MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing - or a bad thing.
But well here it is anyway.
Features
Receives a list of URLs as input
Recognizes the parameterized URLs from the list
Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
Automatic defacement - [...]
A tool which allows one to hijack HTTP connections to steal cookies - even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.
Features:
Does Wireless injection when the NIC is in monitor mode
Supports Ethernet
Support for WEP (when the NIC is in monitor mode)
Known issues:
Sometimes the victim is not redirected correctly (particularly seen when [...]
A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for [...]
One of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release - not a minor upgrade.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate [...]
As you all seem to pretty interested in Inguma, there’s something else similar called w3af - the fifth BETA was released a while back and the team are now working on the sixth.
w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application [...]
SQL Power Injector is a graphical application created in .NET 1.1 that helps the penetrating tester to inject SQL commands on a web page.
For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).
Moreover this application will get [...]
The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers.
This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application.
CCWAPSS is focused on rating the security level [...]
Flare processes an SWF and extracts all scripts from it. The output is written to a single text file. Only ActionScript is extracted, no text or images. Flare is freeware. Windows, Mac OS X and Linux versions are available.
The main purpose of decompiler is to help you recover your own lost source code. However, there [...]
A while back Microsoft UK got hacked by some Saudi Hackers, Microsoft is always one of the top targets for renegades and ‘cyber-terrorists’ as the high profile nature of the company can give some publicity to their causes.
This was less than a month after Technet got owned.
I don’t think they are ever going to lay [...]
A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features:
Audit
SQL injection detection
XSS detection
SSI detection
Local file include detection
Remote file include detection
Buffer Overflow [...]
