Section: .. / web /
| /// File Name: |
FormScalpelv1.0.11BETA.zip |
Description:
|
Form Scalpel v1.0.11 for Windows is designed to aid security professionals to assess the resilience of a web sites forms to various forms of attack. Given the growing sophistication and variety of sites and development techniques utilized, a generic tool specifically aimed at making this job easier was required. Thus "Form Scalpel" was born. The tool automatically extracts form/s from a given web page and automatically splits out all fields for editing and manipulation - making it a simple task to formulate detailed GET and POST requests. The application supports HTTP and HTTPS connections and will function over proxy servers.
| | Author: | Curryman | | Homepage: | http://ugc.org.uk/~curryman | | File Size: | 2740611 | | Last Modified: | Sep 20 00:40:47 2001 |
| MD5 Checksum: | cc2ae1b4a6b71dd864d1bab764dc9e8c |
|
| /// File Name: |
corkscrew-2.0.tar.gz |
Description:
|
corkscrew is a small program for tunneling SSH through HTTP proxies. It features easy configuration and support for several Unix variants.
| | Homepage: | http://www.agroman.net/corkscrew/ | | Changes: | Added support for basic HTTP authentication. | | File Size: | 56749 | | Last Modified: | Aug 28 03:11:11 2001 |
| MD5 Checksum: | 35df77e7f0e59c0ec4f80313be52c10a |
|
| /// File Name: |
http_filter.tar.gz |
Description:
|
HTTP Filter v1.4 is a HTTP tunnel with filtering and multiplexing which sits in front of not-so-secure Web servers (like IIS), and it accepts requests, applies a set of rules to them, and allows the requests to be passed through to the back-end Web server only if they pass all filters.
| | Homepage: | http://glob.com.au/http_filter | | Changes: | An issue with HTTP/1.1 persistant connections was resolved. Previous versions only applied filtering to the first request of the connection. | | File Size: | 10605 | | Last Modified: | Aug 26 01:08:23 2001 |
| MD5 Checksum: | 8682dd9a95b52c6ad1e5625dec7690e8 |
|
| /// File Name: |
achilles-0-27.zip |
Description:
|
Achilles is a tool for Windows designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session?s data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
| | Homepage: | http://www.digizen-security.com/projects.html | | File Size: | 433167 | | Last Modified: | Aug 16 01:06:47 2001 |
| MD5 Checksum: | 53c77733109f3d7b33a5143703e8cf05 |
|
| /// File Name: |
corkscrew-1.4.tar.gz |
Description:
|
corkscrew is a small program for tunneling SSH through HTTP proxies. It features easy configuration and support for several Unix variants.
| | Homepage: | http://www.agroman.net/corkscrew/ | | Changes: | Fixed bug causing corkscrew not to run on Solaris and HPUX. | | File Size: | 55610 | | Last Modified: | Apr 22 15:56:24 2001 |
| MD5 Checksum: | 948d1c97029011f78e034a55feef9a58 |
|
| /// File Name: |
transconnect-0.3-beta.tar.gz |
Description:
|
TransConnect is an implementation of function interposing to allow users behind an HTTP proxy (which allows https) to use networking applications like telnet, ssh, fetchmail, irc, whois, etc. as if they were directly connected to the Internet.
| | Homepage: | http://transconnect.sourceforge.net | | Changes: | Support for FreeBSD, NetBSD, OpenBSD, and SunOS in addition to Linux. Testing was done on Linux, SunOS 5.7, and FreeBSD. | | File Size: | 8515 | | Last Modified: | Apr 22 14:36:38 2001 |
| MD5 Checksum: | aaa42c4eb1900aa8c5c3f569e2a3d4aa |
|
| /// File Name: |
webspider_1.1.pl |
Description:
|
Webspider v1.1 is a perl script that, when given a start page, will "follow" every link it finds, scanning the HTML code for the use of CGI's. WebSpider will report every CGI used by a webmaster in seconds.
| | Author: | T-Omicron | | Homepage: | http://t-omicr0n.hexyn.be | | File Size: | 6419 | | Last Modified: | Apr 20 21:18:23 2001 |
| MD5 Checksum: | 84f662378857cb44c6ad1c862b682e26 |
|
| /// File Name: |
corkscrew-1.3.tar.gz |
Description:
|
corkscrew is a small program for tunneling SSH through HTTP proxies. It features easy configuration and support for several Unix variants.
| | Homepage: | http://www.agroman.net/corkscrew/ | | File Size: | 55361 | | Last Modified: | Apr 15 15:04:17 2001 |
| MD5 Checksum: | c61f469224ac97ed231e355ea671afd8 |
|
| /// File Name: |
comclear-1.2.tar.gz |
Description:
|
ComClear is a history cleaner for Netscape Navigator and Communicator which allows a user to choose from deleting the cache, cookies, history, and drop-down list. Comclear has both a command-line version and a GTK+ version, the latter of which is run automatically when ComClear is run from an X session.
