Web H4cker t00ls List

Free Web Security Scanning Tools
Nikto
N-Stalker NStealth Free Edition
Burp Suite
Paros Proxy
OWASP Webscarab

SQL Injection
SQL Power Injector by Francois Larouche
Bobcat (based on “Data Thief” by Application Security, Inc.).
Absinthe – free blind SQL injection tool
SQLInjector by David Litchfield
NGS Software database tools

Cross-Site Scripting (XSS)
RSnake’s XSS Cheat Sheet
XSS-Proxy

IE Extensions for HTTP Analysis
TamperIE
IEWatch
IE Headers
IE Developer Toolbar
IE 5 Powertoys for WebDevs

Firefox Extensions for HTTP Analysis
LiveHTTP Headers
Tamper Data
Modify Headers

HTTP/S Proxy Tools
Paros Proxy
WebScarab
Fiddler HTTP Debugging Proxy
Burp Intruder
WatchFire PowerTools

Command-line HTTP/S Tools
cURL
Netcat
Sslproxy
Openssl
Stunnel

Sample Applications
Bayden Systems’ “sandbox” online shopping application
Foundstone Hacme Bank and Hacme Books

Web Site Crawling/Mirroring Tools
Lynx
Wget
Teleport Pro
Black Widow
Offline Explorer Pro

Profiling
HTTPrint for fingerprinting web servers
Jad, the Java Dissasembler
Google search using “+www.victim.+com” 
Google search using 損arent directory? robots.txt

Web Platform Attacks and Countermeasures
Microsoft IIS Security Bulletins and Advisories
Apache Security Bulletins
Metasploit Framework
Microsoft URLScan
Apache ModSecurity

Commercial Web App Vulnerability Scanners
Acunetix Enterprise Web Vulnerability Scanner
Cenzic Hailstorm
Ecyware GreenBlue Inspector
Syhunt Sandcat Suite
SPI Dynamics WebInspect
Watchfire AppScan
NTObjectives NTOSpider
Compuware DevPartner SecurityChecker
WhiteHat Security

Web Authentication Attack Tools
Brutus AET2
Hydra
WebCracker
NTLM Authentication Proxy Server (APS)

XML Web Services (SOAP)
WebService Studio
WSDigger
SoapClient.com
XML eXternal Entity (XXE) Attack
XPath Injection
Blind XPath Injection” by Amit Klein

Chapter 8, Achieving Stealth and Maintaining Presence
F-Secure Blacklight
GMER Rootkit Detection Tool
RKUnhooker Rootkit Detection Tool created by authors of Unreal.A rootkit 
WinObj v2.15
Streams v1.56
Using Driver Verifier to Troubleshoot Windows 2000 Device Drivers

Chapter 9: Hacking SQL Server
Paros Proxy
Absinthe
BobCat
Sqlninja
SQL Power Injector
Achilles
OWASP WebScarab
Sqlpoke, sqlbf, sqldict, and assorted dictionaries
SQLPing

http://hi.baidu.com/sker520/blog/item/2309e7d3454d7b083bf3cf21.html

发表评论

电子邮件地址不会被公开。

您可以使用这些HTML标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>