Recent Posts

Web Application Security/Pentesting Tools Part 1

Watcher Web Security Tool:
Watcher Web Security tool is a plugin which attach with free Fiddler HTTP Proxy.Watcher Web Security tool audits web application to find security hole and find compliance issue automatically.Watcher Web Security tool and also passive vulnerability scanner(Passive vulnerability scanner means safe for production use).Both Developer and Pentester use it for identifying bugs and issues.Watcher Web Security tool is a HTTP-Based web applications

> Simple to use.
> Watcher Web Security tool is Safe for the Cloud and hosting environments.
> It's support Low overhead.
> Need not training for use it.

Security Checking Capabilities:
> Cross-Domain vulnerability checks
> Information Disclosure Vulnerability checks
> ASP.NET Vulnerability Checks
> Charset checks
> Flash-Plugin vulnerability checks
> HTTP Header checks
> SSL checks
> Check Javascript Vulnerability
> User Input Analysis & checks
> Cookie checks


Netsparker works in a single integrated environment.It delivers vulnerability identification and explotion. Its performs automatically comprehensive web vulnerability scanning such as XSS,Remote Code Injection,SQL Injection,etc.By using Netsparker web developer and security experts secure their application easily.Its the only tools which supports false positive free web application vulnerability scanning.After putting web address it's automatically identify security flaws.

> Easy and efficient.
> Flexibility & Productivity
> HTML5 Support
> Support Manual Testing
> Advantage of Advanced Scannning
> Proof-Based Scanning
> Web Services Scanning
> Show all information about vulnerabilities.
> Report all vulnerabilities.
> Both for web developers and penetration testers.

Security Checking Capabilities:
> DOM based XSS vulnerability scanning
> Web server (Nginx) Out-of-date version check
> Web server (Apache) Out-of-date version check
> Possibility of Ruby source code disclosure.
> Possibility of Python source code disclosure
> Possibility of Perl source code disclosure.
> Possibility of Java source code disclosure.
> Possibility PHP source code disclosure vulnerability detection


N-Stalker Web Application Security Scanner:
N-Stalker Web Application Security Scanner is a HTTP Based security scanner.It holds more than 39,000 attack signatures.N-Stalker Web Application Security Scanner now provide complete solution of users web application.It checks different types of vulnerabilities such as Remote File Include PHP-based attacks,SQL injection,XSS,Buffer Overflow and Parameter Tampering attacks,Integer Overflow attack,LDAP, XPath, XQuery injections,Remote Execution attacks,Parameter Deletion attacks,etc.

> Easy to Install
> Clean Organized Look
> Scanning Process is Fast & Efficient
> Support HTTP Fingerprinting
> Crawling Web Parallely
> Automatically False Positive Prevention Engine Technique.
> IDS Evasion Detection Technique
> Complete Web form automatically
> Preinstalled Encoding Tool
> Exploring vulnerabilities
> Compliance Oriented security analysis
> Holding 39,000 Web Attack Signatures
> Google Hacking Database Search Tool
> Independent solution,Need not to use other software
> HTTP Brute Force Attack

Security Check Capabilities:
> Detect custom design errors
> Checks Cookie Exposure Vulnerability
> Checks File & Directory/Path Exposure 
> Detect Web Server Vulnerability


Vampire Scan:
Vampire Scan mainly use for test personal web applications and cloud service.Vampire Scan scanning basic attacks and notify results in personal web based portal which they used for checking vulnerability.Main
object of this tool is to discover vulnerabilities and non secure processes
on web application.

> First search then analyze vulnerabilities
> Protect web application from cyber threats
> Scan whole web application infrastructure
> Scan all vulnerabilities and present vulnerabilities as                         High,Medium and Low priorities
> Secure network Design
> Protect web application from malicious attackers/users
> Suggest proper action.
> Finally try to defend and delete vulnerabilities

Security Check Capabilities:
> Detection of vulnerabilities on Communicating System/Server
> Detect Server vulnerabilities
> Detect vulnerabilities on Network devices
> Detect vulnerabilities on Virtual- and cloud-based devices


Syhunt Mini(Sandcat pro/Mini):
Syhunt Mini is a web application security testing tool.Its mainly making for guard web application from different types of cyber threats. Syhunt Mini established itself as a leading role in the cyber security sector. Syhunt Mini helps organization to defend against malicious attacks and new cyber threats.Its previously renowned as Sandcat pro/Mini.Its also support passive analysis.

> Attartive GUI
> Mainly designed for windows based operating system
> Analysis source code of vulnerable target
> Efficient in vulnerability detection
> Simple configuration
> Scanlog Available
> Waf Bypass
> Check HTML Crawler
> Check Ajax Crawler

(Its a paid tool)

Security Checking Capabilities:
> Detect SQL Injection
> Detect SSJSI 
> Detect RXSS
> Detect LFI
> Detect RFI
> Detect CMDExec
> Detect CRLFi
> Detect LDAPi
> Detect XSS
> Session Based Attack
> WebServer Hardening
> Directory & File Enumeration scan
> Support CGI Scanning
> Parameter Tampering
> Code Injection in PHP


**If you needed these tools and you could not manage it, then comment below I will try to provide these tools.Thanks :)

**Educational purposes only. If you do any harm by these tools, then its your responsibility.

Post a Comment