https | Penetration Testing Tools

WebScarab

February 18, 2014Password Attacks, Sniffing/Spoofing, Web Applicationsfuzzing, gui, http, https, passwords, proxy, sniffing, webapps

WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

Webshag

February 18, 2014Web Applicationsenumeration, gui, http, https, portscanning, webapps

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.

Webshells

February 18, 2014Maintaining Accesshttp, https, postexploitation

A collection of webshells for ASP, ASPX, CFM, JSP, Perl, and PHP servers.

WebSlayer

February 18, 2014Web Applicationsfuzzing, gui, http, https, webapps

Webslayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc.

WebSploit

February 18, 2014Web Applicationsenumeration, http, https, vulnanalysis, webapps

WebSploit Is an open source project for web application assessments.

WPScan

February 18, 2014Web Applicationshttp, https, vulnanalysis, webapps

WPScan Package Description WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Source: http://wpscan.org/ WPScan Homepage | Kali wpscan Repo Author: The WPScan Team License: Other Tools included in the wpscan package wpscan – WordPress vulnerability scanner root@kali:~# wpscan –help _______________________________________________________________ …

XSSer

February 18, 2014Web Applicationsgui, http, https, vulnanalysis, webapps

Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

zaproxy

February 18, 2014Password Attacks, Sniffing/Spoofing, Web Applicationsfuzzing, gui, http, https, passwords, proxy, sniffing, vulnanalysis, webapps

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

DAVTest

February 16, 2014Web Applicationsexploitation, http, https, vulnanalysis, webapps

DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

Burp Suite

February 16, 2014Password Attacks, Sniffing/Spoofing, Web Applicationsfuzzing, gui, http, https, passwords, proxy, sniffing, vulnanalysis, webapps

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Tag: https

WebScarab

Webshag

Webshells

WebSlayer

WebSploit

WPScan

XSSer

zaproxy

DAVTest

Burp Suite

Tools Categories

Recent Additions

Tag: https

Tools Categories

Recent Additions

Tag Cloud