2012-07-23 319550人围观 ,发现 13 个不明物体 WEB安全文章


XSS Rays
Complete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects.
XSS Rays is a security tool to help pen test large web sites. It’s core features include a XSS scanner, XSS Reverser and
object inspection. Need to know how a certain page filters output? Don’t have the source? No problem. XSS Rays will
blackbox reverse a XSS filter without needing the source code.

Google Hack Data Base
Google Hack Data Base – application to work with GHDB. Choose a category and click on the necessary query. To find description vulnerability, click “Search on”. Application provides possibility to search vulnerabilities on the specified site. Just click on the search button and enter the site name. This application allows a better understanding of the basis web security.

Websecurify Scanner

Websecurify 是一个强大的跨平台web安全测试工具

 Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.Websecurify saves you time and money by automating a tiresome and very technical process used by experts to find scary security vulnerabilities.

HPP Finder
HTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.

Form Fuzzer
HTML form fuzz tester. 用于做HTML表单的FUZZ
This is a fuzz testing, utility created to assist in populating web forms with some random data.

Site Spider

Website Crawler 网站爬虫
Use this extension to spider a website looking for dead links. One can restrict the spidering to a directory, a domain, or any other regular expression. The spider can also follow one link beyond this restriction, allowing one to find broken external links.

Chrome Extension Exploitation Framework一个基于Chrome渗透测试框架,你可以理解成BeEF的chrome版
This is a Chrome Extension Exploitation Framework – think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation. 


已有 13 条评论