Potential Tool List
From OWASP Live CD 2008
Potential Tools for the OWASP Live CD 2008
There are a ton of places to find security tools, even if you narrow the field to web applications. I gathered so many that I decided to break it up into a few groups:
- Tools listed in the OWASP Testing Guide v2 (70 tools)
- Other potential tools that I know, use, like, etc (51 tools)
- Tools from the Phoenix Tools list on the OWASP site (210 tools)
I plan on adding the tools from the OWASP Testing Guide v3 when it comes out. Also, where there would have been tools 0n multiple pages, I only listed them one time in the order they appear above. So if Burp Suite would have appeared in 1, 2 and 3 above, it will only appear in 1. If I've left off or missed any tools or maybe you want to add one you've written, please send an email to the OWASP Live CD email list
Here's the short list of tools for the SoC release of the Live CD. I'm going to start at the top and work down, creating modules as I go.
Note: If the tool is marked done, you can get the module on the Google Code site's download page.
| | | | | | | |
| Burb Suite (Done) | Web Site | Other see also | binary | No | 66, 134, 243, 275, A-332 | Java .jar file |
| Grendel-Scan (Done) | Web Site | GPL v3 | source or binary | No | Java | |
| OWASP DirBuster (Done) | Web Site | LGPL | source | Yes | Java – Nice directory lists | |
| OWASP SQLiX (Done) | Web Site | FOSS | source | Yes | 200, A-331 | Perl |
| OWASP WSFuzzer (Done) | Web Site | LGPL | source | Yes | A-332 | Python |
| nikto (Done) | Web Site | GPL | source | No | 99, 106 | Perl |
| w3af (Done) | Web Site | GPL v2 | source | No | Python | |
| GTK+GUI for w3af (Done) | Web Site | GPL v2 | source | No | Python - SoC 2008 project | |
| OWASP Skavenger | Web Site | GPL | source | Yes | SoC 2008 - Perl | |
| sqlmap | Web Site | GPL v2 | source | SoC 2007 Web Site | 200, 217, 227, A-331 | Python |
| sqlninja | Web Site | GPL v2 | source | No | 200, 210, 217, 227, A-331 | Perl |
| Absinthe | Web Site | GPL v2 | source | No | A-331 | .Net and Mono |
| webshag | Web Site | LGPL | source | No | Python | |
| httprint (Done) | Web Site | Commercial see also | binary | No | 52 | |
| BEEF | Web Site | FOSS | source | No | PHP + Javascript | |
| ProxyMon | Web Site | GPL v2 | source | No | Python | |
| bou | Web Site | Freeware | N/A | No | Java | |
| Rat Proxy (Done) | Web Site | Apache License 2.0 | source | No | Generates very nice reports |
Note: When I have Freeware or FOSS, those are my best guess as the license terms weren't readily available, unspecified or could not be found.
