API tools faq
paste
Advertisement
Drvirus1911

Web Penetration Testing Arsenal

Drvirus1911
Sep 6th, 2017
4,403
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.69 KB | None | 0 0
raw download clone embed print report
  1. Test sites / testing grounds
  2.  
  3. 1. http://zero.webappsecurity.com/
  4. 2. http://crackme.cenzic.com/
  5. 3. http://demo.testfire.net/
  6. 4. http://testphp.acunetix.com/
  7. 5. http://testasp.acunetix.com/
  8. 6. http://testaspnet.acunetix.com/
  9. 7. http://www.mavensecurity.com/webmaven
  10. 8. http://www.foundstone.com/us/resources-free-tools.asp
  11. 9. http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
  12. 10. http://www.owasp.org/index.php/OWASP_WebGoat_Project
  13. 11. http://www.owasp.org/index.php/Owasp_SiteGenerator
  14. 12. http://suif.stanford.edu/~livshits/securibench/
  15. 13. http://suif.stanford.edu/~livshits/work/securibench-micro/
  16.  
  17. HTTP proxying / editing
  18.  
  19. 14. http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
  20. 15. http://www.portswigger.net/
  21. 16. http://www.parosproxy.org/
  22. 17. http://www.fiddlertool.com/
  23. 18. http://www.microsoft.com/mspress/companion/0-7356-2187-X/
  24. 19. http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
  25. 20. http://www.sensepost.com/research/suru/
  26. 21. http://www.neutralbit.com/en/rd/httpedit/
  27. 22. http://www.xk72.com/charles/
  28. 23. http://www.bindshell.net/tools/odysseus
  29. 24. http://www.corsaire.com/downloads/
  30. 25. http://examples.oreilly.com/networkst/
  31. 26. http://jscmd.rubyforge.org/
  32. 27. http://code.google.com/p/ratproxy/
  33.  
  34. RSnake’s XSS cheat sheet based-tools, webapp fuzzing, and encoding tools
  35.  
  36. 28. http://www.edge-security.com/wfuzz.php
  37. 29. http://www.isecpartners.com/proxmon.html
  38. 30. http://wapiti.sourceforge.net/
  39. 31. http://rgaucher.info/beta/grabber/
  40. 32. http://darkcode.ath.cx/scanners/XSSscan.py
  41. 33. http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
  42. 34. http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm
  43. 35. http://sourceforge.net/projects/jbrofuzz
  44. 36. http://ha.ckers.org/blog/20060921/xssfuzz-released/
  45. 37. http://www.microsoft.com/mspress/companion/0-7356-2187-X/
  46. 38. http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz
  47. 39. http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer:-Test-your-regular-expression-filter
  48. 40. http://www.dachb0den.com/projects/screamingcobra.html
  49. 41. http://immunitysec.com/resources-freesoftware.shtml
  50. 42. http://rfuzz.rubyforge.org/
  51. 43. http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999
  52. 44. http://www.pushtotest.com/Docs/downloads/features.html
  53. 45. http://michaeldaw.org/projects/asp-auditor-v2/
  54. 46. http://wstool.sourceforge.net/
  55. 47. http://ussysadmin.com/whcc/
  56. 48. http://www.microsoft.com/mspress/companion/0-7356-2187-X/
  57. 49. https://addons.mozilla.org/firefox/3899/
  58. 50. http://www.net-force.nl/library/downloads/
  59. 51. http://userscripts.org/scripts/show/743
  60.  
  61. HTTP general testing / fingerprinting
  62.  
  63. 52. http://hping.org/wbox/
  64. 53. http://htcheck.sourceforge.net/
  65. 54. http://www.lurhq.com/tools/mumsie.html
  66. 55. http://www.webinject.org/
  67. 56. http://stein.cshl.org/~lstein/torture/
  68. 57. http://www.joedog.org/JoeDog/Siege/
  69. 58. http://www.open-labs.org/
  70. 59. http://ge.mine.nu/lbd.html
  71. 60. http://ujeni.murkyroc.com/hmap/
  72. 61. http://net-square.com/httprint/
  73. 62. http://wpoison.sourceforge.net/
  74. 63. http://net-square.com/msnpawn/index.shtml
  75. 64. http://druid.caughq.org/projects/hcraft/
  76. 65. http://www.wiretrip.net/rfp/lw.asp
  77. 66. http://www.cirt.net/code/nikto.shtml
  78. 67. http://twill.idyll.org/
  79. 68. http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
  80. 69. http://security-net.biz/files/dff/DFF.zip
  81. 70. http://packetstormsecurity.org/web/elza-1.4.7-beta.zip
  82. 71. http://www.stoev.org/elza.html
  83. 72. http://sf.net/projects/hackfox
  84.  
