本文共 23618 字,大约阅读时间需要 78 分钟。
很多,非常多。
Test sites / testing grounds
SPI Dynamics (live) – http://zero.webappsecurity.com/
Cenzic (live) – http://crackme.cenzic.com/Watchfire (live) – http://demo.testfire.net/Acunetix (live) – http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.comWebMaven / Buggy Bank – http://www.mavensecurity.com/webmavenFoundstone SASS tools – http://www.foundstone.com/us/resources-free-tools.aspUpdated HackmeBank – http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.htmlOWASP WebGoat – http://www.owasp.org/index.php/OWASP_WebGoat_ProjectOWASP SiteGenerator – http://www.owasp.org/index.php/Owasp_SiteGeneratorStanford SecuriBench – http://suif.stanford.edu/~livshits/securibench/SecuriBench Micro – http://suif.stanford.edu/~livshits/work/securibench-micro/HTTP proxying / editing
WebScarab – http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp – http://www.portswigger.net/Paros – http://www.parosproxy.org/Fiddler – http://www.fiddlertool.com/Web Proxy Editor – http://www.microsoft.com/mspress/companion/0-7356-2187-X/Pantera – http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_ProjectSuru – http://www.sensepost.com/research/suru/httpedit (curses-based) – http://www.neutralbit.com/en/rd/httpedit/Charles – http://www.xk72.com/charles/Odysseus – http://www.bindshell.net/tools/odysseusBurp, Paros, and WebScarab for Mac OS X – http://www.corsaire.com/downloads/Web-application scanning tool from `Network Security Tools’/O’Reilly – http://examples.oreilly.com/networkst/JS Commander – http://jscmd.rubyforge.org/Ratproxy – http://code.google.com/p/ratproxy/RSnake’s XSS cheat sheet based-tools, webapp fuzzing, and encoding tools
Wfuzz – http://www.edge-security.com/wfuzz.php
ProxMon – http://www.isecpartners.com/proxmon.htmlWapiti – http://wapiti.sourceforge.net/Grabber – http://rgaucher.info/beta/grabber/XSSScan – http://darkcode.ath.cx/scanners/XSSscan.pyCAL9000 – http://www.owasp.org/index.php/Category:OWASP_CAL9000_ProjectHTMangLe – http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htmJBroFuzz – http://sourceforge.net/projects/jbrofuzzXSSFuzz – http://ha.ckers.org/blog/20060921/xssfuzz-released/WhiteAcid’s XSS Assistant – http://www.whiteacid.org/greasemonkey/Overlong UTF – http://www.microsoft.com/mspress/companion/0-7356-2187-X/[TGZ] MielieTool (SensePost Research) – http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgzRegFuzzer: test your regular expression filter – http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filterscreamingCobra – http://www.dachb0den.com/projects/screamingcobra.htmlSPIKE and SPIKE Proxy – http://immunitysec.com/resources-freesoftware.shtmlRFuzz – http://rfuzz.rubyforge.org/WebFuzz – http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999TestMaker – http://www.pushtotest.com/Docs/downloads/features.htmlASP Auditor – http://michaeldaw.org/projects/asp-auditor-v2/WSTool – http://wstool.sourceforge.net/Web Hack Control Center (WHCC) – http://ussysadmin.com/whcc/Web Text Converter – http://www.microsoft.com/mspress/companion/0-7356-2187-X/HackBar (Firefox Add-on) – https://addons.mozilla.org/firefox/3899/Net-Force Tools (NF-Tools, Firefox Add-on) – http://www.net-force.nl/library/downloads/PostIntercepter (Greasemonkey script) – http://userscripts.org/scripts/show/743HTTP general testing / fingerprinting
Wbox: HTTP testing tool – http://hping.org/wbox/
