to-date? - http://www.macromedia.com/software/flash/about/<br/ >
+About Flash: is your flash up-to-date? - http://www.macromedia.com/software/flash/about/<br />
-Test your installation of Java software - http://java.com/en/download/installed.jsp?detect=jre&try=1<br/ >
+Test your installation of Java software - http://java.com/en/download/installed.jsp?detect=jre&try=1<br />
 ==PHP static analysis and file inclusion scanning==
-PHP-SAT.org: Static analysis for PHP - http://www.program-transformation.org/PHP/<br/ >
+PHP-SAT.org: Static analysis for PHP - http://www.program-transformation.org/PHP/<br />
 Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php
-<br/ >
+<br />
 FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25<br/>
-PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit<br/ >
+PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit<br />
 ==Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources==
-APIDS on Wikipedia - http://en.wikipedia.org/wiki/APIDS<br/ >
+APIDS on Wikipedia - http://en.wikipedia.org/wiki/APIDS<br />
-PHP Intrusion Detection System (PHP-IDS) - http://php-ids.org/ http://code.google.com/p/phpids/<br/ >
+PHP Intrusion Detection System (PHP-IDS) - http://php-ids.org/ http://code.google.com/p/phpids/<br />
-dotnetids - http://code.google.com/p/dotnetids/<br/ >
+dotnetids - http://code.google.com/p/dotnetids/<br />
-Secure Science InterScout - http://www.securescience.com/home/newsandevents/news/interscout1.0.html<br/ >
+Secure Science InterScout - http://www.securescience.com/home/newsandevents/news/interscout1.0.html<br />
-Remo: whitelist rule editor for mod_security - http://remo.netnea.com/<br/ >
+Remo: whitelist rule editor for mod_security - http://remo.netnea.com/<br />
-GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules<br/ >
+GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules<br />
-The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/<br/ >
+The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/<br />
-mod_security rules generator - http://noeljackson.com/tools/modsecurity/<br/ >
+mod_security rules generator - http://noeljackson.com/tools/modsecurity/<br />
-Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3<br/ >
+Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3<br />
-[TGZ] Automatic Rules Generation for Mod_Security - http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz<br/ >
+[TGZ] Automatic Rules Generation for Mod_Security - http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz<br />
-AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99<br/ >
+AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99<br />
-Akismet: blog spam defense - http://akismet.com/<br/ >
+Akismet: blog spam defense - http://akismet.com/<br />
-Samoa: Formal tools for securing web services - http://research.microsoft.com/projects/samoa/<br/ >
+Samoa: Formal tools for securing web services - http://research.microsoft.com/projects/samoa/<br />
 ==Web services enumeration / scanning / fuzzing==
-WebServiceStudio2.0 - http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=65a1d4ea-0f7a-41bd-8494-e916ebc4159c<br/ >
+WebServiceStudio2.0 - http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=65a1d4ea-0f7a-41bd-8494-e916ebc4159c<br />
-Net-square: wsChess - http://net-square.com/wschess/index.shtml<br/ >
+Net-square: wsChess - http://net-square.com/wschess/index.shtml<br />
-WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project<br/ >
+WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project<br />
-SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm<br/ >
+SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm<br />
-iSecPartners: WSMap, WSBang, etc - http://www.isecpartners.com/tools.html<br/ >
