HconSTF is an Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessment. It contains webtools which are capable of carrying out XSS attacks, SQL Injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. It could prove useful to anybody interested in the information security domain – students, security professionals, web developers and so on.
Features
- Categorized and comprehensive toolset
- Contains hundreds of tools and features and script for different tasks like SQLi, XSS, Dorks, OSINT to name a few
- HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
- Each and every option is configured for penetration testing and Vulnerability assessments
- Specially configured and enhanced for gaining easy & solid anonymity
- Works for web app testing assessments specially for OWASP top 10
- Easy to use & collaborative Operating System like interface
- Multi-Language support (feature in heavy development translators needed)
You can download HconSTF 0.4 beta here:
HconSTF_v0.4_Freedom_portable.exe
Or read more here.
IT Security says
I use the aqua base version of this for testing client gateways and firewalls. My only wish would be to make this a PCI compliant scanning vendor so I can issue some of my clients the appropriate certificates form it.
NNM says
Tested..
Looks more like a customized, skinned and overrated firefox , with some plugins…
Disappointed there! Expected more than a bloated browser.