Web Application Security Testing Tools

Port Scanners

  • Nmap – general port scanner

 Vulnerability Scanners

  • Nikto and Wikto – web server vulnerability checkers
  • Nessus – general purpose vulnerability checker
  • WebInspect – web application vulnerability scanner
  • Absinthe – SQL injection testing tool

Information Gathering Tools

  • SpiderFoot – footprinting tool
  • wget – site duplication tool
  • Offline Explorer – site duplication tool
  • WinHTTrack – site mirroring tool

Web Proxy Tools

  • Paros – local proxy and data manipulation tool
  • Spike proxy – proxy and data manipulation tool
  • Fiddler – proxy and data manipulation tool
  • Web View / Syntax View / Timeline – Fiddler extension
  • Burp Suite – proxy and data manipulation tool
  • POSTHook – IE plugin to manipulate POST data
  • TamperIE – IE plugin to manipulate GET and POST data
  • Webproxy – proxy and data manipulation tool
  • Webscarab – proxy and data manipulation tool

Browser Tools

  • IE, Chrome, Firefox, Opera – browsers
  • Mozilla Web Developer Toolbar – browser tool
  • IE Developer Toolbar – browser tool
  • Mozilla IE Tab Plugin – browser tool
  • Firefox Tools
  • HackBar – encoders/decoders
  • Web Developer Toolbar – modify objects in web pages
  • Tamper Data – manipulate HTTP data and headers
  • Firebug – modify HTML, Java, and CSS in the browser
  • Grease Monkey – add user defined JavaScript to a web page
  • Switch Proxy – allows easy switching of web proxies
  • FoxyProxy – regex based smart proxy selector
  • Edit Cookies – cookie editor
  • XSS-Me – cross site scripting tool
  • SQL Inject Me – SQL injection testing tool
  • CookieSwap – cookie editor
  • RoboForm – caching form data for testing

Cookies / Session Manipulation Tools

  • Cookie Pal – Cookie capture and viewing tool
  • CookieSpy – Cookie manipulation plugin for IE
  • IESpy – Cookie manipulation plugin for IE

HTTP Request Generation Tools

  • netcat – raw packet generation tool
  • wfetch – raw HTTP request generation tool

SSL Proxy Tools

  • openssl – SSL programming toolkit
  • stunnel – SSL proxy tool

Password Guessing Tools

  • Brutus – multi-purpose password brute forcer
  • Webcracker – HTTP authentication brute forcer
  • Hydra – Brute force password guessing tool for HTTP, FTP, etc

Decompiles

  • JAD/Jode – Java decompiler
  • Reflector – .NET decompiler
  • Reflexil – Add-in for Reflector used to modify decompiled .NET code
  • FileDisassembler – Add-in for Reflector to export .NET code to Visual Studio

Miscellaneous

  • fpipe – traffic redirector
  • lynx – text browser
  • curl – web client tool
  • Dave Proxy – proxy tool used for thick client applications
  • Dave – WebDAV tool
  • Cadaver – WebDAV tool
  • SSLDigger – SSL cipher strength checker
  • THCSSLCheck – SSL cipher strength checker
  • Perl, Python – coding tools for custom scripts
  • Twill – scripting language for web browsing

Virgin Money London Marathon 2015

I will be running the 2015 Virgin Money London Marathon on 26th April 2015 for the British Lung Foundation who are currently funding research on the prevention of lung damage in COPD and many other areas related to lung disease.  You can read more about the BLF’s research here.

My fundraising target this year is £1,750.00 and any donations, big or small, would be greatly appreciated.  My fundraising page can be found here.

If you leave your name on the donation list, I’ll be sure to contact you to say thanks 🙂