ht://Check – http://htcheck.sourceforge.net/Mumsie – http://www.lurhq.com/tools/mumsie.htmlWebInject – http://www.webinject.org/Torture.pl Home Page – http://stein.cshl.org/~lstein/torture/JoeDog’s Seige – http://www.joedog.org/JoeDog/Siege/OPEN-LABS: metoscan (http method testing) – http://www.open-labs.org/Load-balancing detector – http://ge.mine.nu/lbd.htmlHMAP – http://ujeni.murkyroc.com/hmap/Net-Square: httprint – http://net-square.com/httprint/Wpoison: http stress testing – http://wpoison.sourceforge.net/Net-square: MSNPawn – http://net-square.com/msnpawn/index.shtmlhcraft: HTTP Vuln Request Crafter – http://druid.caughq.org/projects/hcraft/rfp.labs: LibWhisker – http://www.wiretrip.net/rfp/lw.aspNikto – http://www.cirt.net/code/nikto.shtmltwill – http://twill.idyll.org/DirBuster – http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project[ZIP] DFF Scanner – http://security-net.biz/files/dff/DFF.zip[ZIP] The Elza project – http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.htmlHackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled – http://sf.net/projects/hackfoxBrowser-based HTTP tampering / editing / replaying
TamperIE – http://www.bayden.com/Other/
isr-form – http://www.infobyte.com.ar/developments.htmlModify Headers (Firefox Add-on) – http://modifyheaders.mozdev.org/Tamper Data (Firefox Add-on) – http://tamperdata.mozdev.org/UrlParams (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1290/TestGen4Web (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1385/DOM Inspector / Inspect This (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/LiveHTTPHeaders / Header Monitor (Firefox Add-on) – http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/Cookie editing / poisoning
[TGZ] stompy: session id tool – http://lcamtuf.coredump.cx/stompy.tgz
Add’N Edit Cookies (AnEC, Firefox Add-on) – http://addneditcookies.mozdev.org/CookieCuller (Firefox Add-on) – http://cookieculler.mozdev.org/CookiePie (Firefox Add-on) – http://www.nektra.com/oss/firefox/extensions/cookiepie/CookieSpy – http://www.codeproject.com/shell/cookiespy.aspCookies Explorer – http://www.dutchduck.com/Features/Cookies.aspxAjax and XHR scanning
Sahi – http://sahi.co.in/
scRUBYt – http://scrubyt.org/jQuery – http://jquery.com/jquery-include – http://www.gnucitizen.org/projects/jquery-includeSprajax – http://www.denimgroup.com/sprajax.htmlWatir – http://wtr.rubyforge.org/Watij – http://watij.com/Watin – http://watin.sourceforge.net/RBNarcissus – http://idontsmoke.co.uk/2005/rbnarcissus/SpiderTest (Spider Fuzz plugin) – http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-pluginJavascript Inline Debugger (jasildbg) – http://jasildbg.googlepages.com/Firebug Lite – http://www.getfirebug.com/lite.htmlfirewaitr – http://code.google.com/p/firewatir/RSS extensions and caching
LiveLines (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/324/
rss-cache – http://www.dubfire.net/chris/projects/rss-cache/SQL injection scanning
0×90.org: home of Absinthe, Mezcal, etc – http://0×90.org/releases.php
SQLiX – http://www.owasp.org/index.php/Category:OWASP_SQLiX_Projectsqlninja: a SQL Server injection and takover tool – http://sqlninja.sourceforge.net/JustinClarke’s SQL Brute – http://www.justinclarke.com/archives/2006/03/sqlbrute.htmlBobCat – http://www.northern-monkee.co.uk/projects/bobcat/bobcat.htmlsqlmap – http://sqlmap.sourceforge.net/Scully: SQL Server DB Front-End and Brute-Forcer – http://www.sensepost.com/research/scully/FG-Injector – http://www.flowgate.net/?lang=en&seccion=herramientasPRIAMOS – http://www.priamos-project.com/Web application security malware, backdoors, and evil code
W3AF: Web Application Attack and Audit Framework – http://w3af.sourceforge.net/
