|
Security related Tools. |
Here you can find usefull scripts, tools and security-related apps created by WebSec.org. Most of this tools are written in Perl. Why? Because coding in Perl is fast, OS-independent and CPAN helps a lot in avoiding to reinvent the wheel. Manny of these functions will be a part of our new web- application testing - environment "Blade". This system will be developed with Java. |
Name/Link |
Description |
| Desperado-Stresstester | webserver-stresstester and vulnerability-seeker. used with the right config-file(Simple Example HERE) it helps you to reduce test-time. desperado is a tool which helps you find NEW vulnerabilities within your web-applications. (README - File HERE) |
| formatter.pl (alpha) | perl script for creating formatstring-exploits "on the fly" |
| formbrute.pl | perl script for brute-force tests against form-based authentication systems. works pretty good :-) |
| getraw.pl | perl script for raw HTTP-requests. for those who cant run netcat (this one is pretty old). |
| cscan.pl | short script to perform default cgi-scans. it supports proxy-servers and makes use of
|
| coptions.pl | an old parameter- and backdoor-brute force script.
|
| forms.pl | analyze forms and form-fields with this script. simple but very useful!! |
| xssproxy.pl | mini perl-proxy designed for http-header injection (cookie theft !!) |
| ftpbrute.pl | check your ftp-service for weak passwords(perl-script) |
| basicbrute.pl | perform brute-force attacks against Basic-Authentication(perl-script) |
| digestbrute.pl | perform brute-force attacks against Digest-Authentication(perl-script) |
| apacheharvest.pl | this small script "harvests" valid usernames from missconfigured apache-webserver. uses word-list. |
| iisremote.pl | tries to assess IIS < 6 configuration remotely. this can be very helpfull combined with a list of all/possible folders/directories of a IIS-server. |
| spider.pl | very small but useful crawler. follows any type of link but JS. can be very usefull to to create pseudo-sitemaps for further examination(backup-, upload ao. checks !!!) |
| imapbrute.pl | simple IMAP brute-forcer). |
| extensions.pl | checks given sitemap-file with given extensions-file (example HERE). |
| putter.pl | does http-PUT requests to a given list of urls(directories). does not support proxies and ssl yet. very helpfull for IIS-tests. should be used after sitemap-creation. |
| netcraft.pl | just a simple "shortcut" to www.netcraft.com |
| unicode.pl | helps you to brute-force URL´s with Unicode-Characters against several webservers(IIS for example) |
| hotc.pl | is a neat "brute-force" hotmail account "cracker" |
Blade(Jar-file) |
WebApp SecAudit-tool (alpha delayed) |