From Collaborative RCE Tool Library

Jump to: navigation, search

Web Application Tools


Tool name: Burp Suite
Rating: 5.0 (2 votes)
Author: PortSwigger                        
Website: http://www.portswigger.net/suite/
Current version: 1.1
Last updated:
Direct D/L link: http://portswigger.net/suite/download.html
License type: Free / Open Source
Description: Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Key features unique to Burp Suite include:

* Ability to "passively" spider an application in a non-intrusive manner, with all requests originating from the user's browser.
* One-click transfer of interesting requests between tools, e.g. from the Burp Proxy request history, or the Burp Spider results tree.
* Detailed analysis and rendering of requests and responses.
* Extensibility via the IBurpExtender interface, which allows third-party code to extend the functionality of Burp Suite. Data processed by one tool can be used in arbitrary ways to affect the behaviour and results of other tools.
* Centrally configured settings for downstream proxies, web and proxy authentication, and logging.
* Tools can run in a single tabbed window, or be detached in individual windows.
* All tool and suite configuration is optionally persistent across program loads.
* Runs in both Linux and Windows.

New features in version 1.1 include:

* Improved analysis of HTTP requests and responses wherever they appear, with browser-quality HTML and media rendering.
* Burp Sequencer, a new tool for analysing session token randomness.
* Burp Decoder, a new tool for performing manual and intelligent decoding and encoding of application data.
* Burp Comparer, a new utility for performing a visual diff of any two data items.
* Support for custom client and server SSL certificates.
* Ability to follow 3xx redirects in Burp Intruder and Repeater attacks.
* Improved interception and match-and-replace rules in Burp Proxy.
* A "lean mode", for users who prefer less functionality and a smaller resource footprint.

Burp Suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.5 or later. The JRE can be obtained for free from java.sun.com.
Also listed in: HTTP Proxy Tools, SSL Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Firebug
Rating: 5.0 (1 vote)
Author: Joe Hewitt                        
Website: http://getfirebug.com
Current version: 1.11.2
Last updated: February 23, 2013
Direct D/L link: http://addons.mozilla.org/firefox/downloads/latest/1843
License type: BSD / Open Source (JavaScript)
Description: Firebug integrates with Firefox, to put a wealth of web development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.

Probably the most advanced web/javascript debugger in existence.
Also listed in: Firefox Extensions, Javascript Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: JHijack
Rating: 5.0 (1 vote)
Author: Aung Khant                        
Website: http://yehg.net
Current version: v.02 beta
Last updated: June 13, 2009
Direct D/L link: http://yehg.net/lab/pr0js/files.php/jhijackv0.2beta.zip
License type: GPL
Description: A simple Java Fuzzer mainly used for numeric session hijacking and parameter enumeration.
Requirement: JRE/JDK 1.4 or above
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Joomla! Security Scanner
Rating: 5.0 (1 vote)
Author: Aung Khant                        
Website: http://yehg.net
Current version: 0.3
Last updated: May 13, 2009
Direct D/L link: http://yehg.net/lab/pr0js/files.php/joomscan.pl
License type: GPL
Description: A regularly-updated scanner that can detect file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.
Requirements: Perl
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: NiktoFE
Rating: 5.0 (1 vote)
Author: Aung Khant                        
Website: http://yehg.net
Current version: 0.1
Last updated: June 13, 2008
Direct D/L link: http://yehg.net/lab/pr0js/files.php/NiktoFEv01.zip
License type: Freeware
Description: Nikto FrontEnd (Nikto UI) is what we just wrap GUI to the all-time famous nikto.pl by Sullo (CIRT Inc).It usually takes several minutes(even hours) for a complete scan. When it's done, firefox will open and show the result.
Requirements: Perl, JRE 1.5 >=
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WFuzzFE
Rating: 5.0 (1 vote)
Author: Aung Khant                        
Website: http://yehg.net
Current version: 0.1
Last updated: June 13, 2009
Direct D/L link: http://yehg.net/lab/pr0js/files.php/WFuzzFEv01.zip
License type: Freeware
Description: WFuzz FrontEnd (WFuzz UI) is what we just wrap GUI to the all-time famous wfuzz.py by Carlos del ojo & Christian Martorella (Edge-security.com). WFuzz is known as a Web Brute Forcer. It's a tool that got its fame thanks to its multithreading and flexibility to show only desired results based on HTTP Response Code, No. of Lines/Words. When fuzzing is done, firefox will open and show the result.
Requirements: Python, JRE 1.5 >=
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Fiddler
Rating: 0.0 (0 votes)
Author: Eric Lawrence                        
Website: http://www.telerik.com/fiddler
Current version: 2.4.5.9
Last updated: January 2, 2014
Direct D/L link: Locally archived copy
License type: Free
Description: Very powerful "web debugger" / intercept proxy, to capture and edit web requests on the fly, with lots of automation and scripting options.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Paros Proxy
Rating: 0.0 (0 votes)
Author: Chinotec Technologies Company                        
Website: http://www.parosproxy.org
Current version: 3.2.13
Last updated: August 8, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.
Also listed in: HTTP Proxy Tools, SSL Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views