• Web安全工具大汇聚


    http://www.owasp.org/index.PHP/Phoenix/Tools

    http://sebug.net/paper/other/Web安全工具大汇聚.txt





    =========================
    LiveCDs


    Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - http://www.packetfocus.com/hackos/
    DVL (Damn Vulnerable Linux) - http://www.damnvulnerablelinux.org/


    Test sites / testing grounds


    SPI Dynamics (live) - http://zero.webappsecurity.com/
    Cenzic (live) - http://crackme.cenzic.com/
    Watchfire (live) - http://demo.testfire.net/
    Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com
    WebMaven / Buggy Bank - http://www.mavensecurity.com/webmaven
    Foundstone SASS tools - http://www.foundstone.com/us/resources-free-tools.asp
    Updated HackmeBank - http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
    OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project
    OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator
    Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/
    SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/


    HTTP proxying / editing


    WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
    Burp - http://www.portswigger.net/
    Paros - http://www.parosproxy.org/
    Fiddler - http://www.fiddlertool.com/
    Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
    Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
    Suru - http://www.sensepost.com/research/suru/
    httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/
    Charles - http://www.xk72.com/charles/
    Odysseus - http://www.bindshell.net/tools/odysseus
    Burp, Paros, and WebScarab for Mac OS X - http://www.corsaire.com/downloads/
    Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/
    JS Commander - http://jscmd.rubyforge.org/
    Ratproxy - http://code.google.com/p/ratproxy/


    RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools


    Wfuzz - http://www.edge-security.com/wfuzz.php
    ProxMon - http://www.isecpartners.com/proxmon.html
    Wapiti - http://wapiti.sourceforge.net/
    Grabber - http://rgaucher.info/beta/grabber/
    XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py
    CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
    HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm
    JBroFuzz - http://sourceforge.net/projects/jbrofuzz
    XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/
    WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/
    Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
    [TGZ] MielieTool (SensePost Research) - http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz
    RegFuzzer: test your regular expression filter - http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter
    screamingCobra - http://www.dachb0den.com/projects/screamingcobra.html
    SPIKE and SPIKE Proxy - http://immunitysec.com/resources-freesoftware.shtml
    RFuzz - http://rfuzz.rubyforge.org/
    WebFuzz - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999
    TestMaker - http://www.pushtotest.com/Docs/downloads/features.html
    ASP Auditor - http://michaeldaw.org/projects/asp-auditor-v2/
    WSTool - http://wstool.sourceforge.net/
    Web Hack Control Center (WHCC) - http://ussysadmin.com/whcc/
    Web Text Converter - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
    HackBar (Firefox Add-on) - https://addons.mozilla.org/firefox/3899/
    Net-Force Tools (NF-Tools, Firefox Add-on) - http://www.net-force.nl/library/downloads/
    PostIntercepter (Greasemonkey script) - http://userscripts.org/scripts/show/743


    HTTP general testing / fingerprinting


    Wbox: HTTP testing tool - http://hping.org/wbox/
    ht://Check - http://htcheck.sourceforge.net/
    Mumsie - http://www.lurhq.com/tools/mumsie.html
    WebInject - http://www.webinject.org/
    Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/
    JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/
    OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/
    Load-balancing detector - http://ge.mine.nu/lbd.html
    HMAP - http://ujeni.murkyroc.com/hmap/
    Net-Square: httprint - http://net-square.com/httprint/
    Wpoison: http stress testing - http://wpoison.sourceforge.net/
    Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml
    hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/
    rfp.labs: LibWhisker - http://www.wiretrip.net/rfp/lw.asp
    Nikto - http://www.cirt.net/code/nikto.shtml
    twill - http://twill.idyll.org/
    DirBuster - http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
    [ZIP] DFF Scanner - http://security-net.biz/files/dff/DFF.zip
    [ZIP] The Elza project - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html
    HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled - http://sf.net/projects/hackfox


    Browser-based HTTP tampering / editing / replaying


    TamperIE - http://www.bayden.com/Other/
    isr-form - http://www.infobyte.com.ar/developments.html
    Modify Headers (Firefox Add-on) - http://modifyheaders.mozdev.org/
    Tamper Data (Firefox Add-on) - http://tamperdata.mozdev.org/
    UrlParams (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1290/
    TestGen4Web (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1385/
    DOM Inspector / Inspect This (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/
    LiveHTTPHeaders / Header Monitor (Firefox Add-on) - http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/


