Projects

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting ... [More] from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. [Less]

The Dradis Framework

Dradis is an open source framework to enable effective information sharing, specially during security assessments. Our goals: Share the information effectively. Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems. Flexible: with a powerful and simple ... [More] extensions interface. Small and portable. You should be able to use it while on site (no outside connectivity). It should be OS independent (no two testers use the same OS). Some of the features: Platform independent Easy report generation: in Word, HTML, etc. Markup support for the notes: styles, images, links, etc. Integration with existing systems and tools: Burp Scanner, Metasploit, Nessus, NeXpose, Nikto, Nmap, OpenVAS, OSVDB, SureCheck, Vuln::DB, w3af, wXf [Less]

ThreadFix

ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and ... [More] applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts. [Less]

Panoptic

Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability.