هي مجموعة أدوات مخصصة للمهتمين بأمن و حماية تطبيقات الويب و عمل الـ Pentest عليها. طُوِّرت الأداة في شركة InGuardian المتخصصة في أمور الحماية . أحببت فيها أنها تخصصت في مجال معين مما يسمح لها بالتميز بين قرائنها. تم جمع الأدوات على نظام GNU Linux في توزيعة Ubuntu و يعمل الـ CD بدون تنصيب Live و أيضا يسمح بتنصيبها على القرص الصلب دون جهد يُذكر.
يحتوي الـ CD على مجموعة أدوات رائعة, منها,
DirBuster, an application file and directory enumeration and brute forcing tool from OWASP
Fierce Domain Scanner a target ennumeration utility
Gooscan an automated Google querying tool that is useful for finding CGI vulnerabilities without scanning the target directly, but rather querying Google’s caches
Grendel-Scan, just released, an open source web application vulnerability Testing tool
HTTP_Print a web server fingerprinting tool
Maltego CE, an open source intelligence and forensics application that does data mining to find information from the internet and link it together -(great for background research on a target).
Nikto, an open source web server scanner
Paros, one of my favorite, Java based, cross platform, web application auditing and proxy tools
Rat Proxy, a semi-automated, passive web application security audit tool.
Spike Proxy, an extensible web application analyzer and vulnerability scanner.
SQLBrute, a SQL injection and brute forcing tool.
w3af (and the GUI), a web application attack and audit framework.
Wapiti, a web application security auditor and vulnerability scanner
WebScarab, an HTTP application auditing tool from OWASP
WebShag, a web server auditing tool
ZenMap, a NMAP graphical front end
dnswalk, a DNS query and zone transfer tool
httping, a ping like utility for HTTP requests
httrack, a website copying utility.
john the ripper, a password cracking program
netcat, a TCIP/IP swiss army knife
nmap, a port scanner and OS detection tool
siege, an HTTP stress tester and benchmarking tool.
snarf, a lightweight URL fetching utility
و العديد من الأدوات الأخرى و سأترك لك استكشافها
Samurai Web Testing Framework