2013/02/04

OWASP의 Phoenix/Tools


여기 리스트 중 내가 아는 툴이 20%도 안된다는게 충격.
요즘 확실히 나의 웹 해킹 관련 기술적인 센스가 out of date 되었구나...


LiveCDs

Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso
- http://www.packetfocus.com/hackos/
DVL (Damn Vulnerable Linux)
- http://www.damnvulnerablelinux.org/


RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools

Wfuzz
- http://www.edge-security.com/wfuzz.php
ProxMon
- http://www.isecpartners.com/proxmon.html
Wapiti
- http://wapiti.sourceforge.net/
Grabber
- http://rgaucher.info/beta/grabber/
XSSScan
- http://darkcode.ath.cx/scanners/XSSscan.py
CAL9000
- http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
HTMangLe
- http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm
JBroFuzz
 - http://sourceforge.net/projects/jbrofuzz
XSSFuzz
- http://ha.ckers.org/blog/20060921/xssfuzz-released/
WhiteAcid's XSS Assistant
- http://www.whiteacid.org/greasemonkey/
Overlong UTF
- http://www.microsoft.com/mspress/companion/0-7356-2187-X/
[TGZ] MielieTool (SensePost Research)
- http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz
RegFuzzer: test your regular expression filter
- http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter
screamingCobra
- http://www.dachb0den.com/projects/screamingcobra.html
SPIKE and SPIKE Proxy
- http://immunitysec.com/resources-freesoftware.shtml
RFuzz
- http://rfuzz.rubyforge.org/
WebFuzz
 - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999
TestMaker
- http://www.pushtotest.com/Docs/downloads/features.html
ASP Auditor
- http://michaeldaw.org/projects/asp-auditor-v2/
WSTool
- http://wstool.sourceforge.net/
Web Hack Control Center (WHCC)
- http://ussysadmin.com/whcc/
Web Text Converter
- http://www.microsoft.com/mspress/companion/0-7356-2187-X/
HackBar (Firefox Add-on)
- https://addons.mozilla.org/firefox/3899/
Net-Force Tools (NF-Tools, Firefox Add-on)
- http://www.net-force.nl/library/downloads/
PostIntercepter (Greasemonkey script)
- http://userscripts.org/scripts/show/743




Test sites / testing grounds

SPI Dynamics (live)
- http://zero.webappsecurity.com/
Cenzic (live)
- http://crackme.cenzic.com/
Watchfire (live)
- http://demo.testfire.net/
Acunetix (live)
- http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com
WebMaven / Buggy Bank (includes live testsite)
- http://www.mavensecurity.com/webmaven
Foundstone SASS tools
- http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/s3i_tools.htm
OWASP WebGoat
- http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP SiteGenerator
- http://www.owasp.org/index.php/Owasp_SiteGenerator
Stanford SecuriBench
- http://suif.stanford.edu/~livshits/securibench/
SecuriBench Micro
- http://suif.stanford.edu/~livshits/work/securibench-micro/


HTTP proxying / editing

WebScarab
- http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp
- http://www.portswigger.net/
Paros
- http://www.parosproxy.org/
Fiddler
- http://www.fiddlertool.com/
Web Proxy Editor
- http://www.microsoft.com/mspress/companion/0-7356-2187-X/
Pantera
- http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
Suru
- http://www.sensepost.com/research/suru/
httpedit (curses-based)
- http://www.neutralbit.com/en/rd/httpedit/
Charles
- http://www.xk72.com/charles/
Odysseus
- http://www.bindshell.net/tools/odysseus
Burp, Paros, and WebScarab for Mac OS X
- http://www.corsaire.com/downloads/
Web-application scanning tool from `Network Security Tools'/O'Reilly
- http://examples.oreilly.com/networkst/