+iSecPartners: WSMap, WSBang, etc - http://www.isecpartners.com/tools.html<br />
 ==Web application non-specific static source-code analysis==
-Pixy: a static analysis tool for detecting XSS vulnerabilities - http://www.seclab.tuwien.ac.at/projects/pixy/<br/ >
+Pixy: a static analysis tool for detecting XSS vulnerabilities - http://www.seclab.tuwien.ac.at/projects/pixy/<br />
-Brixoft.Net: Source Edit - http://www.brixoft.net/prodinfo.asp?id=1<br/ >
+Brixoft.Net: Source Edit - http://www.brixoft.net/prodinfo.asp?id=1<br />
-Security compass web application auditing tools (SWAAT) - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project<br/ >
+Security compass web application auditing tools (SWAAT) - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project<br />
-An even more complete list here - http://www.cs.cmu.edu/~aldrich/courses/654/tools/<br/ >
+An even more complete list here - http://www.cs.cmu.edu/~aldrich/courses/654/tools/<br />
-A nice list that claims some demos available - http://www.cs.cmu.edu/~aldrich/courses/413/tools.html<br/ >
+A nice list that claims some demos available - http://www.cs.cmu.edu/~aldrich/courses/413/tools.html<br />
-A smaller, but also good list - http://spinroot.com/static/<br/ >
+A smaller, but also good list - http://spinroot.com/static/<br />
 ==Static analysis for C/C++ (CGI, ISAPI, etc) in web applications==
-RATS - http://www.securesoftware.com/resources/download_rats.html<br/ >
+RATS - http://www.securesoftware.com/resources/download_rats.html<br />
-ITS4 - http://www.cigital.com/its4/<br/ >
+ITS4 - http://www.cigital.com/its4/<br />
-FlawFinder - http://www.dwheeler.com/flawfinder/<br/ >
+FlawFinder - http://www.dwheeler.com/flawfinder/<br />
-Splint - http://www.splint.org/<br/ >
+Splint - http://www.splint.org/<br />
-Uno - http://spinroot.com/uno/<br/ >
+Uno - http://spinroot.com/uno/<br />
-BOON (Buffer Overrun detectiON) - http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net<br/ >
+BOON (Buffer Overrun detectiON) - http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net<br />
-Valgrind - http://www.valgrind.org/<br/ >
+Valgrind - http://www.valgrind.org/<br />
 ==Java static analysis, security frameworks, and web application security tools==
-HDIV Struts - http://hdiv.org/<br/ >
+HDIV Struts - http://hdiv.org/<br />
-Orizon - http://sourceforge.net/projects/orizon/<br/ >
+Orizon - http://sourceforge.net/projects/orizon/<br />
-FindBugs: Find bugs in Java programs - http://findbugs.sourceforge.net/<br/ >
+FindBugs: Find bugs in Java programs - http://findbugs.sourceforge.net/<br />
-PMD - http://pmd.sourceforge.net/<br/ >
+PMD - http://pmd.sourceforge.net/<br />
-CUTE: A Concolic Unit Testing Engine for C and Java - http://osl.cs.uiuc.edu/~ksen/cute/<br/ >
+CUTE: A Concolic Unit Testing Engine for C and Java - http://osl.cs.uiuc.edu/~ksen/cute/<br />
-EMMA - http://emma.sourceforge.net/<br/ >
+EMMA - http://emma.sourceforge.net/<br />
-JLint - http://jlint.sourceforge.net/<br/ >
+JLint - http://jlint.sourceforge.net/<br />
-Java PathFinder - http://javapathfinder.sourceforge.net/<br/ >
+Java PathFinder - http://javapathfinder.sourceforge.net/<br />
-Fujaba: Move between UML and Java source code - http://wwwcs.uni-paderborn.de/cs/fujaba/<br/ >
+Fujaba: Move between UML and Java source code - http://wwwcs.uni-paderborn.de/cs/fujaba/<br />
-Checkstyle - http://checkstyle.sourceforge.net/<br/ >
+Checkstyle - http://checkstyle.sourceforge.net/<br />
-Cookie Revolver Security Framework - http://sourceforge.net/projects/cookie-revolver<br/ >
+Cookie Revolver Security Framework - http://sourceforge.net/projects/cookie-revolver<br />
-tinapoc - http://sourceforge.net/projects/tinapoc<br/ >
+tinapoc - http://sourceforge.net/projects/tinapoc<br />
-jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html<br/ >
+jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html<br />
-Solex - http://solex.sourceforge.net/<br/ >
+Solex - http://solex.sourceforge.net/<br />
-Java Explorer - http://metal.hurlant.com/jexplore/<br/ >
+Java Explorer - http://metal.hurlant.com/jexplore/<br />
-HTTPClient - http://www.innovation.ch/java/HTTPClient/<br/ >
+HTTPClient - http://www.innovation.ch/java/HTTPClient/<br />
-another HttpClient - http://jakarta.apache.org/commons/httpclient/<br/ >
+another HttpClient - http://jakarta.apache.org/commons/httpclient/<br />
-a list of code coverage and analysis tools for Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html<br/ >
+a list of code coverage and analysis tools for Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html<br />
 ==Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET==
-Orcas - http://msdn.microsoft.com/vstudio/express/future/downloads/default.aspx<br/ >
+Orcas - http://msdn.microsoft.com/vstudio/express/future/downloads/default.aspx<br />
-Web Development Helper - http://www.nikhilk.net/Project.WebDevHelper.aspx<br/ >
+Web Development Helper - http://www.nikhilk.net/Project.WebDevHelper.aspx<br />
-FxCop - http://blogs.msdn.com/fxcop/ http://www.gotdotnet.com/team/fxcop/<br/ >
+FxCop - http://blogs.msdn.com/fxcop/ http://www.gotdotnet.com/team/fxcop/<br />
-Microsoft Application Verifier - http://www.microsoft.com/technet/prodtechnol/windows/appcompatibility/appverifier.mspx<br/ >
+Microsoft Application Verifier - http://www.microsoft.com/technet/prodtechnol/windows/appcompatibility/appverifier.mspx<br />
-Microsoft internal tools you can't have yet - http://www.microsoft.com/windows/cse/pa_projects.mspx http://research.microsoft.com/Pex/ http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf<br/ >
+Microsoft internal tools you can't have yet - http://www.microsoft.com/windows/cse/pa_projects.mspx http://research.microsoft.com/Pex/ http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf<br />
 ==Threat modeling==
-Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en<br/ >
+Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en<br />
-Amenaza: Attack Tree Modeling (SecurITree) - http://www.amenaza.com/software.php<br/ >
+Amenaza: Attack Tree Modeling (SecurITree) - http://www.amenaza.com/software.php<br />
-Octotrike - http://www.octotrike.org/<br/ >
+Octotrike - http://www.octotrike.org/<br />
 ==Add-ons for Firefox that help with general web application security==
-Web Developer Toolbar - https://addons.mozilla.org/firefox/60/<br/ >
+Web Developer Toolbar - https://addons.mozilla.org/firefox/60/<br />
-Plain Old Webserver (POW) - https://addons.mozilla.org/firefox/3002/<br/ >
+Plain Old Webserver (POW) - https://addons.mozilla.org/firefox/3002/<br />
-XML Developer Toolbar - https://addons.mozilla.org/firefox/2897/<br/ >
+XML Developer Toolbar - https://addons.mozilla.org/firefox/2897/<br />
-Public Fox - https://addons.mozilla.org/firefox/3911/<br/ >
+Public Fox - https://addons.mozilla.org/firefox/3911/<br />
-XForms Buddy - http://beaufour.dk/index.php?sec=misc&pagename=xforms<br/ >
+XForms Buddy - http://beaufour.dk/index.php?sec=misc&pagename=xforms<br />
-MR Tech Local Install - http://www.mrtech.com/extensions/local_install/<br/ >
+MR Tech Local Install - http://www.mrtech.com/extensions/local_install/<br />
-Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html<br/ >
+Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html<br />
-IE Tab - https://addons.mozilla.org/firefox/1419/<br/ >
+IE Tab - https://addons.mozilla.org/firefox/1419/<br />
-User-Agent Switcher - https://addons.mozilla.org/firefox/59/<br/ >
+User-Agent Switcher - https://addons.mozilla.org/firefox/59/<br />
-ServerSwitcher - https://addons.mozilla.org/firefox/2409/<br/ >
