Oedipus – Open Source Web Application Security Analysis

Find your website's Achilles' Heel


Oedipus is an open source web application security analysis and testing suite written in Ruby by Penetration Testers for Penetration Testers. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities.

Oedipus can be broken down into 4 main components:

1. Analyzer

Capable of parsing several different types of log files, such as Burp, Paros, etc, identifying potential security vulnerabilities using pattern matching – An Oedipus input file is also produced.

2. Scanner

Parsers the Oedipus or IEnterceptor file, feeding each request to a dynamically loaded predefined security plug-in on the fly.

3. Reporter

Using the results from the Analyzer and the Scanner, Oedipus produces several well formatted reports designed for the Penetration Tester. The Scanner report can be interactively used to verify the results of the potential vulnerabilities discovered.

4. Tools

Using the above identified security vulnerabilities, a number of tools are provided to analyze and potentially exploit the vulnerability.

You can read more at:

Oedipus or Download Oedipus Now

Digg This Article


Posted in: Hacking Tools, Web Hacking

, , , , , , ,

Recent in Hacking Tools:
- OWASP OWTF – Offensive Web Testing Framework
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,992,306 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,478,141 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 687,142 views

Get protected with Sucuri


Trackbacks/Pingbacks

  1. Jet Grrl » links for 2006-06-14 - June 14, 2006

    […] Oedipus – Open Source Web Application Security Analysis » (tags: Security Tech HowTo) […]

  2. Yi-Feng Tzeng’s » Archive » SQL Power Injector - June 16, 2006

    […] I heard it from darknet. […]