|
(Page 1 of 3) 1 2 3 Next > Category: Authentication » Web BeEF - Browser Exploitation Framework Added 2007-07-23 BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of XSS browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF. Current modules include the first public Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more. Keygloo Added 2006-04-28 This is a public key based authentication model that works by verifying whether the user is in posession of his private key. The user should have Keygloo installed in his system for authenticating himself into any Keygloo enabled web application. During login time, the user will be thrown a challenge password encrypted using his public key. The user can decrypt the password by clicking a 'Decrypt' button which appears in his toolbar after installing Keygloo. The decrypted password is submitted to the Keygloo enabled application by clicking a 'submit' button on the page. The Keygloo enabled applcation then authenticates the user into the system by comparing the decrypted password with the original challenge password. A demonstration of how the model works can be found at http://www.keygloo.com/Authentication/auth_kgnum.html. Keygloo is free to download and install from http://www.keygloo.com/Downloads.htm. BobCat Added 2006-02-04 BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named "Data Thief" that was published as PoC by appsecinc. BobCat can exploit SQL injection bugs/opportunities in web applications, independent of language, but dependent on MS SQL as the back end DB. Acunetix Web Vulnerability Scanner Added 2006-01-09 Audit your website security: Acunetix Web Vulnerability Scanner checks your web applications (shopping carts, forms, dynamic content, etc.) for vulnerabilities to SQL injection, Cross site scripting & other web attacks. Hackers are concentrating their efforts on websites: 75% of cyber attacks are launched on web applications! Scan your web site today and find vulnerabilities before hackers do! JProbe Added 2005-12-15 JProbe will check remotely for supported cipher suites on a webserver. It will also check for redirections in case a cipher is supported but the client is then directed to a "not valid cipher" page. JProbe also will export the results to an HTML page. (Additionally you can set cookies) Thor Added 2005-12-02 Thor is Internet Explorer driven tool for manual web application testing. Both security professionals and testers found it useful while testing web applications. You can control (intercept and change) what web forms submit to web servers, see the source code of the page and/or manipulate cookies. It supports frames and, if required, it is possible to use HttpWebRequest instead of IE navigation. Built for .NET Framework 2.0 and, as it uses IE COM control, it requires FullTrust. Sorry, no proper web page or manual yet, but give me a shout if you need more information... pak76 LiLith Added 2005-11-03 LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags , which often refer to dynamic pages that might be subject to sql injection or other flaws. VForce Added 2005-05-10 V-Force is an instrument with whose help attacks on web server or applications can be simulated and the results logged and analyzed. Validator.NET Added 2005-04-11 Validator.NET enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module. The tool helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting. mod_auth_nufw Added 2004-07-05 mod_auth_nufw is a Single Sign On Apache module which performs secure user identification and authentication, based on the Nufw firewalling suite. Nufw marks all connections of a network with a unique UserID. This module takes advantage of that mark and uses it to transparently identify and authenticate users requiring access to an Apache server. Browse by category |
|
|
Privacy Statement |
