Views: 13,239 LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html form tags , which often refer to dynamic pages that might be subject to SQL injection or other flaws. It works as an ordinary spider and analyses pages, following hyperlinks, injecting special characters that […]
web-hacking-tools
LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)
Views: 10,974 There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI). A new simple tool was released recently which focuses purely on LFI attacks. Functions Automatically […]
Arachni – Web Application Vulnerability Scanning Framework
Views: 13,237 Arachni is a feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect […]
x5s – Automated XSS Security Testing Assistant
Views: 7,781 [ad] x5s is a Fiddler add-on which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by: Detecting where safe encodings were not applied to emitted user-inputs Detecting where Unicode character transformations might bypass security filters Detecting where […]
Web Security Dojo – Training Environment For Web Application Security
Views: 12,987 [ad] Web Security Dojo is a free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo What? Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v9.10. Why? The Web Security Dojo is for learning and practicing web […]