HTTP general testing / fingerprinting

 Wbox: HTTP testing tool
- http://hping.org/wbox/
ht://Check
- http://htcheck.sourceforge.net/
Mumsie
- http://www.lurhq.com/tools/mumsie.html
WebInject
- http://www.webinject.org/
Torture.pl Home Page
- http://stein.cshl.org/~lstein/torture/
JoeDog's Seige
- http://www.joedog.org/JoeDog/Siege/
OPEN-LABS: metoscan (http method testing)
- http://www.open-labs.org/
Load-balancing detector
- http://ge.mine.nu/lbd.html
HMAP
- http://ujeni.murkyroc.com/hmap/
Net-Square: httprint
- http://net-square.com/httprint/
Wpoison: http stress testing
- http://wpoison.sourceforge.net/
Net-square: MSNPawn
- http://net-square.com/msnpawn/index.shtml
hcraft: HTTP Vuln Request Crafter
- http://druid.caughq.org/projects/hcraft/
rfp.labs: LibWhisker
- http://www.wiretrip.net/rfp/lw.asp
Nikto
- http://www.cirt.net/code/nikto.shtml
twill
- http://twill.idyll.org/
DirBuster
- http://www.sittinglittleduck.com/DirBuster/
[ZIP] DFF Scanner
- http://security-net.biz/files/dff/DFF.zip
[ZIP] The Elza project
 - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip
http://www.stoev.org/elza.html


Browser-based HTTP tampering / editing / replaying

TamperIE
- http://www.bayden.com/Other/
isr-form
- http://www.infobyte.com.ar/developments.html
Modify Headers (Firefox Add-on)
- http://modifyheaders.mozdev.org/
Tamper Data (Firefox Add-on)
- http://tamperdata.mozdev.org/
UrlParams (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/1290/
TestGen4Web (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/1385/
DOM Inspector / Inspect This (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/1806/
https://addons.mozilla.org/en-US/firefox/addon/1913/
LiveHTTPHeaders / Header Monitor (Firefox Add-on)
- http://livehttpheaders.mozdev.org/
https://addons.mozilla.org/en-US/firefox/addon/575/


Cookie editing / poisoning

[TGZ] stompy: session id tool
- http://lcamtuf.coredump.cx/stompy.tgz
Add'N Edit Cookies (AnEC, Firefox Add-on)
- http://addneditcookies.mozdev.org/
CookieCuller (Firefox Add-on)
- http://cookieculler.mozdev.org/
CookiePie (Firefox Add-on)
- http://www.nektra.com/oss/firefox/extensions/cookiepie/
CookieSpy
- http://www.codeproject.com/shell/cookiespy.asp
Cookies Explorer
- http://www.dutchduck.com/Features/Cookies.aspx


Ajax and XHR scanning

Sahi
- http://sahi.co.in/
scRUBYt
- http://scrubyt.org/
jQuery
- http://jquery.com/
jquery-include
- http://www.gnucitizen.org/projects/jquery-include
Sprajax
- http://www.denimgroup.com/sprajax.html
Watir
- http://wtr.rubyforge.org/
Watij
- http://watij.com/
Watin
- http://watin.sourceforge.net/
RBNarcissus
- http://idontsmoke.co.uk/2005/rbnarcissus/
SpiderTest (Spider Fuzz plugin)
- http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin
Javascript Inline Debugger (jasildbg)
- http://jasildbg.googlepages.com/
Firebug Lite
- http://www.getfirebug.com/lite.html
firewaitr
- http://code.google.com/p/firewatir/


RSS extensions and caching

LiveLines (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/324/
rss-cache
- http://www.dubfire.net/chris/projects/rss-cache/


SQL injection scanning

 0x90.org: home of Absinthe, Mezcal, etc
- http://0x90.org/releases.php
SQLiX
- http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
sqlninja: a SQL Server injection and takover tool
- http://sqlninja.sourceforge.net/
JustinClarke's SQL Brute
- http://www.justinclarke.com/archives/2006/03/sqlbrute.html
BobCat
- http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html
sqlmap
- http://sqlmap.sourceforge.net/
Scully: SQL Server DB Front-End and Brute-Forcer
- http://www.sensepost.com/research/scully/
FG-Injector
- http://www.flowgate.net/?lang=en&seccion=herramientas
PRIAMOS
- http://www.priamos-project.com/


