Websecurify 0.8Beta1

Posted January 6th, 2011. Filed under Security Stuff

Websecurify Promo from WEBSECURIFY on Vimeo.

Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Some of the main features of Websecurify include:
Available for all major operating systems (Windows, Mac OS, Linux)
Simple to use user interface
Built-in internationalization support
Easily extensible with the help of add-ons and plugins
Exportable and customisable reports with any level of detail
Moduler and reusable design
Powerful manual testing tools and helper facilities
Powerful analytical and scanning technology
Scriptable support for JavaScript and Python
Extensible via many languages including JavaScript, Python, C, C++ and Java

Download : http://code.google.com/p/websecurify/downloads/list

Official website : http://websecurify.com/

In his demonstration at 7Safe’s IT Security Knowledge Share Evening, Consultant, Aleksander Gorkowienko showed the audience a real life exploitation scenario of XSS flaw which is one of the vulnerabilities most frequently found during everyday penetration testing. The live demo illustrated how an attacker may exploit Persistent Cross-Site Scripting flaw, steal a user’s cookie then takeover his session and access sensitive information (e.g. bank statements).

Video : > Click <

Lens Version

Posted May 21st, 2010. Filed under Security Stuff

About Lens


Lens is an open-source ethical hacking tool specialized to penetration testing of ASP.NET web applications. Lens is written in WPF 4 and its internal modular architecture allows us to easily add new tests to the system.


You can use our Lens tool to test your site against the following attacks.


* Session state
o Eavesdropping
o Session fixation (available in v.
* Forms authentication
o Eavesdropping
* ViewState
o Eavesdropping (available in v.
o Information disclosure (available in v.
o Event handler bypass
* Event handling
o Postback to disabled controls
o Postback to invisible controls
* One-click attack


System Requirements


.NET Framework 4 (Full Profile)


Download : http://ethicalhackingaspnet.codeplex.com/

x5s Automated XSS Testing Assistant

Posted April 7th, 2010. Filed under Security Stuff


x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. By auto-injecting special character-probes x5s can detect where an emitted character may be ill-encoded or transformed and vulnerable to XSS attacks. The methodology used by x5s is to inject small probes which do not constitute a working XSS payload. In other words, x5s will not inject XSS payloads anywhere, it merely aims to identify character encoding and transformation issues that lead to XSS.

The x5s tool will automate testing all of the GET and POST input parameters on the target application, then present the findings in a grid-display for quick visual analysis. The tool goes further by auto-injecting special characters (e.g. higher Unicode, overlong UTF-8) to detect transformations that could lead to XSS. x5s has an extensible design allowing for custom request parsers to be quickly implemented. For example, if the target application uses some custom XHR request format that resembles a hybrid between JSON and RPC, you could implement a parser so all of those inputs would be properly tested.

Download and more info: http://xss.codeplex.com

Powered by HaxTor | CopyWrong © 2011