Tool | URL | Description |
---|
9x CGI Bug Finder | http://www.zone-h.com/en/download/category=71/ | A tool to scan a host for CGI bugs. |
Apache Scanner | http://www.zone-h.com/en/download/category=71/ | An Apache vulnerability scanner. |
Babelweb | http://www.zone-h.com/en/download/category=28/ | A program that automates tests on an HTTP server. Babelweb follows the links and the HTTP redirect, but it is programmed to remain on the original server. |
Burp proxy | http://portswigger.net/proxy/ | An interactive HTTP/S proxy server for attacking and debugging web-enabled applications. It operates as a MITM between the end browser and the target web server. It also allows the user to intercept, inspect, and modify the raw traffic passing in both directions. |
Domino Web Server Scanner | http://www.zone-h.com/en/download/category=71/ | A vulnerability scanner for Domino web server. |
DW PHP Scanner | http://www.zone-h.com/en/download/category=71/ | A vulnerability scanner that checks for PHP vulnerabilities on web servers. |
httprint | http://net-square.com/httprint/index.html | httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they might have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. |
IIS Security Scanner | http://www.zone-h.com/en/download/category=71/ | A vulnerability scanner for Microsoft IIS servers. |
Nikto | http://www.zone-h.com/en/download/category=71/ | A web server scanner that performs comprehensive tests against web servers for multiple items, including more than 2200 potentially dangerous files/CGIs, versions on more than 140 servers, and problems on more than 210 servers. |
PHPNuke | http://www.zone-h.com/en/download/category=71/ | Scans for vulnerable PHP servers. |
PHPBB Vulnerability Scanner | http://www.zone-h.com/en/download/category=71/ | A PHP vulnerability scanner. |
PTwebdav buffer overflow checker | http://www.zone-h.com/en/download/category=71/ | A remote WebDAV buffer overflow checker. |
TWWWScan | http://www.zone-h.com/en/download/category=71/ | A Windows-based www vulnerability scanner that looks for 400 www/cgi vulnerabilities. |
Unicodeuploader.pl | http://www.sensepost.com | A Perl script that exploits vulnerable web servers and uploads files. |
URL Checker | http://www.zone-h.com/en/download/category=71/ | A CGI scanner that checks for more than 700 vulnerabilities. |
VoidEye CGI Scanner | http://www.zone-h.com/en/download/category=71/ | A CGI scanner. |
Wfetch | http://support.microsoft.com/support/kb/articles/Q284/2/85.ASP | A utility included with the IIS 6.0 Resource Kit from Microsoft. You can use this utility to retrieve files from a web server to test them for vulnerabilities. |
Whisker | http://www.wiretrip.net/rfp | A CGI scanner. |
WinSSLMiM (includes FakeCert) | http://www.zone-h.com/en/download/category=28/ | WinSSLMiM is an HTTPS MITM attacking tool. It includes FakeCert, a tool to make fake certificates. |