사용자 삽입 이미지
OWASP에서 웹보안 툴 분야별로 툴을 분류해 놓았네요.

도움이 되셨으면 좋겠네요. 제가 모르고 있던 툴들만 많이 포함되어 있는듯 합니다.

From OWASP

Web application scanning
Wapiti - http://wapiti.sourceforge.net/
Web-applciation scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/


HTTP proxying / editing

Burp - http://www.portswigger.net/
Paros - http://www.parosproxy.org/
Fiddler - http://www.fiddlertool.com/
httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/

RSnake's XSS cheat sheet based-tools and encoding tools
HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm
JBroFuzz - http://sourceforge.net/projects/jbrofuzz
XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/
WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/

HTTP general testing / fingerprinting
Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/
JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/
OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/
Load-balancing detector - http://ge.mine.nu/lbd.html
Net-Square: httprint - http://net-square.com/httprint/
Wpoison: http stress testing - http://wpoison.sourceforge.net/
Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml

Browser-based HTTP tampering / editing

TamperIE - http://www.bayden.com/Other/
isr-form - http://www.infobyte.com.ar/development.html
TamperData - http://tamperdata.mozdev.org/
Modify Headers - http://modifyheaders.mozdev.org/

Cookie editing / poisoning
CookieSpy - http://www.codeproject.com/shell/cookiespy.asp
Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx

Ajax and XHR scanning
Sprajax - http://www.denimgroup.com/sprajax.html

SQL injection scanning
0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php
sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/
JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html

Web application security malware, backdoors, and evil code
AttackAPI - http://www.gnucitizen.org/projects/attackapi/
FFsniFF - http://azurit.gigahosting.cz/ffsniff/
HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/
BeEF - http://www.bindshell.net/tools/beef/

Web application services that aid in web application security assessment
net.toolkit - http://clez.net/
ServerSniff - http://www.serversniff.net/
Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/
Webmaster-Toolkit - http://www.webmaster-toolkit.com/

Browser-based security fuzzing / checking
Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/
                                                                        http://www.offensive-security.com/metasploit-unleashed/
bcheck - http://bcheck.scanit.be/bcheck/
Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects
LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp

PHP file inclusion scanning
Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php
FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25
PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit

Web Application Firewall (WAF) rules and resources
GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules
Akismet: blog spam defense - http://akismet.com/

Web services enumeration / scanning / fuzzing
Net-square: wsChess - http://net-square.com/wschess/index.shtml
SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm

Web application static source-code analysis
Security compass web application auditing tools (SWAAT) - http://www.securitycompass.com/index.html

IIS Server Testing Tools
Security Community Downloads - http://www.iis.net/downloads/Security

신고

'[☩ Security ☩]' 카테고리의 다른 글

MD5 hash site  (0) 2008.02.27
Proxy sever list  (0) 2008.02.27
Web Security Tools 분야별로 알아보기  (0) 2008.02.27
Linux 보안관련 사이트  (0) 2008.02.27
Rootkit sample  (0) 2008.02.27
보안가이드 수립센터  (0) 2008.02.27

댓글을 달아 주세요