PHP Vulnerability Hunter
|PHP Vulnerability Hunter is an advanced whitebox PHP web application fuzzer that scans for several different classes of vulnerabilities via static and dynamic analysis. By instrumenting application code, PHP Vulnerability Hunter is able to achieve greater code coverage and uncover more bugs.
FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.
HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. Requires .NET 3.5. Written in C#. Source included.
HTTP Directory Traversal Scanner
|Detect directory traversal vulnerabilities in HTTP servers and web applications with this free tool. Requires .NET 3.5. Written in C#/WPF. Source included.
PHP Advisor Alpha
Scan your PHP applications for vulnerabilities using our online static analysis utility. Upload a ZIP file containing your application and PHP Advisor will generate a report that lists potentially problematic code excerpts along with the consequences that they might introduce.
Fiddler XSS Inspector
According to some estimates more than 65% of
websites are vulnerable to cross-site scripting.
Search for vulnerabilities in your web applications
using Fiddler XSS Inspector to detect both
reflected and persistent cross-site scripting
Fiddler XSRF Inspector
|Cross-site request forgery is prolific, and this inspector plugin will help you easily create proof of concepts using requests captured by fiddler. Supports converting POST data to GET data. Requires Fiddler.