Jikto – http://busin3ss.name/jikto-in-the-wild/XSS Shell – http://ferruh.mavituna.com/article/?1338XSS-Proxy – http://xss-proxy.sourceforge.netAttackAPI – http://www.gnucitizen.org/projects/attackapi/FFsniFF – http://azurit.elbiahosting.sk/ffsniff/HoneyBlog’s web-based junkyard – http://honeyblog.org/junkyard/web-based/BeEF – http://www.bindshell.net/tools/beef/Firefox Extension Scanner (FEX) – http://www.gnucitizen.org/projects/fex/What is my IP address? – http://reglos.de/myaddress/xRumer: blogspam automation tool – http://www.botmaster.net/movies/XFull.htmSpyJax – http://www.merchantos.com/makebeta/tools/spyjax/Greasecarnaval – http://www.gnucitizen.org/projects/greasecarnavalTechnika – http://www.gnucitizen.org/projects/technika/Load-AttackAPI bookmarklet – http://www.gnucitizen.org/projects/load-attackapi-bookmarkletMD’s Projects: JS port scanner, pinger, backdoors, etc – http://michaeldaw.org/my-projects/Web application services that aid in web application security assessment
Netcraft – http://www.netcraft.net
AboutURL – http://www.abouturl.com/The Scrutinizer – http://www.scrutinizethis.com/net.toolkit – http://clez.net/ServerSniff – http://www.serversniff.net/Online Microsoft script decoder – http://www.greymagic.com/security/tools/decoder/Webmaster-Toolkit – http://www.webmaster-toolkit.com/myIPNeighbbors, et al – http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_AddressPHP charset encoding – http://h4k.in/encodingdata: URL testcases – http://h4k.in/dataurlBrowser-based security fuzzing / checking
Zalewski’s MangleMe – http://lcamtuf.coredump.cx/mangleme/mangle.cgi
hdm’s tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan – http://metasploit.com/users/hdm/tools/Peach Fuzzer Framework – http://peachfuzz.sourceforge.net/TagBruteForcer – http://research.eeye.com/html/tools/RT20060801-3.htmlPROTOS Test-Suite: c05-http-reply – http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.htmlCOMRaider – http://labs.idefense.combcheck – http://bcheck.scanit.be/bcheck/Stop-Phishing: Projects page – http://www.indiana.edu/~phishing/?projectsLinkScanner – http://linkscanner.explabs.com/linkscanner/default.aspBrowserCheck – http://www.heise-security.co.uk/services/browsercheck/Cross-browser Exploit Tests – http://www.jungsonnstudios.com/cool.phpStealing information using DNS pinning demo – http://www.jumperz.net/index.php?i=2&a=1&b=7Javascript Website Login Checker – http://ha.ckers.org/weird/javascript-website-login-checker.htmlMozilla Activex – http://www.iol.ie/~locka/mozilla/mozilla.htmJungsonn’s Black Dragon Project – http://blackdragon.jungsonnstudios.com/Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) – http://ha.ckers.org/mr-t/Vulnerable Adobe Plugin Detection For UXSS PoC – http://www.0×000000.com/?i=324About Flash: is your flash up-to-date? – http://www.macromedia.com/software/flash/about/Test your installation of Java software – http://java.com/en/download/installed.jsp?detect=jre&try=1WebPageFingerprint – Light-weight Greasemonkey Fuzzer – http://userscripts.org/scripts/show/30285PHP static analysis and file inclusion scanning
PHP-SAT.org: Static analysis for PHP – http://www.program-transformation.org/PHP/
Unl0ck Research Team: tool for searching in google for include bugs – http://unl0ck.net/tools.phpFIS: File Inclusion Scanner – http://www.segfault.gr/index.php?cat_id=3&cont_id=25PHPSecAudit – http://developer.spikesource.com/projects/phpsecauditPHP Defensive Tools
PHPInfoSec – Check phpinfo configuration for security – http://phpsec.org/projects/phpsecinfo/
A Greasemonkey Replacement can be found at http://yehg.net/lab/#tools.greasemonkey
Php-Brute-Force-Attack Detector – Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zipPHP-Login-Info-Checker – Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlichttp://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip
http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip
php-DDOS-Shield – A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. http://code.google.com/p/ddos-shield/PHPMySpamFIGHTER – http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rarWeb Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources
APIDS on Wikipedia – http://en.wikipedia.org/wiki/APIDS
PHP Intrusion Detection System (PHP-IDS) – http://php-ids.org/ http://code.google.com/p/phpids/dotnetids – http://code.google.com/p/dotnetids/Secure Science InterScout – http://www.securescience.com/home/newsandevents/news/interscout1.0.htmlRemo: whitelist rule editor for mod_security – http://remo.netnea.com/GotRoot: ModSecuirty rules – http://www.gotroot.com/tiki-index.php?page=mod_security+rulesThe Web Security Gateway (WSGW) – http://wsgw.sourceforge.net/mod_security rules generator – http://noeljackson.com/tools/modsecurity/Mod_Anti_Tamper – http://www.wisec.it/projects.php?id=3[TGZ] Automatic Rules Generation for Mod_Security – http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgzAQTRONIX WebKnight – http://www.aqtronix.com/?PageID=99Akismet: blog spam defense – http://akismet.com/Samoa: Formal tools for securing web services – http://research.microsoft.com/projects/samoa/Web services enumeration / scanning / fuzzing
WebServiceStudio2.0 – http://www.codeplex.com/WebserviceStudio
Net-square: wsChess – http://net-square.com/wschess/index.shtmlWSFuzzer – http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_ProjectSIFT: web method search tool – http://www.sift.com.au/73/171/sift-web-method-search-tool.htmiSecPartners: WSMap, WSBang, etc – http://www.isecpartners.com/tools.htmlWeb application non-specific static source-code analysis
Pixy: a static analysis tool for detecting XSS vulnerabilities – http://www.seclab.tuwien.ac.at/projects/pixy/
Brixoft.Net: Source Edit – http://www.brixoft.net/prodinfo.asp?id=1Security compass web application auditing tools (SWAAT) – http://www.owasp.org/index.php/Category:OWASP_SWAAT_ProjectAn even more complete list here – http://www.cs.cmu.edu/~aldrich/courses/654/tools/A nice list that claims some demos available – http://www.cs.cmu.edu/~aldrich/courses/413/tools.htmlA smaller, but also good list – http://spinroot.com/static/Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. http://www.yasca.org/Static analysis for C/C++ (CGI, ISAPI, etc) in web applications
RATS – http://www.securesoftware.com/resources/download_rats.html
ITS4 – http://www.cigital.com/its4/FlawFinder – http://www.dwheeler.com/flawfinder/Splint – http://www.splint.org/Uno – http://spinroot.com/uno/BOON (Buffer Overrun detectiON) – http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.netValgrind – http://www.valgrind.org/Java static analysis, security frameworks, and web application security tools
LAPSE – http://suif.stanford.edu/~livshits/work/lapse/
HDIV Struts – http://hdiv.org/Orizon – http://sourceforge.net/projects/orizon/FindBugs: Find bugs in Java programs – http://findbugs.sourceforge.net/PMD – http://pmd.sourceforge.net/CUTE: A Concolic Unit Testing Engine for C and Java – http://osl.cs.uiuc.edu/~ksen/cute/EMMA – http://emma.sourceforge.net/JLint – http://jlint.sourceforge.net/Java PathFinder – http://javapathfinder.sourceforge.net/Fujaba: Move between UML and Java source code – http://wwwcs.uni-paderborn.de/cs/fujaba/Checkstyle – http://checkstyle.sourceforge.net/Cookie Revolver Security Framework – http://sourceforge.net/projects/cookie-revolvertinapoc – http://sourceforge.net/projects/tinapocjarsigner – http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.htmlSolex – http://solex.sourceforge.net/Java Explorer – http://metal.hurlant.com/jexplore/HTTPClient – http://www.innovation.ch/java/HTTPClient/another HttpClient – http://jakarta.apache.org/commons/httpclient/a list of code coverage and analysis tools for Java – http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.htmlMicrosoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET
