Websecurify 0.6 - powerful web application security testing
Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
http://code.google.com/p/websecurify/
w3af 1.0-rc3 Available For Download – Web Application Attack & Audit Framework
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
http://w3af.sourceforge.net/
OpenSCAP – Framework For Implementing SCAP (Security Content Automation Protocol)
The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP.
http://www.open-scap.org/page/Main_Page
Onapsis Bizploit – ERP Penetration Testing Framework
Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.
http://www.onapsis.com/research.html#bizploit
Samurai Web Testing Framework v0.8 Released – Pen Testing Security LiveCD
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.
http://samurai.inguardians.com/
Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool
Knock is a python script designed to enumerate sub-domains on a target domain through a wordlist.
http://knock.gianniamato.it/download.php
sectool – Security Audit Tool and IDS
sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.
https://fedorahosted.org/sectool/
For Ubuntu (Lucid) users, you can get w3af 1.0-rc2 from the Ubuntu Universe repositories. Just type:
ReplyDeletesudo apt-get install w3af