Gui | Penetration Testing Tools

Uniscan

February 18, 2014portsWeb Applicationsgui, http, https, vulnanalysis, webapps

Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

Vega

February 18, 2014portsWeb Applicationsenumeration, gui, http, https, infogathering, vulnanalysis, webapps

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java.

w3af

February 18, 2014portsWeb Applicationsenumeration, exploitation, gui, http, https, vulnanalysis, webapps

w3af is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities. This package provides a graphical user interface (GUI) for the framework.

WebScarab

February 18, 2014portsPassword Attacks, Sniffing/Spoofing, Web Applicationsfuzzing, gui, http, https, passwords, proxy, sniffing, webapps

WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

Webshag

February 18, 2014portsWeb Applicationsenumeration, gui, http, https, portscanning, webapps

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.

WebSlayer

February 18, 2014portsWeb Applicationsfuzzing, gui, http, https, webapps

Webslayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc.

XSSer

February 18, 2014portsWeb Applicationsgui, http, https, vulnanalysis, webapps

Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Yersinia

February 18, 2014portsExploitation Tools, Sniffing/Spoofing, Vulnerability Analysisexploitation, gui, sniffing, spoofing, vulnanalysis

Yersinia is a framework for performing layer 2 attacks. It is designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.