sitecheck : Modular web site spider for web developers.

Spiders a website and logs many common problems including missing resources (HTTP 400), server errors (HTTP 500), slow pages, looping redirects, missing meta tags, duplicate content and potential SQL injection/cross-site scripting (XSS) vulnerabilities.

Various informational modules are also available including the logging of email addresses, IP addresses, comments in the HTML, spelling mistakes, W3C validation errors, accessibility issues, and low scores on the Flesch Reading Ease test.

Features

  • Authentication by HTTP form submission
  • Suspend and resume
  • Download and save a site
  • Highly configurable with support for multiple profiles
  • Modular processing of responses
  • Checks for some common DNS issues
  • Includes inbound links from search engines

Download Right Here | read more in here

Advertisements

BBQSQL is a blind SQL injection framework written in Python.

Change current released : fixing help menu
Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

Overview of Readme
We tried to write the tool in such a way that it would be very self explanatory when setting up an attack in the UI. However, for sake of thoroughness we have included a detailed Readme that should provide you additional insight on the specifics of each configuration option. One thing to note is that every configuration option in the UI has a description associated with it, so if you do choose to fire up the tool without reading this page you should be able to hack your way through an attack.

High Level Usage
Similar to other SQL injection tools you provide certain request information.

Must provide the usual information:

  • URL
  • HTTP Method
  • Headers
  • Cookies
  • Encoding methods
  • Redirect behavior
  • Files
  • HTTP Auth
  • Proxies

Then specify where the injection is going and what syntax we are injecting. Read on for details.

Install
After you pull the tool from Github, you can install simply by typing:

python setup.py install

Download in here | Read more right here

Update Hiawatha V-8.3

Our post Before :

Hiawatha is a secure and advanced Web server for Unix. It has been written with security as its main goal. It features a rootjail, the ability to run CGIs under any UID/GID you want, prevention of SQL injection and cross-site scripting, banning of clients who try such exploits, and many other features. These features make Hiawatha an interesting Web server for those who need more security than what the other available Web servers are offering. Hiawatha is also fast and easy to configure.

Release Notes  8.3 23 May 2012 : This release adds reverse proxy functionality.

Download :
Unix/Linux : hiawatha-8.3.tar.gz
Windows :  hiawatha-8.3.zip
MacOS :  hiawatha-8.3.dmg
Read more Right here :  http://www.hiawatha-webserver.org/

SQLSentinel v0.1 beta – OpenSource tool for sql injection security testing

SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.
Please remember that SQLSentinel is not an exploiting tool. It can only finds url Vulnerabilities.

Download latest version : SQLSentinel_v_0.1_beta.zip (1.9 MB) 
find other version |
Read more in here : https://sourceforge.net/p/sqlsentinel

Scanner Atomic 1.0 – Website Scanner

Features
[*] Capture Dynamic sites by Dork / Captura de sites Dinâmicos por Dork.

[*] Capture Links following a site / Captura de Links de um seguinte site.

[*] Test SQL injection vulnerability in the sites captured. [*] Detection hash (Encryptions) / Teste da vulnerabilidade Sql injection nos sites capturados. [*]Detecção de hash(Criptografias)..

[*] Brute Force to break Encryptions / Força Bruta para quebra de Criptografias.

[*] Dscriptografia of base64 / Dscriptografia da base64.

Original language Portuguese

Platform : Windows
Download Latest Version : scanner atomic – instala__o.exe (2.0 MB)
Find other version | Read more in here

sitecheck v1.4 – Modular web site spider for web developers.

Checks for many common problems including missing documents (HTTP 400), server errors (HTTP 500), spelling mistakes, W3C validation errors, accessibility issues, missing meta tags, duplicate content, inbound links from search engines and potential SQL injection/cross-site scripting (XSS).
Features

  • Authentication by HTTP form submission
  • Suspend and resume
  • Download and save a site
  • Highly configurable
  • Modular design
  • Checks for some common DNS issues
For Installation, How To Usage Please README.txt

Platform : Windows & Linux

Download :
Windows : sitecheck-1.4.zip (36.8 KB) | Linux : sitecheck-1.4.tar.gz (31.8 KB)

Find other Version

read more in here : http://sitecheck.sourceforge.net/

Update Websploit V1.3 – Open source tool for scan and analysis Vulnerabilitys

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability

Description :
[+]Autopwn – Used From Metasploit For Scan and Exploit Target Service
[+]wmap – Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector – inject reverse & bind payload into file format
[+]phpmyadmin – Search Target phpmyadmin login page
[+]lfi – Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users – search server username directory (if use from apache webserver)
[+]Dir Bruter – brute target directory with wordlist
[+]admin finder – search admin & login page of target
[+]MLITM Attack – Man Left In The Middle, XSS Phishing Attacks
[+]MITM – Man In The Middle Attack


Platform : Unix/Linux

Download V1.3 : websploit-v 1.3.zip (1.1 MB)

Find other Version | Read more in here : http://code.google.com