|
untidy
|
|
Hits: 13 |
|
Date added: 11/08/2007 |
|
untidy is a XML fuzzer. It takes an XML as input and generates a set of modified, potentially invalid XMLs based on the input. |
|
|
|
|
|
WSFuzzer
|
|
Hits: 39 |
|
Date added: 10/25/2007 |
|
The program currently targets Web Services. In the current version HTTP based SOAP services are the only supported targets. This tool was created based on, and to automate, some of the manual SOAP pen testing work we perform. This tool is NOT meant to be a replacement for solid manual human analysis, AAMOF we are conceptually against that. Please view WSFuzzer as a tool to augment analysis performed by competent and knowledgeable professionals. Web Services are not trivial in nature so expertise in this area is a must for proper pen testing.
Some of the features of WSFuzzer are:
‡ Attacks a web service based on either valid WSDL, a valid endpoint namespace, or it can try to intelligently detect WSDL for a given target. As of version 1.6 WSFuzzer includes a simple TCP port scanner.
‡ It gives you the ability to handle methods with multiple parameters. Each parameter is handled as a unique entity and can either be attacked or left alone. As of version 1.8.1 this was taken one step further, there are now 2 modes of attacking parameters. The traditional mode is unchanged and is now called individual mode due to the fact that each param is fuzzed individually. The new mode is simultaneous and attacks multiple parameters simultaneously with a given data set. See the usage examples below for more info.
‡ The fuzz generation (attack strings) consists of a combination of a dictionary file, some optional dynamic large injection patterns, and some optional method specific attacks including automated XXE and WSSE attack generation.
‡ The tool provides the option of using some IDS Evasion techniques which makes for a powerful security infrastructure (IDS/IPS) testing experience.
‡ A time measurement of each round trip between request and response is now provided to aid in results analysis.
To learn how to use go to: http://www.neurofuzz.com/modules/software/wsfuzzer.php
|
|
|
|
|
|
Web Server Retriever
hot!
|
|
Hits: 112 |
|
Date added: 09/14/2007 |
|
This tool will give you the web servers Type and version. Also IP will be collected. Nice Footprinting Tool for web security. |
|
|
|
|
|
|
XSSshell-xsstunnell
|
|
Hits: 38 |
|
Date added: 08/08/2007 |
|
XSS Tunneling is the tunneling of HTTP traffic through an opened XSS Channel. Thus any application with HTTP proxy support can tunnel its traffic through an XSS Channel (a channel opened by a tool like XSS Shell). White paper is explaining XSS Tunneling, benefits, real worlds examples and basic usage of XSS Tunnel (a local HTTP proxy for tunneling) tool. |
|
|
|
|
|
|
Pixy
hot!
|
|
Hits: 81 |
|
Date added: 06/23/2007 |
|
An Open-Source Vulnerability Scanner for PHP Applications. The Secure Systems Lab at the Technical University of Vienna has released the newest version of Pixy, an open-source vulnerability scanner. Here are some of the highlights:
* Detection of SQL injection and XSS vulnerabilities in PHP source code
* Automatic resolution of file inclusions
* Computation of dependence graphs that help you understand the causes of reported vulnerabilities
* Static analysis engine (flow-sensitive, interprocedural, context-sensitive)
* Platform-independent written in Java.
|
|
|
|
