Search Results for "web based"

This web application scanner is a powerful tool designed to identify potential security vulnerabilities in websites with full GUI (no need to cli). It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover...

Sn1per Professional is an all-in-one offensive security platform that provides a comprehensive view of your internal and external attack surface and offers an asset risk scoring system to prioritize, reduce, and manage risk. With Sn1per Professional, you can discover the attack surface and continuously monitor it for changes. It integrates with the leading open source and commercial security testing tools for a unified view of your data.

github: https://github.com/samedog/phpmvs

PAVS scans the PHP based web application source code and identifies the potential security problems in that application. PAVS also identifies the loop holes in PHP configuration file settings. Attacks addressed by PAVS are Cross-site Scripting SQL Injection File Manipulation File Inclusion Command Execution Code Evaluation

OpenVAS is an open source remote security vulnerability scanner, designed to search for networked devices and computers, discover accessible ports and services, and to test for vulnerabilities on any such ports; plugins allow for further expansion.

A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. Visit WAVSEP homepage to learn more: https://code.google.com/p/wavsep/ The project includes the following test cases: Path Traversal/LFI: 816 test cases (GET & POST) Remote File Inclusion (XSS via RFI): 108 test cases (GET & POST) Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST) Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST) Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST) Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST)

BlackBSD Is a NetBSD based LiveCD, with security tools on it, and fluxbox as a window manager. Beta Version 1.0 coming on soon. Packages on it. Nmap - port scanner http://nmap.org/ Nessus - Vulnerability detector http://www.tenable.com/products/nessus Air-Crack - Wireless Cracker http://www.aircrack-ng.org/ Ettercap - port sniffer http://ettercap.github.com/ettercap/ Iptraf - Network Monitor http://iptraf.seul.org/ Medusa - Login brute-forcer http://www.foofus.net/~jmk/medusa/medusa.html Snort - Intrucion Detection http://www.snort.org/ W3af - Web Application Attack http://w3af.org/ NetCat - networking utility http://netcat.sourceforge.net/ THC-Hydra - network logon cracker http://thc.org/thc-hydra/ Wapiti - Web application vulnerability scanner http://wapiti.sourceforge.net/ Rapid7 - http://www.rapid7.com/

A web application penetration testing tool that can extract data from SQL Server, MySQL, DB2, Oracle, Sybase, Informix, and Postgres. Further, it can crawl a website as a vulnerability scanner looking for sql injection vulnerabilities.

Reaver is a network vulnerability scanner built on top of Nessus with an easy to use "web front-end" and reporting system. Reaver will aid administrators in identifying, cataloguing and remediation of security vulnerability...DEV -missing web interface

nessquik is a fast web frontend for the Nessus Vulnerability Scanner. It uses modern javascript technologies to deliver a responsive, easy to use interface that lets people quickly schedule scans using Nessus.

grIDS is a management system for Security Engineers. grIDS integrates snort as the IDS, nessus as the vulnerability scanner, a port reference, a host information database, and canned reports into a web-based management system.

Scavenger: A Real-Time Vulnerability Scanner and Management Application

Cake Fuzzer is an open-source project meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives. Currently, it is implemented to support the Cake PHP framework. Cake Fuzzer is based on the concept of Interactive Application Security Testing (IAST). The goals of the project are: - create an automated process of discovering vulnerabilities in applications based on the CakePHP Framework; - no application knowledge requirement or pre-configuration of the web application; - result with minimal or close to 0 amount of false positives; - require minimal security knowledge to run the scanner.

CVE-Alert helps organizations and individuals track Common Vulnerabilities and Exposures (CVEs) in real-time. Get notified about security issues affecting your vendors and products. Key capabilities: - Real-time CVE tracking - Automatically sync with CVE.org's CVE List (cvelistV5) to stay current with published security vulnerabilities - Custom subscriptions - Subscribe to specific vendors, products, or severity levels to receive alerts only for what matters to your organization -...

SecuBat is a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.