Open Source Black Box Testing tools General Testing. OWASP ZAP. The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for. Common Vulnerabilities and Exposures CVE is a dictionary of common names i. CVE Identifiers for publicly known cybersecurity vulnerabilities. Assigned by CVE. Appendix A Testing Tools OWASPThis article is part of the new OWASP Testing Guide v. Back to the OWASP Testing Guide v. To. C. https www. OWASPTestingGuidev. TableofContents. Back to the OWASP Testing Guide Project. OWASPTestingProject. Open Source Black Box Testing tools. General Testing. OWASP ZAPThe Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. FreeWebAppl5.png' alt='Download Software N-Stalker Enterprise' title='Download Software N-Stalker Enterprise' />It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. OWASP Web. Scarab Web. Scarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is portable to many platforms. Web. Scarab has several modes of operation that are implemented by a number of plugins. OWASP CAL9. 00. 0 CAL9. Includes an XSS Attack Library, Character EncoderDecoder, HTTP Request Generator and Response Evaluator, Testing Checklist, Automated Attack Editor and much more. OWASP Pantera Web Assessment Studio Project Pantera uses an improved version of Spike. Proxy to provide a powerful web application analysis engine. The primary goal of Pantera is to combine automated capabilities with complete manual testing to get the best penetration testing results. OWASP Mantra Security Framework. Mantra is a web application security testing framework built on top of a browser. It supports Windows, Linuxboth 3. Macintosh. In addition, it can work with other software like ZAP using built in proxy management function which makes it much more convenient. Mantra is available in 9 languages Arabic, Chinese Simplified, Chinese Traditional, English, French, Portuguese, Russian, Spanish and Turkish. SPIKE http www. SPIKE designed to analyze new network protocols for buffer overflows or similar weaknesses. It requires a strong knowledge of C to use and only available for the Linux platform. Burp Proxy http www. Burp Burp Proxy is an intercepting proxy server for security testing of web applications it allows Intercepting and modifying all HTTPS traffic passing in both directions, it can work with custom SSL certificates and non proxy aware clients. Odysseus Proxy http www. Odysseus is a proxy server, which acts as a man in the middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. It will intercept an HTTP sessions data in either direction. Webstretch Proxy http sourceforge. Webstretch Proxy enable users to view and alter all aspects of communications with a web site via a proxy. It can also be used for debugging during development. WATOBO http sourceforge. MainPage WATOBO works like a local proxy, similar to Webscarab, ZAP or Burp. Suite and it supports passive and active checks. Firefox Live. HTTPHeaders https addons. USfirefoxaddonlive http headers View HTTP headers of a page and while browsing. Firefox Tamper Data https addons. USfirefoxaddontamper data Use tamperdata to view and modify HTTPHTTPS headers and post parameters. Firefox Web Developer Tools https addons. USfirefoxaddonweb developer The Web Developer extension adds various web developer tools to the browser. DOM Inspector https developer. DOMInspector DOM Inspector is a developer tool used to inspect, browse, and edit the Document Object Model DOMFirefox Firebug http getfirebug. Firebug integrates with Firefox to edit, debug, and monitor CSS, HTML, and Java. Script. Grendel Scan http securitytube tools. GrendelScan Grendel Scan is an automated security scanning of web applications and also supports manual penetration testing. OWASP SWFIntruder http www. SWFIntruder pronounced Swiff Intruder is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. SWFScan http h. Following the Wh. RabbitSWFScan FREE Flash decompilerba p5. Wikto http www. Wikto features including fuzzy logic error code checking, a back end miner, Google assisted directory mining and real time HTTP requestresponse monitoring. Web Application Attack and Audit Framework. The projects goal is finding and exploiting web application vulnerabilities. Skipfish is an active web application security reconnaissance tool. Web Developer toolbar https chrome. The Web Developer extension adds a toolbar button to the browser with various web developer tools. This is the official port of the Web Developer extension for Firefox. HTTP Request Maker https chrome. US Request Maker is a tool for penetration testing. With it you can easily capture requests made by web pages, tamper with the URL, headers and POST data and, of course, make new requests. Cookie Editor https chrome. US Edit This Cookie is a cookie manager. You can add, delete, edit, search, protect and block cookies. Cookie swap https chrome. US Swap My Cookies is a session manager, it manages cookies, letting you login on any website with several different accounts. Firebug lite for Chrome https chrome. Firebug Lite is not a substitute for Firebug, or Chrome Developer Tools. Ps3 Winning Eleven 2009 Patch. It is a tool to be used in conjunction with these tools. Firebug Lite provides the rich visual representation we are used to see in Firebug when it comes to HTML elements, DOM elements, and Box Model shading. It provides also some cool features like inspecting HTML elements with your mouse, and live editing CSS properties. Session Manager https chrome. With Session Manager you can quickly save your current browser state and reload it whenever necessary. You can manage multiple sessions, rename or remove them from the session library. Each session remembers the state of the browser at its creation time, i. Subgraph Vega http www. Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross Site Scripting XSS, inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. Testing for specific vulnerabilities. Testing for Java. Script Security, DOM XSSTesting AJAXTesting for SQL Injection. Testing Oracle. Testing SSLTesting for Brute Force Password. Testing Buffer Overflow. Fuzzer. Googling. Slow HTTPCommercial Black Box Testing tools. Linux Distrubtion. Source Code Analyzers. Open Source Freeware. Commercial. Acceptance Testing Tools. Acceptance testing tools are used to validate the functionality of web applications. Some follow a scripted approach and typically make use of a Unit Testing framework to construct test suites and test cases. Most, if not all, can be adapted to perform security specific tests in addition to functional tests. Open Source Tools WATIR http wtr. A Ruby based web testing framework that provides an interface into Internet Explorer. Windows only. Html. Unit http htmlunit. A Java and JUnit based framework that uses the Apache Http. Client as the transport. Very robust and configurable and is used as the engine for a number of other testing tools. Web. Unit http jwebunit. A Java based meta framework that uses htmlunit or selenium as the testing engine. Canoo Webtest http webtest.