* Visual Studio 2008 Code Analysis, available in:
o VSTS 2008 Development Edition (http://msdn.microsoft.com/vsts2008/products/bb933752.aspx) ando VSTS 2008 Team Suite (http://msdn.microsoft.com/vsts2008/products/bb933735.aspx)* Visual Studio 2005 Code Analyzer, available in:o Visual Studio 2005 Team Edition for Software Developers (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)o Visual Studio 2005 Team Suite (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)* Web Development Helper – http://www.nikhilk.net/Project.WebDevHelper.aspx* FxCop:o (blog) http://blogs.msdn.com/fxcop/o (download) http://code.msdn.microsoft.com/codeanalysis* Microsoft internal tools you can’t have yet:o http://www.microsoft.com/windows/cse/pa_projects.mspxo http://research.microsoft.com/Pex/o http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdfThreat modeling
Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) – http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
Amenaza: Attack Tree Modeling (SecurITree) – http://www.amenaza.com/software.phpOctotrike – http://www.octotrike.org/Add-ons for Firefox that help with general web application security
Web Developer Toolbar – https://addons.mozilla.org/firefox/60/
Plain Old Webserver (POW) – https://addons.mozilla.org/firefox/3002/XML Developer Toolbar – https://addons.mozilla.org/firefox/2897/Public Fox – https://addons.mozilla.org/firefox/3911/XForms Buddy – http://beaufour.dk/index.php?sec=misc&pagename=xformsMR Tech Local Install – http://www.mrtech.com/extensions/local_install/Nightly Tester Tools – http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.htmlIE Tab – https://addons.mozilla.org/firefox/1419/User-Agent Switcher – https://addons.mozilla.org/firefox/59/ServerSwitcher – https://addons.mozilla.org/firefox/2409/HeaderMonitor – https://addons.mozilla.org/firefox/575/RefControl – https://addons.mozilla.org/firefox/953/refspoof – https://addons.mozilla.org/firefox/667/No-Referrer – https://addons.mozilla.org/firefox/1999/LocationBar^2 – https://addons.mozilla.org/firefox/4014/SpiderZilla – http://spiderzilla.mozdev.org/Slogger – https://addons.mozilla.org/en-US/firefox/addon/143Fire Encrypter – https://addons.mozilla.org/firefox/3208/Add-ons for Firefox that help with Javascript and Ajax web application security
Selenium IDE – http://www.openqa.org/selenium-ide/
Firebug – http://www.joehewitt.com/software/firebug/Venkman – http://www.mozilla.org/projects/venkman/Chickenfoot – http://groups.csail.mit.edu/uid/chickenfoot/Greasemonkey – http://www.greasespot.net/Greasemonkey compiler – http://www.letitblog.com/greasemonkey-compiler/User script compiler – http://arantius.com/misc/greasemonkey/script-compilerExtension Developer’s Extension (Firefox Add-on) – http://ted.mielczarek.org/code/mozilla/extensiondev/Smart Middle Click (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/3885/Bookmarklets that aid in web application security
RSnake’s security bookmarklets – http://ha.ckers.org/bookmarklets.html
BMlets – http://optools.awardspace.com/bmlet.htmlHuge list of bookmarklets – http://www.squarefree.com/bookmarklets/Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality – http://www.blummy.com/Bookmarklets every blogger should have – http://www.micropersuasion.com/2005/10/bookmarklets_ev.htmlFlat Bookmark Editing (Firefox Add-on) – http://n01se.net/chouser/proj/mozhack/OpenBook and Update Bookmark (Firefox Add-ons) – http://www.chuonthis.com/extensions/SSL certificate checking / scanning
