Saturday, 1. October 2011
PowerFuzzer v1
Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and other

Download
http://narod.yandex.ru/disk/22405899001/powerfuzzer_v1_beta_patched_binary_installer_complete.exe

Permalink

 


Squeeza - Linux
squeeza is a tool that helps exploit SQL injection vulnerabilities in broken web applications. Its functionality is split into creating data on the database (by executing commands, copying in files, issuing new SQL queries) and extracting that data through various channels (dns, timing, http error messages)

Download
http://www.sensepost.com/cms/resources/labs/tools/pentest/squeeza/squeeza-0.22.tar.gz

Permalink

 


HP WebInspect
The HP application security solution includes tools for automating and managing application security testing, including static testing of source code in development and dynamic testing of applications running in QA or production. These tools enable you to protect your data, systems, and information from attack by building application security into development and then testing continuously for vulnerabilities. They also help you achieve and demonstrate compliance with government and industry regulations. Now part of the HP IT Performance Suite.

Download
https://download.hpsmartupdate.com/webinspect/WebInspectSetupPrereq.exe

Permalink

 


Friday, 23. September 2011
PenTBox
PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems.
Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works.

Download
http://www.pentbox.net/download-pentbox/

Permalink

 


Sunday, 18. September 2011
WAVSEP 1.0.3
Project WAVSEP currently includes the following test cases:
Vulnerabilities:

Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST )
Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST )
Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST )


False Positives:

7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )
10 different categories of false positive SQL Injection vulnerabilities (GET & POST)


Download
http://code.google.com/p/wavsep/downloads/list

Permalink

 


Thursday, 15. September 2011
Security Onion
The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools.

Download
http://sourceforge.net/projects/security-onion/files/20110913/

Permalink

 


Friday, 9. September 2011
XSSS - Scanning - Linux
Features

Crawl website
Detect forms and URLs with parameters
Fill in forms, alter parameters to include control characters
Scan web server response for our input

Download
http://www.sven.de/xsss/xsss-0.40b.tar.gz

Permalink

 


Monday, 5. September 2011
BackBox Linux 2
The BackBox team is proud to announce the release of BackBox. Linux 2.BackBox 2 features the following upstream components: Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8. BackBox is an Ubuntu-based distribution developed to perform penetration tests and security assessments. It is designed to be fast and easy to use. It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools.

Download
http://www.backbox.org/content/download

Permalink

 


Saturday, 3. September 2011
Vulnerability Master 1.0 - Scanner


Download
http://www.4shared.com/file/T-Fva57e/Vulnerability_Master_10.html?

Permalink

 


Thursday, 1. September 2011
XCode Scanning tool
XCode SQLi/LFI/XSS and Webshell Scanning tool

XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded.

Example

in dorks add

* /../../../../../../../../../../../../. . / .. / etc / passwd% 00 “> alert (” XSS Xcode Exploit Scanner detected “)

Output

www.target.com?blabla.php?=1234: SQLi Vulnerable.

Download
http://www.ziddu.com/download/16226093/XCodeExploitScannerSept2011.zip.html

Permalink