+ServerSwitcher - https://addons.mozilla.org/firefox/2409/<br />
-HeaderMonitor - https://addons.mozilla.org/firefox/575/<br/ >
+HeaderMonitor - https://addons.mozilla.org/firefox/575/<br />
-RefControl - https://addons.mozilla.org/firefox/953/<br/ >
+RefControl - https://addons.mozilla.org/firefox/953/<br />
-refspoof - https://addons.mozilla.org/firefox/667/<br/ >
+refspoof - https://addons.mozilla.org/firefox/667/<br />
-No-Referrer - https://addons.mozilla.org/firefox/1999/<br/ >
+No-Referrer - https://addons.mozilla.org/firefox/1999/<br />
-LocationBar^2 - https://addons.mozilla.org/firefox/4014/<br/ >
+LocationBar^2 - https://addons.mozilla.org/firefox/4014/<br />
-SpiderZilla - http://spiderzilla.mozdev.org/<br/ >
+SpiderZilla - http://spiderzilla.mozdev.org/<br />
-Slogger - https://addons.mozilla.org/en-US/firefox/addon/143<br/ >
+Slogger - https://addons.mozilla.org/en-US/firefox/addon/143<br />
-Fire Encrypter - https://addons.mozilla.org/firefox/3208/<br/ >
+Fire Encrypter - https://addons.mozilla.org/firefox/3208/<br />
 ==Add-ons for Firefox that help with Javascript and Ajax web application security==
-Selenium IDE - http://www.openqa.org/selenium-ide/<br/ >
+Selenium IDE - http://www.openqa.org/selenium-ide/<br />
-Firebug - http://www.joehewitt.com/software/firebug/<br/ >
+Firebug - http://www.joehewitt.com/software/firebug/<br />
-Venkman - http://www.mozilla.org/projects/venkman/<br/ >
+Venkman - http://www.mozilla.org/projects/venkman/<br />
-Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/<br/ >
+Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/<br />
-Greasemonkey - http://www.greasespot.net/<br/ >
+Greasemonkey - http://www.greasespot.net/<br />
-Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/<br/ >
+Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/<br />
-User script compiler - http://arantius.com/misc/greasemonkey/script-compiler<br/ >
+User script compiler - http://arantius.com/misc/greasemonkey/script-compiler<br />
-Extension Developer's Extension (Firefox Add-on) - http://ted.mielczarek.org/code/mozilla/extensiondev/<br/ >
+Extension Developer's Extension (Firefox Add-on) - http://ted.mielczarek.org/code/mozilla/extensiondev/<br />
-Smart Middle Click (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/3885/<br/ >
+Smart Middle Click (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/3885/<br />
 ==Bookmarklets that aid in web application security==
-RSnake's security bookmarklets - http://ha.ckers.org/bookmarklets.html<br/ >
+RSnake's security bookmarklets - http://ha.ckers.org/bookmarklets.html<br />
-BMlets - http://optools.awardspace.com/bmlet.html<br/ >
+BMlets - http://optools.awardspace.com/bmlet.html<br />
-Huge list of bookmarklets - http://www.squarefree.com/bookmarklets/<br/ >
+Huge list of bookmarklets - http://www.squarefree.com/bookmarklets/<br />
 Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide
-rich functionality - http://www.blummy.com/<br/ >
+rich functionality - http://www.blummy.com/<br />
-Bookmarklets every blogger should have - http://www.micropersuasion.com/2005/10/bookmarklets_ev.html<br/ >
+Bookmarklets every blogger should have - http://www.micropersuasion.com/2005/10/bookmarklets_ev.html<br />
-Flat Bookmark Editing (Firefox Add-on) - http://n01se.net/chouser/proj/mozhack/<br/ >
+Flat Bookmark Editing (Firefox Add-on) - http://n01se.net/chouser/proj/mozhack/<br />
-OpenBook and Update Bookmark (Firefox Add-ons) - http://www.chuonthis.com/extensions/<br/ >
+OpenBook and Update Bookmark (Firefox Add-ons) - http://www.chuonthis.com/extensions/<br />
 ==SSL certificate checking / scanning==
-[ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip<br/ >
+[ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip<br />
