Free Web Security Scanning Tools

you do Web application security assessments, this page is for you. We’ve gathered all of the tools and techniques discussed in Hacking Exposed: Web Applications (that we use every day as consultants) and cataloged them here. This is an abbreviated recitation of Appendix B in the book, with live hyperlinks for easy access. Keep your eyes on this space as we post custom scripts and tools from the authors!

Free Web Security Scanning Tools
Nikto
N-Stalker NStealth Free Edition
Burp Suite
Paros Proxy
OWASP Webscarab


SQL Injection
SQL Power Injector by Francois Larouche
Bobcat (based on “Data Thief” by Application Security, Inc.).
Absinthe – free blind SQL injection tool
SQLInjector by David Litchfield
NGS Software database tools


Cross-Site Scripting (XSS)
RSnake’s XSS Cheat Sheet
XSS-Proxy


IE Extensions for HTTP Analysis
TamperIE
IEWatch
IE Headers
IE Developer Toolbar
IE 5 Powertoys for WebDevs


Firefox Extensions for HTTP Analysis
LiveHTTP Headers
Tamper Data
Modify Headers


HTTP/S Proxy Tools
Paros Proxy
WebScarab
Fiddler HTTP Debugging Proxy
Burp Intruder
WatchFire PowerTools


Command-line HTTP/S Tools
cURL
Netcat
Sslproxy
Openssl
Stunnel


Sample Applications
Bayden Systems’ “sandbox” online shopping application
Foundstone Hacme Bank and Hacme Books


Web Site Crawling/Mirroring Tools
Lynx
Wget
Teleport Pro
Black Widow
Offline Explorer Pro


Profiling
HTTPrint for fingerprinting web servers
Jad, the Java Dissasembler
Google search using “+www.victim.+com”
Google search using 뱎arent directory? robots.txt


Web Platform Attacks and Countermeasures
Microsoft IIS Security Bulletins and Advisories
Apache Security Bulletins
Metasploit Framework
Microsoft URLScan
Apache ModSecurity


Commercial Web App Vulnerability Scanners
Acunetix Enterprise Web Vulnerability Scanner
Cenzic Hailstorm
Ecyware GreenBlue Inspector
Syhunt Sandcat Suite
SPI Dynamics WebInspect
Watchfire AppScan
NTObjectives NTOSpider
Compuware DevPartner SecurityChecker
WhiteHat Security


Web Authentication Attack Tools
Brutus AET2
Hydra
WebCracker
NTLM Authentication Proxy Server (APS)


XML Web Services (SOAP)
WebService Studio
WSDigger
SoapClient.com
XML eXternal Entity (XXE) Attack
XPath Injection
Blind XPath Injection” by Amit Klein


출처 : Tong – jackie92님의 ◐ Security Tools통

Related posts:

  1. Windows 2000 Security Checklist Basic Security Considerations Provide Physical Security for the machineMost security...
  2. AQTRONIX WebKnight IIS Filter – Application Firewall for Web Servers AQTRONIX WebKnight IIS Filter AQTRONIX WebKnight is an application firewall...
  3. MegaBBS – A free, fully featured message board! MegaBBS Unix systems have had great choices in message forum...
  4. Link Utility – 웹사이트 링크 체커 Link Utility는 웹사이트의 링크를 체크해 주는 도구이다.   Link Utility...