24 March 2008 | 14,628 views

SecurityCompass Exploit-Me – Firefox Web Application Testing Tools

Check For Vulnerabilities with Acunetix

Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection.

The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download [PDF].

Currently in their beta release stage, these open source (GPL v3) FireFox plug-ins search through web applications for vulnerable visible and hidden form fields to perform input validation attacks.

XSS-Me

XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.

The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.

If the resulting HTML page sets a specific JavaScript value (document.vulnerable=true) then the tool marks the page as vulnerable to the given XSS string.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

SQL Inject-Me

SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.

The tool work by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.

The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

You can get XSS-Me and SQL Inject-Me here:

Download XSS-Me Now!
Download SQL Inject-Me Now!

Or read more here.



Recent in Hacking Tools:
- BurpSentintel – Vulnerability Scanning Plugin For Burp Proxy
- Garmr – Automate Web Application Security Tests
- ParanoiDF – PDF Analysis & Password Cracking Tool

Related Posts:
- Security Compass Web Application Analysis Tool – SWAAT
- FireCAT 1.5 Released – Firefox Catalog of Auditing Extensions
- FireCAT – Firefox Catalog of Auditing Tools

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,863,908 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,052,741 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 622,522 views

Low-cost VPS Hosting

One Response to “SecurityCompass Exploit-Me – Firefox Web Application Testing Tools”

  1. James C 27 March 2008 at 7:46 pm Permalink

    Found these to be of limited use.
    I’d give these “tools” a 4 out of 10.