[ZIP] THCSSLCheck – http://thc.org/root/tools/THCSSLCheck.zip
[ZIP] Foundstone SSLDigger – http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zipCert Viewer Plus (Firefox Add-on) – https://addons.mozilla.org/firefox/1964/Honeyclients, Web Application, and Web Proxy honeypots
Honeyclient Project: an open-source honeyclient – http://www.honeyclient.org/trac/
HoneyC: the low-interaction honeyclient – http://honeyc.sourceforge.net/Capture: a high-interaction honeyclient – http://capture-hpc.sourceforge.net/Google Hack Honeypot – http://ghh.sourceforge.net/PHP.Hop – PHP Honeynet Project – http://www.rstack.org/phphop/SpyBye – http://www.monkey.org/~provos/spybye/Honeytokens – http://www.securityfocus.com/infocus/1713Blackhat SEO and maybe some whitehat SEO
SearchStatus (Firefox Add-on) – http://www.quirk.biz/searchstatus/
SEO for Firefox (Firefox Add-on) – http://tools.seobook.com/firefox/seo-for-firefox.htmlSEOQuake (Firefox Add-on) – http://www.seoquake.com/Footprinting for web application security
Evolution – http://www.paterva.com/evolution-e.html
GooSweep – http://www.mcgrewsecurity.com/projects/goosweep/Aura: Google API Utility Tools – http://www.sensepost.com/research/aura/Edge-Security tools – http://www.edge-security.com/soft.phpFierce Domain Scanner – http://ha.ckers.org/fierce/Googlegath – http://www.nothink.org/perl/googlegath/Advanced Dork (Firefox Add-on) – https://addons.mozilla.org/firefox/2144/Passive Cache (Firefox Add-on) – https://addons.mozilla.org/firefox/977/CacheOut! (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1453/BugMeNot Extension (Firefox Add-on) – http://roachfiend.com/archives/2005/02/07/bugmenot/TrashMail.net Extension (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1813/DiggiDig (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/2819/Digger (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1467/Database security assessment
Scuba by Imperva Database Vulnerability Scanner – http://www.imperva.com/scuba/
Browser Defenses
DieHard – http://www.diehard-software.org/
LocalRodeo (Firefox Add-on) – http://databasement.net/labs/localrodeo/NoMoXSS – http://www.seclab.tuwien.ac.at/projects/jstaint/Request Rodeo – http://savannah.nongnu.org/projects/requestrodeoFlashBlock (Firefox Add-on) – http://flashblock.mozdev.org/CookieSafe (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/2497NoScript (Firefox Add-on) – http://www.noscript.net/FormFox (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1579/Adblock (Firefox Add-on) – http://adblock.mozdev.org/httpOnly in Firefox (Firefox Add-on) – http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.htmlSafeCache (Firefox Add-on) – http://www.safecache.com/SafeHistory (Firefox Add-on) – http://www.safehistory.com/PrefBar (Firefox Add-on) – http://prefbar.mozdev.org/All-in-One Sidebar (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1027/QArchive.org web file checker (Firefox Add-on) – https://addons.mozilla.org/firefox/4115/Update Notified (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/2098/FireKeeper – http://firekeeper.mozdev.org/Greasemonkey: XSS Malware Script Detector – http://yehg.net/lab/#tools.greasemonkeyBrowser Privacy
TrackMeNot (Firefox Add-on) – https://addons.mozilla.org/firefox/3173/
Privacy Bird – http://www.privacybird.com/Application and protocol fuzzing (random instead of targeted)
Sulley – http://fuzzing.org/
taof: The Art of Fuzzing – http://sourceforge.net/projects/taof/zzuf: multipurpose fuzzer – http://sam.zoy.org/zzuf/autodafé: an act of software torture – http://autodafe.sourceforge.net/EFS and GPF: Evolutionary Fuzzing System – http://www.appliedsec.com/resources.html
转载地址:http://dyqmb.baihongyu.com/