  85. Browser-based HTTP tampering / editing / replaying
  86.  
  87. 73. http://www.bayden.com/Other/
  88. 74. http://www.infobyte.com.ar/developments.html
  89. 75. http://modifyheaders.mozdev.org/
  90. 76. http://tamperdata.mozdev.org/
  91. 77. https://addons.mozilla.org/en-US/firefox/addon/1290/
  92. 78. https://addons.mozilla.org/en-US/firefox/addon/1385/
  93. 79. https://addons.mozilla.org/en-US/firefox/addon/1806/
  94. 80. https://addons.mozilla.org/en-US/firefox/addon/1913/
  95. 81. http://livehttpheaders.mozdev.org/
  96.  
  97. Cookie editing / poisoning
  98.  
  99. 82. https://addons.mozilla.org/en-US/firefox/addon/575/
  100. 83. http://lcamtuf.coredump.cx/stompy.tgz
  101. 84. http://addneditcookies.mozdev.org/
  102. 85. http://cookieculler.mozdev.org/
  103. 86. http://www.nektra.com/oss/firefox/extensions/cookiepie/
  104. 87. http://www.codeproject.com/shell/cookiespy.asp
  105. 88. http://www.dutchduck.com/Features/Cookies.aspx
  106.  
  107. Ajax and XHR scanning
  108.  
  109. 89. http://sahi.co.in/
  110. 90. http://scrubyt.org/
  111. 91. http://jquery.com/
  112. 92. http://www.gnucitizen.org/projects/jquery-include
  113. 93. http://www.denimgroup.com/sprajax.html
  114. 94. http://wtr.rubyforge.org/
  115. 95. http://watij.com/
  116. 96. http://watin.sourceforge.net/
  117. 97. http://idontsmoke.co.uk/2005/rbnarcissus/
  118. 98. http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin
  119. 99. http://jasildbg.googlepages.com/
  120. 100. http://www.getfirebug.com/lite.html
  121. 101. http://code.google.com/p/firewatir/
  122.  
  123. RSS extensions and caching
  124.  
  125. 102. https://addons.mozilla.org/en-US/firefox/addon/324/
  126. 103. http://www.dubfire.net/chris/projects/rss-cache/
  127.  
  128. SQL injection scanning
  129.  
  130. 104. http://0x90.org/releases.php
  131. 105. http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
  132. 106. http://sqlninja.sourceforge.net/
  133. 107. http://www.justinclarke.com/archives/2006/03/sqlbrute.html
  134. 108. http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html
  135. 109. http://sqlmap.sourceforge.net/
  136. 110. http://www.sensepost.com/research/scully/
  137. 111. http://www.flowgate.net/?lang=en&seccion=herramientas
  138. 112. http://www.priamos-project.com/
  139.  
  140. Web application security malware, backdoors, and evil code
  141.  
  142. 113. http://w3af.sourceforge.net/
  143. 114. http://busin3ss.name/jikto-in-the-wild/
  144. 115. http://ferruh.mavituna.com/article/?1338
  145. 116. http://xss-proxy.sourceforge.net/
  146. 117. http://www.gnucitizen.org/projects/attackapi/
  147. 118. http://azurit.elbiahosting.sk/ffsniff/
  148. 119. http://honeyblog.org/junkyard/web-based/
  149. 120. http://www.bindshell.net/tools/beef/
  150. 121. http://www.gnucitizen.org/projects/fex/
  151. 122. http://reglos.de/myaddress/
  152. 123. http://www.botmaster.net/movies/XFull.htm
  153. 124. http://www.merchantos.com/makebeta/tools/spyjax/
  154. 125. http://www.gnucitizen.org/projects/greasecarnaval
  155. 126. http://www.gnucitizen.org/projects/technika/
  156. 127. http://www.gnucitizen.org/projects/load-attackapi-bookmarklet
  157. 128. http://michaeldaw.org/my-projects/
  158.  
  159. Web application services that aid in web application security assessment
  160.  