| | Homepage: | http://www.neuro-tech.net/comclearu.xml | | Changes: | This release has better RPM packaging, and a GNOME application link. | | File Size: | 43157 | | Last Modified: | Apr 15 14:42:11 2001 |
| MD5 Checksum: | ace74974ceef363fb895815ea7b2fd83 |
|
| /// File Name: |
Liskit_1.6.zip |
Description:
|
Liskit is a tool for finding directory traversal bugs in webservers by trying to download a file called "a", placed outside of the webroot. Liskit has found directory traversals in several webservers.
| | Author: | T-Omicron | | Homepage: | http://t-Omicr0n.hexyn.be | | File Size: | 3468 | | Last Modified: | Apr 8 21:12:15 2001 |
| MD5 Checksum: | 68b2ec72088692a4e759b22eb156aec5 |
|
| /// File Name: |
cgiproxy.1.4.1-SSL.tar.gz |
Description:
|
CGIProxy is a Perl CGI script that acts as an Internet proxy. Through it, you can retrieve resources that may be inaccessible from your own machine. No user info is transmitted, so it can be used as an anonymous proxy. HTTP and FTP are supported. Options include text-only browsing (to save bandwidth), selective cookie and script removal, simple ad filtering, encoded target URLs, configuration by end user, and more.
| | Homepage: | http://www.jmarshall.com/tools/cgiproxy/ | | Changes: | This release runs 15% faster, fixes bug with meta "refresh" tags causing duplicate entry forms, and fixes another entry form bug. | | File Size: | 94105 | | Last Modified: | Mar 9 21:38:22 2001 |
| MD5 Checksum: | 8dc0cad35f429db6d902b0c3b2524b45 |
|
| /// File Name: |
cgiproxy.1.4.1.tar.gz |
Description:
|
CGIProxy is a Perl CGI script that acts as an Internet proxy. Through it, you can retrieve resources that may be inaccessible from your own machine. No user info is transmitted, so it can be used as an anonymous proxy. HTTP and FTP are supported. Options include text-only browsing (to save bandwidth), selective cookie and script removal, simple ad filtering, encoded target URLs, configuration by end user, and more.
| | Homepage: | http://www.jmarshall.com/tools/cgiproxy/ | | Changes: | This release runs 15% faster, fixes a bug with meta "refresh" tags causing duplicate entry forms, and fixes another entry form bug. | | File Size: | 49038 | | Last Modified: | Mar 9 21:37:08 2001 |
| MD5 Checksum: | 4269d23d3796f14654fb19983a90fd8a |
|
| /// File Name: |
mod_id_1.0.tar.gz |
Description:
|
Mod_Id is an interesting Apache Module which is an IDS system watching for suspicious URL's.
| | Author: | Burak | | Homepage: | http://www.hacettepe.edu.tr/~burak | | File Size: | 31774 | | Last Modified: | Feb 27 02:19:40 2001 |
| MD5 Checksum: | 695e16ef65ffaf086eaca589a1f92212 |
|
| /// File Name: |
deluge-0.9.11.tar.gz |
Description:
|
Deluge is a Web site stress testing tool designed to mimic different types of users/customers. Simulated users can be robotic (various wandering types), or script-based. Scripts are recorded using an included proxy server, and support variables for variation during multiple attacks. An evaluation program is also included to turn the large resulting log files into useful, readable data.
| | Homepage: | http://sourceforge.net/projects/deluge | | File Size: | 222051 | | Last Modified: | Feb 4 22:11:15 2001 |
| MD5 Checksum: | 12ee7d3268d92ca21a35946446cd17e4 |
|
| /// File Name: |
swiftsurf.tar.gz |
Description:
|
SwiftSurf v1.01 is an HTTP proxy that lets you do a lot of things. You can spy, filter, and modify the HTTP requests that your browser sends, as well as the answers it receives. Some of its possible uses include filtering ads, limiting access to a specific domain, or suppressing cookies.
| | Homepage: | http://pauillac.inria.fr/~ailleret/prog/swiftsurf/index-eng.html | | File Size: | 18199 | | Last Modified: | Jan 15 02:06:47 2001 |
| MD5 Checksum: | 4840088e4e843dfa9867c966260e43af |
|
| /// File Name: |
pudding01.tar.gz |
Description:
|
Pudding is a proxy which recodes HTTP requests using most of RFP's IDS evasion encoding methods, plus random UTF-8 encoding support. Allows any web aware program/exploit/cgi-scanner to evade IDS without modification of the original code. Encoding methods include all uppercase, hex encoding, /./ directory insertion, fake parameters, premature URL endings, windows delimiters, and random UTF8 encoding.
