hsecscan – HTTP Headers Scan
A security scanner for HTTP response headers. Installation Usage Example Copyright (C) 2015 riramar Source: https://github.com/riramar/
Tagged: webapp pentest
IronWASP: Web Application penetration testing tools
IronWASP — excellent web application advanced security testing platform. It is an open source for testing Web application vulnerabilities. This tool is very simple to use, but if you have python or ruby programming...
[Collection] Some good Vulnerable Web application Lab for PenTester
WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by...
pyfiscan: Free web-application vulnerability and version scanner
Pyfiscan is free web-application vulnerability and version scanner and can be used to locate out-dated versions of common web-applications in Linux-servers. Example use case is hosting-providers keeping eye on their users’ installations to keep...
BruteXSS v1.5 – Cross-site Scripting Tool
BruteXSS is a tool written in python simply to find XSS vulnerabilities in the web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI...
wafpass: Analysing parameters with all payloads’ bypass methods
WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However,...
File upload XSS – Vulnerabilities
A file upload point is an excellent opportunity to execute XSS applications. Many sites have user rights to upload personal data pictures of the upload point, you have a lot of opportunities to find...
WATOBO – THE WEB APPLICATION TOOLBOX
WATABO is a security tool for testing web applications. It is intended to enable security professionals to perform efficient (semi-automated) web application security audits. Most important features: WATOBO has Session Management capabilities! You can...
WebApp Penetration Testing: Local File Inclusion (LFI)
What is a local file inclusion (LFI) vulnerability? LFI allows an attacker to include a file on a server through a browser. When a Web application does not properly filter the input data, there...
Bypass Cross-site scripting (XSS) filtering using HEX Encoding
Cross-site scripting (XSS) is a common vulnerability in Web vulnerability analysis. In many cases, it was easy to enter without filtering easily, but most of the services analyzed had strong filtering. However, there are...