  161. 129. http://www.netcraft.net/
  162. 130. http://www.abouturl.com/
  163. 131. http://www.scrutinizethis.com/
  164. 132. http://clez.net/
  165. 133. http://www.serversniff.net/
  166. 134. http://www.greymagic.com/security/tools/decoder/
  167. 135. http://www.webmaster-toolkit.com/
  168. 136. http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
  169. 137. http://h4k.in/encoding
  170. 138. http://h4k.in/dataurl
  171.  
  172. Browser-based security fuzzing / checking
  173.  
  174. 139. http://lcamtuf.coredump.cx/mangleme/mangle.cgi
  175. 140. http://metasploit.com/users/hdm/tools/
  176. 141. http://peachfuzz.sourceforge.net/
  177. 142. http://research.eeye.com/html/tools/RT20060801-3.html
  178. 143. http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html
  179. 144. http://labs.idefense.com/
  180. 145. http://bcheck.scanit.be/bcheck/
  181. 146. http://www.indiana.edu/~phishing/?projects
  182. 147. http://linkscanner.explabs.com/linkscanner/default.asp
  183. 148. http://www.heise-security.co.uk/services/browsercheck/
  184. 149. http://www.jungsonnstudios.com/cool.php
  185. 150. http://www.jumperz.net/index.php?i=2&a=1&b=7
  186. 151. http://ha.ckers.org/weird/javascript-website-login-checker.html
  187. 152. http://www.iol.ie/~locka/mozilla/mozilla.htm
  188. 153. http://blackdragon.jungsonnstudios.com/
  189. 154. http://ha.ckers.org/mr-t/
  190. 155. http://www.0x000000.com/?i=324
  191. 156. http://www.macromedia.com/software/flash/about/
  192. 157. http://java.com/en/download/installed.jsp?detect=jre&try=1
  193. 158. http://userscripts.org/scripts/show/30285
  194.  
  195. Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources
  196.  
  197. 159. http://en.wikipedia.org/wiki/APIDS
  198. 160. http://php-ids.org/
  199. 161. http://code.google.com/p/phpids/
  200. 162. http://code.google.com/p/dotnetids/
  201. 163. http://www.securescience.com/home/newsandevents/news/interscout1.0.html
  202. 164. http://remo.netnea.com/
  203. 165. http://www.gotroot.com/tiki-index.php?page=mod_security+rules
  204. 166. http://wsgw.sourceforge.net/
  205. 167. http://noeljackson.com/tools/modsecurity/
  206. 168. http://www.wisec.it/projects.php?id=3
  207. 169. http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz
  208. 170. http://www.aqtronix.com/?PageID=99
  209. 171. http://akismet.com/
  210. 172. http://research.microsoft.com/projects/samoa/
  211.  
  212. Web services enumeration / scanning / fuzzing
  213.  
  214. 173. http://www.codeplex.com/WebserviceStudio
  215. 174. http://net-square.com/wschess/index.shtml
  216. 175. http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
  217. 176. http://www.sift.com.au/73/171/sift-web-method-search-tool.htm
  218. 177. http://www.isecpartners.com/tools.html
  219.  
  220. Threat modeling
  221.  
  222. 178. http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
  223. 179. http://www.amenaza.com/software.php
  224. 180. http://www.octotrike.org/
  225.  
  226. Add-ons for Firefox that help with general web application security
  227.  
  228. 181. https://addons.mozilla.org/firefox/60/
  229. 182. https://addons.mozilla.org/firefox/3002/
  230. 183. https://addons.mozilla.org/firefox/2897/
  231. 184. https://addons.mozilla.org/firefox/3911/
  232. 185. http://beaufour.dk/index.php?sec=misc&pagename=xforms
  233. 186. http://www.mrtech.com/extensions/local_install/
  234. 187. http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html
  235. 188. https://addons.mozilla.org/firefox/1419/
  236. 189. https://addons.mozilla.org/firefox/59/
  237. 190. https://addons.mozilla.org/firefox/2409/
  238. 191. https://addons.mozilla.org/firefox/575/
  239. 192. https://addons.mozilla.org/firefox/953/
  240. 193. https://addons.mozilla.org/firefox/667/
  241. 194. https://addons.mozilla.org/firefox/1999/
  242. 195. https://addons.mozilla.org/firefox/4014/
  243. 196. http://spiderzilla.mozdev.org/
  244. 197. https://addons.mozilla.org/en-US/firefox/addon/143
  245. 198. https://addons.mozilla.org/firefox/3208/
  246.  
  247. Add-ons for Firefox that help with Javascript and Ajax web application security
  248.  