-[ZIP] Foundstone SSLDigger - http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip<br/ >
+[ZIP] Foundstone SSLDigger - http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip<br />
-Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/<br/ >
+Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/<br />
 ==Honeyclients, Web Application, and Web Proxy honeypots==
-Honeyclient Project: an open-source honeyclient - http://www.honeyclient.org/trac/ <br/ >
+Honeyclient Project: an open-source honeyclient - http://www.honeyclient.org/trac/ <br />
-HoneyC: the low-interaction honeyclient - http://honeyc.sourceforge.net/<br/ >
+HoneyC: the low-interaction honeyclient - http://honeyc.sourceforge.net/<br />
-Capture: a high-interaction honeyclient - http://capture-hpc.sourceforge.net/<br/ >
+Capture: a high-interaction honeyclient - http://capture-hpc.sourceforge.net/<br />
-Google Hack Honeypot - http://ghh.sourceforge.net/<br/ >
+Google Hack Honeypot - http://ghh.sourceforge.net/<br />
-PHP.Hop - PHP Honeynet Project - http://www.rstack.org/phphop/<br/ >
+PHP.Hop - PHP Honeynet Project - http://www.rstack.org/phphop/<br />
-SpyBye - http://www.monkey.org/~provos/spybye/<br/ >
+SpyBye - http://www.monkey.org/~provos/spybye/<br />
-Honeytokens - http://www.securityfocus.com/infocus/1713<br/ >
+Honeytokens - http://www.securityfocus.com/infocus/1713<br />
 ==Blackhat SEO and maybe some whitehat SEO==
-SearchStatus (Firefox Add-on) - http://www.quirk.biz/searchstatus/<br/ >
+SearchStatus (Firefox Add-on) - http://www.quirk.biz/searchstatus/<br />
-SEO for Firefox (Firefox Add-on) - http://tools.seobook.com/firefox/seo-for-firefox.html<br/ >
+SEO for Firefox (Firefox Add-on) - http://tools.seobook.com/firefox/seo-for-firefox.html<br />
-SEOQuake (Firefox Add-on) - http://www.seoquake.com/<br/ >
+SEOQuake (Firefox Add-on) - http://www.seoquake.com/<br />
 ==Footprinting for web application security==
-Evolution - http://www.paterva.com/evolution-e.html<br/ >
+Evolution - http://www.paterva.com/evolution-e.html<br />
-GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/<br/ >
+GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/<br />
-Aura: Google API Utility Tools - http://www.sensepost.com/research/aura/<br/ >
+Aura: Google API Utility Tools - http://www.sensepost.com/research/aura/<br />
-Edge-Security tools - http://www.edge-security.com/soft.php<br/ >
+Edge-Security tools - http://www.edge-security.com/soft.php<br />
-Fierce Domain Scanner - http://ha.ckers.org/fierce/<br/ >
+Fierce Domain Scanner - http://ha.ckers.org/fierce/<br />
-Googlegath - http://www.nothink.org/perl/googlegath/<br/ >
+Googlegath - http://www.nothink.org/perl/googlegath/<br />
-Advanced Dork (Firefox Add-on) - https://addons.mozilla.org/firefox/2144/<br/ >
+Advanced Dork (Firefox Add-on) - https://addons.mozilla.org/firefox/2144/<br />
-Passive Cache (Firefox Add-on) - https://addons.mozilla.org/firefox/977/<br/ >
+Passive Cache (Firefox Add-on) - https://addons.mozilla.org/firefox/977/<br />
-CacheOut! (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1453/<br/ >
+CacheOut! (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1453/<br />
-BugMeNot Extension (Firefox Add-on) - http://roachfiend.com/archives/2005/02/07/bugmenot/<br/ >
+BugMeNot Extension (Firefox Add-on) - http://roachfiend.com/archives/2005/02/07/bugmenot/<br />
-TrashMail.net Extension (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1813/<br/ >
+TrashMail.net Extension (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1813/<br />
-DiggiDig (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2819/<br/ >
+DiggiDig (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2819/<br />
-Digger (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1467/<br/ >
