PHP Vulnerability Hunter

Overview | Screenshots | Guide | Download | Change Log

PHP Vulnerability Hunter is an advanced whitebox PHP web application fuzzer that scans for several different classes of vulnerabilities via static and dynamic analysis. By instrumenting application code, PHP Vulnerability Hunter is able to achieve greater code coverage and uncover more bugs.



FuzzTalk

Download | Guide | Change Log

FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.



HTTP Bog

Overview |  Guide |  Download |  Change Log

HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. Requires .NET 3.5. Written in C#. Source included.




HTTP Directory Traversal Scanner

Overview | Download | Change Log

Detect directory traversal vulnerabilities in HTTP servers and web applications with this free tool. Requires .NET 3.5. Written in C#/WPF. Source included.



PHP Advisor Alpha

Try It | Change Log

Scan your PHP applications for vulnerabilities using our online static analysis utility. Upload a ZIP file containing your application and PHP Advisor will generate a report that lists potentially problematic code excerpts along with the consequences that they might introduce.




Fiddler XSS Inspector

Overview | Download

According to some estimates more than 65% of websites are vulnerable to cross-site scripting. Search for vulnerabilities in your web applications using Fiddler XSS Inspector to detect both reflected and persistent cross-site scripting vulnerabilities.



Fiddler XSRF Inspector

Quick Start Guide | Download

Cross-site request forgery is prolific, and this inspector plugin will help you easily create proof of concepts using requests captured by fiddler. Supports converting POST data to GET data. Requires Fiddler.