Web application security malware, backdoors, and evil code

 W3AF: Web Application Attack and Audit Framework
- http://w3af.sourceforge.net/
Jikto
 - http://busin3ss.name/jikto-in-the-wild/
XSS Shell
- http://ferruh.mavituna.com/article/?1338
XSS-Proxy
- http://xss-proxy.sourceforge.net
AttackAPI
- http://www.gnucitizen.org/projects/attackapi/
FFsniFF
- http://azurit.elbiahosting.sk/ffsniff/
HoneyBlog's web-based junkyard
- http://honeyblog.org/junkyard/web-based/
BeEF
- http://www.bindshell.net/tools/beef/
Firefox Extension Scanner (FEX)
- http://www.gnucitizen.org/projects/fex/
What is my IP address?
- http://reglos.de/myaddress/
xRumer: blogspam automation tool
- http://www.botmaster.net/movies/XFull.htm
SpyJax
- http://www.merchantos.com/makebeta/tools/spyjax/
Greasecarnaval
- http://www.gnucitizen.org/projects/greasecarnaval
Technika
- http://www.gnucitizen.org/projects/technika/
Load-AttackAPI bookmarklet
- http://www.gnucitizen.org/projects/load-attackapi-bookmarklet
MD's Projects: JS port scanner, pinger, backdoors, etc
- http://michaeldaw.org/my-projects/


Web application services that aid in web application security assessment

 Netcraft
- http://www.netcraft.net
AboutURL
- http://www.abouturl.com/
The Scrutinizer
- http://www.scrutinizethis.com/
net.toolkit
- http://clez.net/
ServerSniff
- http://www.serversniff.net/
Online Microsoft script decoder
- http://www.greymagic.com/security/tools/decoder/
Webmaster-Toolkit
- http://www.webmaster-toolkit.com/
myIPNeighbbors, et al
- http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
PHP charset encoding
- http://h4k.in/encoding
data: URL testcases
- http://h4k.in/dataurl


Browser-based security fuzzing / checking

 Zalewski's MangleMe
- http://lcamtuf.coredump.cx/mangleme/mangle.cgi
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan
- http://metasploit.com/users/hdm/tools/
Peach Fuzzer Framework
- http://peachfuzz.sourceforge.net/
TagBruteForcer
- http://research.eeye.com/html/tools/RT20060801-3.html
PROTOS Test-Suite: c05-http-reply
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html
COMRaider
- http://labs.idefense.com
bcheck
- http://bcheck.scanit.be/bcheck/
Stop-Phishing: Projects page
- http://www.indiana.edu/~phishing/?projects
LinkScanner
- http://linkscanner.explabs.com/linkscanner/default.asp
BrowserCheck
- http://www.heise-security.co.uk/services/browsercheck/
Cross-browser Exploit Tests
- http://www.jungsonnstudios.com/cool.php
Stealing information using DNS pinning demo
- http://www.jumperz.net/index.php?i=2&a=1&b=7
Javascript Website Login Checker
- http://ha.ckers.org/weird/javascript-website-login-checker.html
Mozilla Activex
- http://www.iol.ie/~locka/mozilla/mozilla.htm
Jungsonn's Black Dragon Project
- http://blackdragon.jungsonnstudios.com/
Mr. T (Master Recon Tool, includes Read Firefox Settings PoC)
- http://ha.ckers.org/mr-t/
Vulnerable Adobe Plugin Detection For UXSS PoC
- http://www.0x000000.com/?i=324
About Flash: is your flash up-to-date?
- http://www.macromedia.com/software/flash/about/
Test your installation of Java software
- http://java.com/en/download/installed.jsp?detect=jre&try=1


