SPIKE Proxy – Application Level Security Assessment


SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include:

  • Automated SQL Injection Detection
  • Web Site Crawling (guaranteed not to crawl sites other than the one being tested)
  • Login form brute forcing
  • Automated overflow detection
  • Automated directory traversal detection

Not all web applications are built in the same ways, and hence, many must be analyzed individually. SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it’s completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on. SPIKE Proxy is available for Linux and Windows.

Note: that SPIKE Proxy requires a working install of Python and pyOpenSSL on Linux. This is included in the Windows distribution.

SPIKE is a fairly mature tool having been around since about 2003, we at Darknet use Spike Proxy along with the Burp Suite for web application security analysis.

You can download SPIKE here:

Download for Linux | Download for Windows

Limited information can be found here:

Immunity Free Software

Posted in: Hacking Tools, Networking Hacking Tools, Web Hacking

, , , , , , ,


Latest Posts:


tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.


Comments are closed.