    Cookie editing / poisoning


    [TGZ] stompy: session id tool - http://lcamtuf.coredump.cx/stompy.tgz
    Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/
    CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/
    CookiePie (Firefox Add-on) - http://www.nektra.com/oss/firefox/extensions/cookiepie/
    CookieSpy - http://www.codeproject.com/shell/cookiespy.asp
    Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx


    Ajax and XHR scanning


    Sahi - http://sahi.co.in/
    scRUBYt - http://scrubyt.org/
    jQuery - http://jquery.com/
    jquery-include - http://www.gnucitizen.org/projects/jquery-include
    Sprajax - http://www.denimgroup.com/sprajax.html
    Watir - http://wtr.rubyforge.org/
    Watij - http://watij.com/
    Watin - http://watin.sourceforge.net/
    RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/
    SpiderTest (Spider Fuzz plugin) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin
    Javascript Inline Debugger (jasildbg) - http://jasildbg.googlepages.com/
    Firebug Lite - http://www.getfirebug.com/lite.html
    firewaitr - http://code.google.com/p/firewatir/


    RSS extensions and caching


    LiveLines (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/324/
    rss-cache - http://www.dubfire.net/chris/projects/rss-cache/


    SQL injection scanning


    0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php
    SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
    sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/
    JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html
    BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html
    sqlmap - http://sqlmap.sourceforge.net/
    Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/
    FG-Injector - http://www.flowgate.net/?lang=en&seccion=herramientas
    PRIAMOS - http://www.priamos-project.com/


    Web application security malware, backdoors, and evil code


    W3AF: Web Application Attack and Audit Framework - http://w3af.sourceforge.net/
    Jikto - http://busin3ss.name/jikto-in-the-wild/
    XSS Shell - http://ferruh.mavituna.com/article/?1338
    XSS-Proxy - http://xss-proxy.sourceforge.net
    AttackAPI - http://www.gnucitizen.org/projects/attackapi/
    FFsniFF - http://azurit.elbiahosting.sk/ffsniff/
    HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/
    BeEF - http://www.bindshell.net/tools/beef/
    Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/
    What is my IP address? - http://reglos.de/myaddress/
    xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm
    SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/
    Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval
    Technika - http://www.gnucitizen.org/projects/technika/
    Load-AttackAPI bookmarklet - http://www.gnucitizen.org/projects/load-attackapi-bookmarklet
    MD's Projects: JS port scanner, pinger, backdoors, etc - http://michaeldaw.org/my-projects/


    Web application services that aid in web application security assessment


    Netcraft - http://www.netcraft.net
    AboutURL - http://www.abouturl.com/
    The Scrutinizer - http://www.scrutinizethis.com/
    net.toolkit - http://clez.net/
    ServerSniff - http://www.serversniff.net/
    Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/
    Webmaster-Toolkit - http://www.webmaster-toolkit.com/
    myIPNeighbbors, et al - http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
    PHP charset encoding - http://h4k.in/encoding
    data: URL testcases - http://h4k.in/dataurl


    Browser-based security fuzzing / checking


    Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi
    hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/
    Peach Fuzzer Framework - http://peachfuzz.sourceforge.net/
    TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html
    PROTOS Test-Suite: c05-http-reply - http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html
    COMRaider - http://labs.idefense.com
    bcheck - http://bcheck.scanit.be/bcheck/
    Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects
    LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp
    BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/
    Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php
    Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7
    Javascript Website Login Checker - http://ha.ckers.org/weird/javascript-website-login-checker.html
    Mozilla Activex - http://www.iol.ie/~locka/mozilla/mozilla.htm
    Jungsonn's Black Dragon Project - http://blackdragon.jungsonnstudios.com/
    Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - http://ha.ckers.org/mr-t/
    Vulnerable Adobe Plugin Detection For UXSS PoC - http://www.0x000000.com/?i=324
    About Flash: is your flash up-to-date? - http://www.macromedia.com/software/flash/about/
    Test your installation of Java software - http://java.com/en/download/installed.jsp?detect=jre&try=1
    WebPageFingerprint - Light-weight Greasemonkey Fuzzer - http://userscripts.org/scripts/show/30285