PHP static analysis and file inclusion scanning

PHP-SAT.org: Static analysis for PHP
- http://www.program-transformation.org/PHP/
Unl0ck Research Team: tool for searching in google for include bugs
- http://unl0ck.net/tools.php
FIS: File Inclusion Scanner
- http://www.segfault.gr/index.php?cat_id=3&cont_id=25
PHPSecAudit
- http://developer.spikesource.com/projects/phpsecaudit


Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources

 APIDS on Wikipedia
- http://en.wikipedia.org/wiki/APIDS
PHP Intrusion Detection System (PHP-IDS)
- http://php-ids.org/
http://code.google.com/p/phpids/
dotnetids
- http://code.google.com/p/dotnetids/
Secure Science InterScout
- http://www.securescience.com/home/newsandevents/news/interscout1.0.html
Remo: whitelist rule editor for mod_security
- http://remo.netnea.com/
GotRoot: ModSecuirty rules
- http://www.gotroot.com/tiki-index.php?page=mod_security+rules
The Web Security Gateway (WSGW)
- http://wsgw.sourceforge.net/
mod_security rules generator
- http://noeljackson.com/tools/modsecurity/
Mod_Anti_Tamper
- http://www.wisec.it/projects.php?id=3
[TGZ] Automatic Rules Generation for Mod_Security
- http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz
AQTRONIX WebKnight
- http://www.aqtronix.com/?PageID=99
Akismet: blog spam defense
- http://akismet.com/
Samoa: Formal tools for securing web services
- http://research.microsoft.com/projects/samoa/


Web services enumeration / scanning / fuzzing

WebServiceStudio2.0
- http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=65a1d4ea-0f7a-41bd-8494-e916ebc4159c
Net-square: wsChess
- http://net-square.com/wschess/index.shtml
WSFuzzer
- http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
SIFT: web method search tool
- http://www.sift.com.au/73/171/sift-web-method-search-tool.htm
iSecPartners: WSMap, WSBang, etc
- http://www.isecpartners.com/tools.html


Web application non-specific static source-code analysis

Pixy: a static analysis tool for detecting XSS vulnerabilities
- http://www.seclab.tuwien.ac.at/projects/pixy/
Brixoft.Net: Source Edit
- http://www.brixoft.net/prodinfo.asp?id=1
Security compass web application auditing tools (SWAAT)
- http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project
An even more complete list here
- http://www.cs.cmu.edu/~aldrich/courses/654/tools/
A nice list that claims some demos available
- http://www.cs.cmu.edu/~aldrich/courses/413/tools.html
A smaller, but also good list
- http://spinroot.com/static/


Static analysis for C/C++ (CGI, ISAPI, etc) in web applications
RATS
- http://www.securesoftware.com/resources/download_rats.html
ITS4
- http://www.cigital.com/its4/
FlawFinder
- http://www.dwheeler.com/flawfinder/
Splint
- http://www.splint.org/
Uno
- http://spinroot.com/uno/
BOON (Buffer Overrun detectiON)
- http://www.cs.berkeley.edu/~daw/boon/
http://boon.sourceforge.net
Valgrind
- http://www.valgrind.org/


Java static analysis, security frameworks, and web application security tools

HDIV Struts
- http://hdiv.org/
Orizon
- http://sourceforge.net/projects/orizon/
FindBugs: Find bugs in Java programs
- http://findbugs.sourceforge.net/
PMD
- http://pmd.sourceforge.net/
CUTE: A Concolic Unit Testing Engine for C and Java
- http://osl.cs.uiuc.edu/~ksen/cute/
EMMA
- http://emma.sourceforge.net/
JLint
- http://jlint.sourceforge.net/
Java PathFinder
- http://javapathfinder.sourceforge.net/
Fujaba: Move between UML and Java source code
- http://wwwcs.uni-paderborn.de/cs/fujaba/
Checkstyle
- http://checkstyle.sourceforge.net/
Cookie Revolver Security Framework
- http://sourceforge.net/projects/cookie-revolver
tinapoc
- http://sourceforge.net/projects/tinapoc
jarsigner
- http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
Solex
- http://solex.sourceforge.net/
Java Explorer
- http://metal.hurlant.com/jexplore/
HTTPClient
- http://www.innovation.ch/java/HTTPClient/
another HttpClient
- http://jakarta.apache.org/commons/httpclient/
a list of code coverage and analysis tools for Java
- http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html


Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET

 Orcas
- http://msdn.microsoft.com/vstudio/express/future/downloads/default.aspx
Web Development Helper
- http://www.nikhilk.net/Project.WebDevHelper.aspx
FxCop
- http://blogs.msdn.com/fxcop/
http://www.gotdotnet.com/team/fxcop/
Microsoft Application Verifier
- http://www.microsoft.com/technet/prodtechnol/windows/appcompatibility/appverifier.mspx
Microsoft internal tools you can't have yet
- http://www.microsoft.com/windows/cse/pa_projects.mspx http://research.microsoft.com/Pex/ http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf


Threat modeling

Microsoft Threat Analysis and Modeling Tool v2.1 (TAM)
- http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
Amenaza: Attack Tree Modeling (SecurITree)
- http://www.amenaza.com/software.php
Octotrike
- http://www.octotrike.org/


Add-ons for Firefox that help with general web application security
Web Developer Toolbar
- https://addons.mozilla.org/firefox/60/
Plain Old Webserver (POW)
- https://addons.mozilla.org/firefox/3002/
XML Developer Toolbar
- https://addons.mozilla.org/firefox/2897/
Public Fox
- https://addons.mozilla.org/firefox/3911/
XForms Buddy
- http://beaufour.dk/index.php?sec=misc&pagename=xforms
MR Tech Local Install
- http://www.mrtech.com/extensions/local_install/
Nightly Tester Tools
- http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html
IE Tab
- https://addons.mozilla.org/firefox/1419/
User-Agent Switcher
- https://addons.mozilla.org/firefox/59/
ServerSwitcher
- https://addons.mozilla.org/firefox/2409/
HeaderMonitor
- https://addons.mozilla.org/firefox/575/
RefControl
- https://addons.mozilla.org/firefox/953/
refspoof
- https://addons.mozilla.org/firefox/667/
No-Referrer
 - https://addons.mozilla.org/firefox/1999/
LocationBar^2
- https://addons.mozilla.org/firefox/4014/
SpiderZilla
- http://spiderzilla.mozdev.org/
Slogger
- https://addons.mozilla.org/en-US/firefox/addon/143
Fire Encrypter
- https://addons.mozilla.org/firefox/3208/


 Add-ons for Firefox that help with Javascript and Ajax web application security

Selenium IDE
- http://www.openqa.org/selenium-ide/
Firebug
- http://www.joehewitt.com/software/firebug/
Venkman
- http://www.mozilla.org/projects/venkman/
Chickenfoot
- http://groups.csail.mit.edu/uid/chickenfoot/
Greasemonkey
- http://www.greasespot.net/
Greasemonkey compiler
- http://www.letitblog.com/greasemonkey-compiler/
User script compiler
- http://arantius.com/misc/greasemonkey/script-compiler
Extension Developer's Extension (Firefox Add-on)
- http://ted.mielczarek.org/code/mozilla/extensiondev/
Smart Middle Click (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/3885/


Bookmarklets that aid in web application security

RSnake's security bookmarklets
- http://ha.ckers.org/bookmarklets.html
BMlets
- http://optools.awardspace.com/bmlet.html
Huge list of bookmarklets
- http://www.squarefree.com/bookmarklets/
Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality
- http://www.blummy.com/
Bookmarklets every blogger should have
- http://www.micropersuasion.com/2005/10/bookmarklets_ev.html
Flat Bookmark Editing (Firefox Add-on)
- http://n01se.net/chouser/proj/mozhack/
OpenBook and Update Bookmark (Firefox Add-ons)
- http://www.chuonthis.com/extensions/


