Most of the Below tools available in OWASP LIVE CD v 2.0
httprint | Web Site | Commercial see also | N/A | No | 52 | |
telnet | Web Site | GPLv3 | source | No | 58 | |
Site Digger (Foundstone) | Web Site | Commercial see also | N/A | No | 66, A-331 | .Net |
Burb Suite | Web Site | Other see also | N/A | No | 66, 134, 243, 275, A-332 | Java .jar file |
wikto | Web Site | Commercial | N/A | No | 62, 66, 106, A-331 | .Net |
googlegath | Web Site | FOSS | source | No | 66 | Perl |
SSLDigger | Web Site | Commercial see also | N/A | No | 84, A-332 | .Net |
curl | Web Site | MIT/X derivate license see also | source | No | 99, 106, A-334 | |
nikto | Web Site | GPL | source | No | 99, 106 | Perl |
nessus | Web Site | Commercial | N/A | No | 62, 84, 99, 106 | Write an install guide |
nc | Web Site | as-is | source | No | 46, 104, A-332 | The original |
netcat | Web Site | GPL | source | No | No (see nc) | GNU re-write of nc |
SPIKE Proxy | Web Site | GPL | source | No | 106 | Python |
Xenu | Web Site | Freeware but no source | N/A | No | 106, A-334 | Windows binary |
brutus | Web Site | dead? | 122, 123, A-332 | Unable to locate | ||
THC Hydra | Web Site | GPL v2 | source | No | 123, A-332 | |
John the Ripper | Web Site | GPL v2 | source | No | 123, A-332 | |
Add and Edit Cookies | Web Site | MPL 1.1 | source | No | 140 | FF Add-on |
cookie digger | Web Site | Commercial | N/A | No | 162 | .Net |
SQLiX | Web Site | FOSS | source | Yes | 200, A-331 | Perl |
SLQInjector | Web Site | unknown, source provided | N/A | No | 200, 210, 217, 227, A-331 | Windows Binary |
Sqlbftools | Web Site | FOSS | source | No | 200, 217, A-331 | Perl version also available here |
sqlmap | Web Site | GPL v2 | source | SoC 2007 Web Site] | 200, 217, 227, A-331 | Python |
sqlninja | Web Site | GPL v2 | source | No | 200, 210, 217, 227, A-331 | Perl |
SqlDumper | Web Site | FOSS | source | No | 200, 217, A-331 | Java – site is in Italian & nice flash demo |
OraScan | Web Site | Commercial | N/A | No | 210 | Windows binary |
NGSSSQuirreL | Web Site | Commercial | N/A | No | 210 | Windows binary |
Integrigy | Web Site | Commercial Freeware | N/A | No | 86 | Windows binary |
tnscmd | Web Site | GPL | source | No | 90, A-332 | Perl |
Toad | Web Site | Commerical, Trial & Freeware versions | N/A | No | 88, 90, A-332 | Windows binary |
NTOIncide | Web Site | No | 66 | Appears to be no longer supported or available | ||
Bobcat | Web Site | Unknown, no source | N/A | No | 227 | Windows binary |
Softerra LDAP browser | Web Site | Freeware | N/A | No | 230 | Windows binary |
OllyDbg | Web Site | GPL | source | No | 261, 266, A-332 | Windows software |
Spike | Web Site | GPL | source | No | 261, 266, A-331, A-332 | |
BFBTester | Web Site | GPL | source | No | 261, 266, A-332 | |
Metasploit | Web Site | Metasploit Framework License v1.2 | source | No | 261, 266, 275, 293, A-332 | Ruby |
ITS4 Security Scanner | Web Site | Non-Commercial see also | source | No | 271 | |
idabase | Web Site | Commercial | No | 271 | Appears to no longer be available in this form | |
format string builder | Web Site | FOSS | source | No | 271 | Pen Test list post |
XSS-Proxy | Web Site | FOSS | source | No | 275 | Perl |
EICAR file | Web Site | Freeware? | source | No | 298 | Anti-Virus test file |
TCPreplay | Web Site | BSD | source | No | 300 | manual |
Sprajax | Web Site | LGPL | source | Yes | 313, A-331 | .Net |
Venkman | Web Site | FOSS likely MPL | source | No | 314 | FF Add-on |
Ghost Train | Web Site | No | 314 | Unable to locate. Referenced here | ||
Squish | Web Site | Commercial | N/A | No | 314 | |
JsUnit | Web Site | GPL, LGPL MPL | source | No | 314 | Also an Eclipse plugin |
OWASP Pantera | Web Site | GPL, LGPL | source | Yes | A-331 | Python |
Achilles Proxy | Web Site | Freeware | N/A | No | A-331 | Windows binary |
Odysses | Web Site | Freeware | N/A | No | A-331 | Windows binary |
webstretch | Web Site | GPL v2 | .jar only | No | A-331 | Java |
LiveHTTP Headers | Web Site | MPL ? | source | No | A-331 | FF Add-on |
Absinthe | Web Site | GPL v2 | source | No | A-331 | .Net and Mono |
OWASP WSFuzzer | Web Site | LGPL | source | Yes | A-332 | Python |
stack | No | 261 | Unable to locate | |||
RATS | Web Site | GPL | source | No | A-333 | |
FlawFinder | Web Site | GPL v2 | source | No | A-333 | Python |
FxCop | Web Site | Freeware | N/A | No | A-333 | Windows binary download here |
splint | Web Site | GPL | source | No | A-333 | |
BOON | Web Site | BSD style license | source | No | A-333 | |
Pscan | Web Site | No | A-333 | Site unavailable | ||
Watir | Web Site | BSD | source | No | A-333 | Ruby |
HtmlUnit | Web Site | Apache 2 | source | No | A-333 | Java |
JWebUnit | Web Site | GPL | source | No | A-333 | Java |
Canoo WebTest | Web Site | Apache 2 | source | No | A-333 | Java |
HttpUnit | Web Site | FOSS see also | source | No | A-334 | Java |
Watij | Web Site | GPL | source | No | A-334 | Java |
Solex | Web Site | Apache | source | No | A-334 | Java |
Selenium | Web Site | Apache 2.0 | source | No | A-334 |