http | Penetration Testing Tools

jSQL

February 18, 2014Vulnerability Analysis, Web Applicationsgui, http, https, vulnanalysis, webapps

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

mitmproxy

February 18, 2014Sniffing/Spoofinghttp, https, proxy, sniffing, spoofing

mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly. Also shipped is mitmdump, the command-line version of mitmproxy, with the same functionality but without the frills.

Ncrack

February 18, 2014Password Attackshttp, https, passwords, smb

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients.

Paros

February 18, 2014Web Applicationsgui, http, https, infogathering, proxy, sniffing, webapps

A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.

phrasendrescher

February 18, 2014Password Attackshttp, mssql, passwords

phrasen|drescher (p|d) is a modular and multi processing pass phrase cracking tool. It comes with a number of plugins but a simple plugin API allows an easy development of new plugins.

plecost

February 18, 2014Web Applicationsenumeration, http, https, vulnanalysis, webapps

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin.

Powerfuzzer

February 18, 2014Vulnerability Analysis, Web Applicationsfuzzing, gui, http, vulnanalysis, webapps

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working.

ProxyStrike

February 18, 2014Web Applicationsenumeration, gui, http, https, proxy, sniffing, webapps

ProxyStrike is an active Web Application Proxy. It’s a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.

sqlmap

February 18, 2014Exploitation Tools, Vulnerability Analysis, Web Applicationsdatabase, db2, exploitation, http, mssql, mysql, oracle, postgresql, sqlite, vulnanalysis, webapps

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

SSLyze

February 18, 2014Information Gatheringhttp, infogathering, recon, ssl, webapps

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.

Tag: http

jSQL

mitmproxy

Ncrack

Paros

phrasendrescher

plecost

Powerfuzzer

ProxyStrike

sqlmap

SSLyze

Tools Categories

Recent Additions

Tag: http

Tools Categories

Recent Additions

Tag Cloud