Potential Tool List

From OWASP Live CD 2008

Jump to: navigation, search

Potential Tools for the OWASP Live CD 2008

There are a ton of places to find security tools, even if you narrow the field to web applications. I gathered so many that I decided to break it up into a few groups:

  1. Tools listed in the OWASP Testing Guide v2 (70 tools)
  2. Other potential tools that I know, use, like, etc (51 tools)
  3. Tools from the Phoenix Tools list on the OWASP site (210 tools)

I plan on adding the tools from the OWASP Testing Guide v3 when it comes out. Also, where there would have been tools 0n multiple pages, I only listed them one time in the order they appear above. So if Burp Suite would have appeared in 1, 2 and 3 above, it will only appear in 1. If I've left off or missed any tools or maybe you want to add one you've written, please send an email to the OWASP Live CD email list

Here's the short list of tools for the SoC release of the Live CD. I'm going to start at the top and work down, creating modules as I go.

Note: If the tool is marked done, you can get the module on the Google Code site's download page.

Install from
OWASP Guide Page(s)
Burb Suite (Done) Web Site Other see also binary No 66, 134, 243, 275, A-332 Java .jar file
Grendel-Scan (Done) Web Site GPL v3 source or binary No Java
OWASP DirBuster (Done) Web Site LGPL source Yes Java – Nice directory lists
OWASP SQLiX (Done) Web Site FOSS source Yes 200, A-331 Perl
OWASP WSFuzzer (Done) Web Site LGPL source Yes A-332 Python
nikto (Done) Web Site GPL source No 99, 106 Perl
w3af (Done) Web Site GPL v2 source No Python
GTK+GUI for w3af (Done) Web Site GPL v2 source No Python - SoC 2008 project
OWASP Skavenger Web Site GPL source Yes SoC 2008 - Perl
sqlmap Web Site GPL v2 source SoC 2007 Web Site 200, 217, 227, A-331 Python
sqlninja Web Site GPL v2 source No 200, 210, 217, 227, A-331 Perl
Absinthe Web Site GPL v2 source No A-331 .Net and Mono
webshag Web Site LGPL source No Python
httprint (Done) Web Site Commercial see also binary No 52
BEEF Web Site FOSS source No PHP + Javascript
ProxyMon Web Site GPL v2 source No Python
bou Web Site Freeware N/A No Java
Rat Proxy (Done) Web Site Apache License 2.0 source No Generates very nice reports

Note: When I have Freeware or FOSS, those are my best guess as the license terms weren't readily available, unspecified or could not be found.

Personal tools