Hardanger – Web Application Penetration Testing (ALPHA)

Hardanger is an Open Source web application penetration testing tool led by security researchers from SecurityWire. The project aims to bridge the gap between current open source web application testing tools commonly used in a Linux environment and bring the same level of tools to native Windows based platforms. Most tools in this category are currently written in Java, C or python and provide a “different” user experience. Hardanger aims to deliver a user friendly experience for web application penetration testing by building tools on top of the excellent Fiddler2 web debugger.

The project deliverable will be a Fiddler2 addon dll written in C# that is easily installed using a .msi installer. A standalone application is also be available for users that do not want the integrated Fiddler2 experience. Hardanger will be architected so it can be easily expanded to add functionality. The first version will only include a simple HTTP(S) GET and POST Parameter fuzzer but will have built a foundation where it is trivial to plug in additional fuzzers engines as well as other features. Once server fuzzing is perfected and state of the art, this project will continue to add new features such as a web browser fuzzer, brute force tool, manual tampering, crawler, passive vulnerability detection, etc.

Download in here