Select a tag to browse associated projects and drill deeper into the tag cloud.
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to ... [More]
Ronin is a Ruby platform for exploit development and security research. Ronin allows for the rapid development and distribution of code, exploits or payloads over many common Source-Code-Management (SCM) systems.
WebSpidah is a tactical WASS (Web Application Security Scanner) written in PHP. It has an interactive shell as a user interface, much like the MSF, and a modularized, XML-based, vulnerability recon system. WebSpidah is released under the GPL license.
WebAppTools - the complex of programs and the knowledge base for the vulnerability analysis of the implementations and customizations of web-applications and web-servers. The given complex is intended for inventory and an security estimation of various (heterogeneous) web-applications. The ... [More]
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. ... [More]
This experimental Admin-Tool for the Content Management Systems WebsiteBaker or LEPTON CMS enable you to view the Bot-Trap Logfiles which are created by a special file of the Bot-Trap Project.
fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable. ... [More]