Posts Tagged ‘web-hacking-tool’

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Features

  • Intercepting proxy
  • Automated scanner
  • Passive scanner
  • Spider

Next Release

The next release of OWASP ZAP, planned for later this year, is expected to include:

  • OWASP rebranding
  • Improvements to the passive and active automated scanners
  • Improvements the Spider
  • The addition a basic port scanner
  • The ability to brute force files and directories (using components from DirBuster)

ZAP is actually a fork from Paros Proxy.

Cross Platform – ZAP_1.0.0b_installation.tar.gz
Windows Installer – ZAP_1.0.0_installer.exe

more info

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a webpage.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injection vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

Havij - SQL Injection Tool

There is a free version available and also a more fully-featured commercial edition available here.

You can download Havij v1.12 Free Edition here:

Havij1.12Free.rar

Or read more here.

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

Features

  • Full support for GET/Post/Cookie Injection
  • Full support for HTTP Basic, Digest, NTLM and Certificate authentications
  • Full support for MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, Sybase & Sqlite
  • Full support for Error/Union/Blind/Force SQL injection
  • Support for file access, command execute, IP domain reverse, web path guess, md5 crack etc.
  • Super bypass WAF

more info & download