    PHP static analysis and file inclusion scanning


    PHP-SAT.org: Static analysis for PHP - http://www.program-transformation.org/PHP/
    Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php
    FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25
    PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit


    PHP Defensive Tools


    PHPInfoSec - Check phpinfo configuration for security - http://phpsec.org/projects/phpsecinfo/


    A Greasemonkey Replacement can be found at http://yehg.net/lab/#tools.greasemonkey
    Php-Brute-Force-Attack Detector - Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip
    PHP-Login-Info-Checker - Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlic


    http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip


    http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip
    php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. http://code.google.com/p/ddos-shield/
    PHPMySpamFIGHTER - http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar


    Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources


    APIDS on Wikipedia - http://en.wikipedia.org/wiki/APIDS
    PHP Intrusion Detection System (PHP-IDS) - http://php-ids.org/ http://code.google.com/p/phpids/
    dotnetids - http://code.google.com/p/dotnetids/
    Secure Science InterScout - http://www.securescience.com/home/newsandevents/news/interscout1.0.html
    Remo: whitelist rule editor for mod_security - http://remo.netnea.com/
    GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules
    The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/
    mod_security rules generator - http://noeljackson.com/tools/modsecurity/
    Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3
    [TGZ] Automatic Rules Generation for Mod_Security - http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz
    AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99
    Akismet: blog spam defense - http://akismet.com/
    Samoa: Formal tools for securing web services - http://research.microsoft.com/projects/samoa/


    Web services enumeration / scanning / fuzzing


    WebServiceStudio2.0 - http://www.codeplex.com/WebserviceStudio
    Net-square: wsChess - http://net-square.com/wschess/index.shtml
    WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
    SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm
    iSecPartners: WSMap, WSBang, etc - http://www.isecpartners.com/tools.html


    Web application non-specific static source-code analysis


    Pixy: a static analysis tool for detecting XSS vulnerabilities - http://www.seclab.tuwien.ac.at/projects/pixy/
    Brixoft.Net: Source Edit - http://www.brixoft.net/prodinfo.asp?id=1
    Security compass web application auditing tools (SWAAT) - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project
    An even more complete list here - http://www.cs.cmu.edu/~aldrich/courses/654/tools/
    A nice list that claims some demos available - http://www.cs.cmu.edu/~aldrich/courses/413/tools.html
    A smaller, but also good list - http://spinroot.com/static/
    Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. http://www.yasca.org/


    Static analysis for C/C++ (CGI, ISAPI, etc) in web applications


    RATS - http://www.securesoftware.com/resources/download_rats.html
    ITS4 - http://www.cigital.com/its4/
    FlawFinder - http://www.dwheeler.com/flawfinder/
    Splint - http://www.splint.org/
    Uno - http://spinroot.com/uno/
    BOON (Buffer Overrun detectiON) - http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net
    Valgrind - http://www.valgrind.org/


    Java static analysis, security frameworks, and web application security tools


    LAPSE - http://suif.stanford.edu/~livshits/work/lapse/
    HDIV Struts - http://hdiv.org/
    Orizon - http://sourceforge.net/projects/orizon/
    FindBugs: Find bugs in Java programs - http://findbugs.sourceforge.net/
    PMD - http://pmd.sourceforge.net/
    CUTE: A Concolic Unit Testing Engine for C and Java - http://osl.cs.uiuc.edu/~ksen/cute/
    EMMA - http://emma.sourceforge.net/
    JLint - http://jlint.sourceforge.net/
    Java PathFinder - http://javapathfinder.sourceforge.net/
    Fujaba: Move between UML and Java source code - http://wwwcs.uni-paderborn.de/cs/fujaba/
    Checkstyle - http://checkstyle.sourceforge.net/
    Cookie Revolver Security Framework - http://sourceforge.net/projects/cookie-revolver
    tinapoc - http://sourceforge.net/projects/tinapoc
    jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
    Solex - http://solex.sourceforge.net/
    Java Explorer - http://metal.hurlant.com/jexplore/
    HTTPClient - http://www.innovation.ch/java/HTTPClient/
    another HttpClient - http://jakarta.apache.org/commons/httpclient/
    a list of code coverage and analysis tools for Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html


    Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET


        * Visual Studio 2008 Code Analysis, available in:
              o VSTS 2008 Development Edition (http://msdn.microsoft.com/vsts2008/products/bb933752.aspx) and
              o VSTS 2008 Team Suite (http://msdn.microsoft.com/vsts2008/products/bb933735.aspx)
        * Visual Studio 2005 Code Analyzer, available in:
              o Visual Studio 2005 Team Edition for Software Developers (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)
              o Visual Studio 2005 Team Suite (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)
        * Web Development Helper - http://www.nikhilk.net/Project.WebDevHelper.aspx
        * FxCop:
              o (blog) http://blogs.msdn.com/fxcop/
              o (download) http://code.msdn.microsoft.com/codeanalysis
        * Microsoft internal tools you can't have yet:
              o http://www.microsoft.com/windows/cse/pa_projects.mspx
              o http://research.microsoft.com/Pex/
              o http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf


    Threat modeling


    Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
    Amenaza: Attack Tree Modeling (SecurITree) - http://www.amenaza.com/software.php
    Octotrike - http://www.octotrike.org/


    Add-ons for Firefox that help with general web application security


    Web Developer Toolbar - https://addons.mozilla.org/firefox/60/
    Plain Old Webserver (POW) - https://addons.mozilla.org/firefox/3002/
    XML Developer Toolbar - https://addons.mozilla.org/firefox/2897/
    Public Fox - https://addons.mozilla.org/firefox/3911/
    XForms Buddy - http://beaufour.dk/index.php?sec=misc&pagename=xforms
    MR Tech Local Install - http://www.mrtech.com/extensions/local_install/
    Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html
    IE Tab - https://addons.mozilla.org/firefox/1419/
    User-Agent Switcher - https://addons.mozilla.org/firefox/59/
    ServerSwitcher - https://addons.mozilla.org/firefox/2409/
    HeaderMonitor - https://addons.mozilla.org/firefox/575/
    RefControl - https://addons.mozilla.org/firefox/953/
    refspoof - https://addons.mozilla.org/firefox/667/
    No-Referrer - https://addons.mozilla.org/firefox/1999/
    LocationBar^2 - https://addons.mozilla.org/firefox/4014/
    SpiderZilla - http://spiderzilla.mozdev.org/
    Slogger - https://addons.mozilla.org/en-US/firefox/addon/143
    Fire Encrypter - https://addons.mozilla.org/firefox/3208/


    Add-ons for Firefox that help with Javascript and Ajax web application security


    Selenium IDE - http://www.openqa.org/selenium-ide/
    Firebug - http://www.joehewitt.com/software/firebug/
    Venkman - http://www.mozilla.org/projects/venkman/
    Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/
    Greasemonkey - http://www.greasespot.net/
    Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/
    User script compiler - http://arantius.com/misc/greasemonkey/script-compiler
    Extension Developer's Extension (Firefox Add-on) - http://ted.mielczarek.org/code/mozilla/extensiondev/
    Smart Middle Click (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/3885/


    Bookmarklets that aid in web application security


    RSnake's security bookmarklets - http://ha.ckers.org/bookmarklets.html
    BMlets - http://optools.awardspace.com/bmlet.html
    Huge list of bookmarklets - http://www.squarefree.com/bookmarklets/
    Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - http://www.blummy.com/
    Bookmarklets every blogger should have - http://www.micropersuasion.com/2005/10/bookmarklets_ev.html
    Flat Bookmark Editing (Firefox Add-on) - http://n01se.net/chouser/proj/mozhack/
    OpenBook and Update Bookmark (Firefox Add-ons) - http://www.chuonthis.com/extensions/


    SSL certificate checking / scanning


    [ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip
    [ZIP] Foundstone SSLDigger - http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip
    Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/