  249. 199. http://www.openqa.org/selenium-ide/
  250. 200. http://www.joehewitt.com/software/firebug/
  251. 201. http://www.mozilla.org/projects/venkman/
  252. 202. http://groups.csail.mit.edu/uid/chickenfoot/
  253. 203. http://www.greasespot.net/
  254. 204. http://www.letitblog.com/greasemonkey-compiler/
  255. 205. http://arantius.com/misc/greasemonkey/script-compiler
  256. 206. http://ted.mielczarek.org/code/mozilla/extensiondev/
  257. 207. https://addons.mozilla.org/en-US/firefox/addon/3885/
  258.  
  259. Bookmarklets that aid in web application security
  260.  
  261. 208. http://ha.ckers.org/bookmarklets.html
  262. 209. http://optools.awardspace.com/bmlet.html
  263. 210. http://www.squarefree.com/bookmarklets/
  264. 211. http://www.blummy.com/
  265. 212. http://www.micropersuasion.com/2005/10/bookmarklets_ev.html
  266. 213. http://n01se.net/chouser/proj/mozhack/
  267. 214. http://www.chuonthis.com/extensions/
  268.  
  269. SSL certificate checking / scanning
  270.  
  271. 215. http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip
  272. 216. https://addons.mozilla.org/firefox/1964/
  273.  
  274. Honeyclients, Web Application, and Web Proxy honeypots
  275.  
  276. 217. http://www.honeyclient.org/trac/
  277. 218. http://honeyc.sourceforge.net/
  278. 219. http://capture-hpc.sourceforge.net/
  279. 220. http://ghh.sourceforge.net/
  280. 221. http://www.rstack.org/phphop/
  281. 222. http://www.monkey.org/~provos/spybye/
  282. 223. http://www.securityfocus.com/infocus/1713
  283.  
  284. Footprinting for web application security
  285.  
  286. 224. http://www.paterva.com/evolution-e.html
  287. 225. http://www.mcgrewsecurity.com/projects/goosweep/
  288. 226. http://www.sensepost.com/research/aura/
  289. 227. http://www.edge-security.com/soft.php
  290. 228. http://ha.ckers.org/fierce/
  291. 229. http://www.nothink.org/perl/googlegath/
  292. 230. https://addons.mozilla.org/firefox/2144/
  293. 231. https://addons.mozilla.org/firefox/977/
  294. 232. https://addons.mozilla.org/en-US/firefox/addon/1453/
  295. 233. http://roachfiend.com/archives/2005/02/07/bugmenot/
  296. 234. https://addons.mozilla.org/en-US/firefox/addon/1813/
  297. 235. https://addons.mozilla.org/en-US/firefox/addon/2819/
  298. 236. https://addons.mozilla.org/en-US/firefox/addon/1467/
  299.  
  300. Database security assessment
  301.  
  302. 237. http://www.imperva.com/scuba/
  303.  
  304. Browser Defenses
  305.  
  306. 238. http://www.diehard-software.org/
  307. 239. http://databasement.net/labs/localrodeo/
  308. 240. http://www.seclab.tuwien.ac.at/projects/jstaint/
  309. 241. http://savannah.nongnu.org/projects/requestrodeo
  310. 242. http://flashblock.mozdev.org/
  311. 243. https://addons.mozilla.org/en-US/firefox/addon/2497
  312. 244. http://www.noscript.net/
  313. 245. https://addons.mozilla.org/en-US/firefox/addon/1579/
  314. 246. http://adblock.mozdev.org/
  315. 247. http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html
  316. 248. http://www.safecache.com/
  317. 249. http://www.safehistory.com/
  318. 250. http://prefbar.mozdev.org/
  319. 251. https://addons.mozilla.org/en-US/firefox/addon/1027/
  320. 252. https://addons.mozilla.org/firefox/4115/
  321. 253. https://addons.mozilla.org/en-US/firefox/addon/2098/
  322. 254. http://firekeeper.mozdev.org/
  323. 255. http://yehg.net/lab/#tools.greasemonkey
  324.  
  325. Browser Privacy
  326.  
  327. 256. https://addons.mozilla.org/firefox/3173/
  328. 257. http://www.privacybird.com/
  329.  
  330. Application and protocol fuzzing (random instead of targeted)
  331.  
  332. 258. http://fuzzing.org/
  333. 259. http://sourceforge.net/projects/taof/
  334. 260. http://sam.zoy.org/zzuf/
  335. 261. http://autodafe.sourceforge.net/
  336. 262. http://www.appliedsec.com/resources.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!