| | Author: | Roelof Temmingh | | Homepage: | http://www.sensepost.com | | File Size: | 6236 | | Last Modified: | Jan 12 19:40:35 2001 |
| MD5 Checksum: | c59f537e8c2babca36afbce55c28089b |
|
| /// File Name: |
redir-httpd.c |
Description:
|
redir-httpd is an ultra-minimalist, non-RFC-compliant HTTP server that will ONLY issue redirects to another site. It's good for running on home systems that have permanent connectivity (i.e. DSL and cable-modem subscribers). It should be short enough to be easily understood (and thus audited for potential security issues), and still fairly robust.
| | Homepage: | http://www.technopagan.org | | File Size: | 5421 | | Last Modified: | Jan 8 18:45:27 2001 |
| MD5 Checksum: | 2d3c8337450315d0a149061df88218be |
|
| /// File Name: |
nncookct.zip |
Description:
|
Netscape Navigator Cookie Cutter - Let you choose which cookies to use under Windows Netscape.
| | Homepage: | http://www.roninsg.com/nncookct.htm | | File Size: | 77496 | | Last Modified: | Jan 1 00:35:31 2001 |
| MD5 Checksum: | 86e6e99134299a355ec53ba16ceab2d4 |
|
| /// File Name: |
sslclient.tar.gz |
Description:
|
The SSL client stress tool is a small program which is capable of stress testing any SSL-based server. It has been tested with Apache+mod_ssl and IIS. It can be easily modified to stress test any custom SSL implementation, and can also stress test static-page HTTP servers.
| | Homepage: | http://sslclient.sourceforge.net | | File Size: | 953451 | | Last Modified: | Dec 31 00:51:18 2000 |
| MD5 Checksum: | 543b9c72c39fd59fb7f3d6dbdeb61e30 |
|
| /// File Name: |
hhp-webinfo.pl |
Description:
|
This little utility will use a public service (netcraft) to check the web server version and operating system of a remote host.
| | Author: | Loophole | | Homepage: | http://www.hhp-programming.net | | File Size: | 1262 | | Last Modified: | Dec 30 22:22:56 2000 |
| MD5 Checksum: | a5cdbc365ef4c4de7316495a0af1d224 |
|
| /// File Name: |
elza-1.4.7-beta.zip |
Description:
|
The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicking browser behavior almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool. As a result, one can hijack heavily protected HTML forms, perform dictionary attacks on login forms, and do sophisticated CGI scanning.
| | Author: | Philip Stoev | | Homepage: | http://phiphi.hypermart.net/pub/ | | Changes: | Beta release - Includes some new features. | | File Size: | 85719 | | Last Modified: | Dec 21 18:11:51 2000 |
| MD5 Checksum: | 69e706ec55eae97e6246d661df5e5d59 |
|
| /// File Name: |
Achilles-0-16-b.zip |
Description:
|
Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP sessions data in either direction and give the user the ability to alter the data before transmission. When in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
| | Homepage: | http://www.digizen-security.com/projects.html | | File Size: | 415805 | | Last Modified: | Dec 21 18:08:05 2000 |
| MD5 Checksum: | f97848d8b940fc4115a5457a1dde15aa |
|
| /// File Name: |
pixpirate.pl |
Description:
|
Pixpirate.pl will goto a source URL, download all other sub-URL's from an index of URL's, then goto each of those source url's, downloading every jpg file that it comes into contact with.
| | Author: | Ajax | | Homepage: | http://users.dhp.com/~ajax/code/ss | | File Size: | 12166 | | Last Modified: | Dec 2 19:10:56 2000 |
| MD5 Checksum: | dd5c3e955dc00e9e2c75f59d05543ddc |
|
| /// File Name: |
arse.c |
Description:
|
Arse.c brute forces valid logins from many default Apache instalations by checking if the server returns a 404 or a 403.
| | Author: | Incubus | | Homepage: | http://www.securax.org/incubus | | File Size: | 2797 | | Last Modified: | Aug 10 17:02:55 2000 |
| MD5 Checksum: | 4083f4193e367934ca70f6c6efedd353 |
|
| /// File Name: |
sendfile.pl |
Description:
|
sendfile.pl is a tool which uses echo to send files to any webserver which has an unchecked open() call in a cgi script.
| | Author: | Vade79 | | Homepage: | http://www.realhalo.org | | File Size: | 3066 | | Last Modified: | May 14 02:32:18 2000 |
| MD5 Checksum: | 33971fcef545107c5761f80bcf94e386 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