    Honeyclients, Web Application, and Web Proxy honeypots


    Honeyclient Project: an open-source honeyclient - http://www.honeyclient.org/trac/
    HoneyC: the low-interaction honeyclient - http://honeyc.sourceforge.net/
    Capture: a high-interaction honeyclient - http://capture-hpc.sourceforge.net/
    Google Hack Honeypot - http://ghh.sourceforge.net/
    PHP.Hop - PHP Honeynet Project - http://www.rstack.org/phphop/
    SpyBye - http://www.monkey.org/~provos/spybye/
    Honeytokens - http://www.securityfocus.com/infocus/1713


    Blackhat SEO and maybe some whitehat SEO


    SearchStatus (Firefox Add-on) - http://www.quirk.biz/searchstatus/
    SEO for Firefox (Firefox Add-on) - http://tools.seobook.com/firefox/seo-for-firefox.html
    SEOQuake (Firefox Add-on) - http://www.seoquake.com/


    Footprinting for web application security


    Evolution - http://www.paterva.com/evolution-e.html
    GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/
    Aura: Google API Utility Tools - http://www.sensepost.com/research/aura/
    Edge-Security tools - http://www.edge-security.com/soft.php
    Fierce Domain Scanner - http://ha.ckers.org/fierce/
    Googlegath - http://www.nothink.org/perl/googlegath/
    Advanced Dork (Firefox Add-on) - https://addons.mozilla.org/firefox/2144/
    Passive Cache (Firefox Add-on) - https://addons.mozilla.org/firefox/977/
    CacheOut! (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1453/
    BugMeNot Extension (Firefox Add-on) - http://roachfiend.com/archives/2005/02/07/bugmenot/
    TrashMail.net Extension (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1813/
    DiggiDig (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2819/
    Digger (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1467/


    Database security assessment


    Scuba by Imperva Database Vulnerability Scanner - http://www.imperva.com/scuba/


    Browser Defenses


    DieHard - http://www.diehard-software.org/
    LocalRodeo (Firefox Add-on) - http://databasement.net/labs/localrodeo/
    NoMoXSS - http://www.seclab.tuwien.ac.at/projects/jstaint/
    Request Rodeo - http://savannah.nongnu.org/projects/requestrodeo
    FlashBlock (Firefox Add-on) - http://flashblock.mozdev.org/
    CookieSafe (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2497
    NoScript (Firefox Add-on) - http://www.noscript.net/
    FormFox (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1579/
    Adblock (Firefox Add-on) - http://adblock.mozdev.org/
    httpOnly in Firefox (Firefox Add-on) - http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html
    SafeCache (Firefox Add-on) - http://www.safecache.com/
    SafeHistory (Firefox Add-on) - http://www.safehistory.com/
    PrefBar (Firefox Add-on) - http://prefbar.mozdev.org/
    All-in-One Sidebar (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1027/
    QArchive.org web file checker (Firefox Add-on) - https://addons.mozilla.org/firefox/4115/
    Update Notified (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2098/
    FireKeeper - http://firekeeper.mozdev.org/
    Greasemonkey: XSS Malware Script Detector - http://yehg.net/lab/#tools.greasemonkey


    Browser Privacy


    TrackMeNot (Firefox Add-on) - https://addons.mozilla.org/firefox/3173/
    Privacy Bird - http://www.privacybird.com/


    Application and protocol fuzzing (random instead of targeted)


    Sulley - http://fuzzing.org/
    taof: The Art of Fuzzing - http://sourceforge.net/projects/taof/
    zzuf: multipurpose fuzzer - http://sam.zoy.org/zzuf/
    autodaf¨¦: an act of software torture - http://autodafe.sourceforge.net/
    EFS and GPF: Evolutionary Fuzzing System - http://www.appliedsec.com/resources.html

  • 相关阅读:
    HDU 1312 Red and Black DFS(深度优先搜索) 和 BFS(广度优先搜索)
    HDU 1241 Oil Deposits DFS(深度优先搜索) 和 BFS(广度优先搜索)
    邮件推广工具
    aix-syslog
    能量点
    知识picture
    C中运算符
    stdio.h头文件中申明的基本函数
    字符串
    指针字符串
  • 原文地址:https://www.cnblogs.com/dhcn/p/7105405.html
Copyright © 2020-2023  润新知