+Digger (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1467/<br />
 ==Database security assessment==
-Scuba by Imperva Database Vulnerability Scanner - http://www.imperva.com/scuba/<br/ >
+Scuba by Imperva Database Vulnerability Scanner - http://www.imperva.com/scuba/<br />
 ==Browser Defenses==
-DieHard - http://www.diehard-software.org/<br/ >
+DieHard - http://www.diehard-software.org/<br />
-LocalRodeo (Firefox Add-on) - http://databasement.net/labs/localrodeo/<br/ >
+LocalRodeo (Firefox Add-on) - http://databasement.net/labs/localrodeo/<br />
-NoMoXSS - http://www.seclab.tuwien.ac.at/projects/jstaint/<br/ >
+NoMoXSS - http://www.seclab.tuwien.ac.at/projects/jstaint/<br />
-Request Rodeo - http://savannah.nongnu.org/projects/requestrodeo<br/ >
+Request Rodeo - http://savannah.nongnu.org/projects/requestrodeo<br />
-FlashBlock (Firefox Add-on) - http://flashblock.mozdev.org/<br/ >
+FlashBlock (Firefox Add-on) - http://flashblock.mozdev.org/<br />
-CookieSafe (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2497<br/ >
+CookieSafe (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2497<br />
-NoScript (Firefox Add-on) - http://www.noscript.net/<br/ >
+NoScript (Firefox Add-on) - http://www.noscript.net/<br />
-FormFox (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1579/<br/ >
+FormFox (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1579/<br />
-Adblock (Firefox Add-on) - http://adblock.mozdev.org/<br/ >
+Adblock (Firefox Add-on) - http://adblock.mozdev.org/<br />
-httpOnly in Firefox (Firefox Add-on) - http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html<br/ >
+httpOnly in Firefox (Firefox Add-on) - http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html<br />
-SafeCache (Firefox Add-on) - http://www.safecache.com/<br/ >
+SafeCache (Firefox Add-on) - http://www.safecache.com/<br />
-SafeHistory (Firefox Add-on) - http://www.safehistory.com/<br/ >
+SafeHistory (Firefox Add-on) - http://www.safehistory.com/<br />
-PrefBar (Firefox Add-on) - http://prefbar.mozdev.org/<br/ >
+PrefBar (Firefox Add-on) - http://prefbar.mozdev.org/<br />
-All-in-One Sidebar (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1027/<br/ >
+All-in-One Sidebar (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1027/<br />
-QArchive.org web file checker (Firefox Add-on) - https://addons.mozilla.org/firefox/4115/<br/ >
+QArchive.org web file checker (Firefox Add-on) - https://addons.mozilla.org/firefox/4115/<br />
-Update Notified (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2098/<br/ >
+Update Notified (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2098/<br />
-FireKeeper - http://firekeeper.mozdev.org/<br/ >
+FireKeeper - http://firekeeper.mozdev.org/<br />
 ==Browser Privacy==
-TrackMeNot (Firefox Add-on) - https://addons.mozilla.org/firefox/3173/<br/ >
+TrackMeNot (Firefox Add-on) - https://addons.mozilla.org/firefox/3173/<br />
-Privacy Bird - http://www.privacybird.com/<br/ >
+Privacy Bird - http://www.privacybird.com/<br />
 ==Application and protocol fuzzing (random instead of targeted)==
-Sulley - http://fuzzing.org/<br/ >
+Sulley - http://fuzzing.org/<br />
-taof: The Art of Fuzzing - http://sourceforge.net/projects/taof/<br/ >
+taof: The Art of Fuzzing - http://sourceforge.net/projects/taof/<br />
-zzuf: multipurpose fuzzer - http://sam.zoy.org/zzuf/<br/ >
+zzuf: multipurpose fuzzer - http://sam.zoy.org/zzuf/<br />
-autodafé: an act of software torture - http://autodafe.sourceforge.net/<br/ >
+autodafé: an act of software torture - http://autodafe.sourceforge.net/<br />
-EFS and GPF: Evolutionary Fuzzing System - http://www.appliedsec.com/resources.html<br/ >
+EFS and GPF: Evolutionary Fuzzing System - http://www.appliedsec.com/resources.html<br />