SSL certificate checking / scanning

 [ZIP] THCSSLCheck
- http://thc.org/root/tools/THCSSLCheck.zip
[ZIP] Foundstone SSLDigger
- http://foundstone.com/resources/freetooldownload.htm?file=ssldigger.zip
Cert Viewer Plus (Firefox Add-on)
- https://addons.mozilla.org/firefox/1964/


Honeyclients, Web Application, and Web Proxy honeypots

 HoneyC: the low-interaction honeyclient
- http://honeyc.sourceforge.net/
Capture: a high-interaction honeyclient
- http://capture-hpc.sourceforge.net/
Google Hack Honeypot
- http://ghh.sourceforge.net/
PHP.Hop - PHP Honeynet Project
- http://www.rstack.org/phphop/
SpyBye
- http://www.monkey.org/~provos/spybye/
Honeytokens
- http://www.securityfocus.com/infocus/1713


Blackhat SEO and maybe some whitehat SEO

 SearchStatus (Firefox Add-on)
- http://www.quirk.biz/searchstatus/
SEO for Firefox (Firefox Add-on)
- http://tools.seobook.com/firefox/seo-for-firefox.html
SEOQuake (Firefox Add-on)
- http://www.seoquake.com/


Footprinting for web application security

 Evolution
- http://www.paterva.com/evolution-e.html
GooSweep
- http://www.mcgrewsecurity.com/projects/goosweep/
Aura: Google API Utility Tools
- http://www.sensepost.com/research/aura/
Edge-Security tools
- http://www.edge-security.com/soft.php
Fierce Domain Scanner
- http://ha.ckers.org/fierce/
Googlegath
- http://www.nothink.org/perl/googlegath/
Advanced Dork (Firefox Add-on)
- https://addons.mozilla.org/firefox/2144/
Passive Cache (Firefox Add-on)
- https://addons.mozilla.org/firefox/977/
CacheOut! (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/1453/
BugMeNot Extension (Firefox Add-on)
- http://roachfiend.com/archives/2005/02/07/bugmenot/
TrashMail.net Extension (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/1813/
DiggiDig (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/2819/
Digger (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/1467/


Database security assessment

 Scuba by Imperva Database Vulnerability Scanner
- http://www.imperva.com/scuba/


Browser Defenses

 DieHard
- http://www.diehard-software.org/
LocalRodeo (Firefox Add-on)
- http://databasement.net/labs/localrodeo/
NoMoXSS
- http://www.seclab.tuwien.ac.at/projects/jstaint/
Request Rodeo
- http://savannah.nongnu.org/projects/requestrodeo
FlashBlock (Firefox Add-on)
- http://flashblock.mozdev.org/
CookieSafe (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/2497
NoScript (Firefox Add-on)
- http://www.noscript.net/
FormFox (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/1579/
Adblock (Firefox Add-on)
- http://adblock.mozdev.org/
httpOnly in Firefox (Firefox Add-on)
- http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html
SafeCache (Firefox Add-on)
- http://www.safecache.com/
SafeHistory (Firefox Add-on)
- http://www.safehistory.com/
PrefBar (Firefox Add-on)
- http://prefbar.mozdev.org/
All-in-One Sidebar (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/1027/
QArchive.org web file checker (Firefox Add-on)
- https://addons.mozilla.org/firefox/4115/
Update Notified (Firefox Add-on)
- https://addons.mozilla.org/en-US/firefox/addon/2098/
FireKeeper
- http://firekeeper.mozdev.org/


Browser Privacy

 TrackMeNot (Firefox Add-on)
- https://addons.mozilla.org/firefox/3173/
Privacy Bird
- http://www.privacybird.com/


Application and protocol fuzzing (random instead of targeted)

Sulley
- http://fuzzing.org/
taof: The Art of Fuzzing
- http://sourceforge.net/projects/taof/
zzuf: multipurpose fuzzer
- http://sam.zoy.org/zzuf/
autodafe: an act of software torture
- http://autodafe.sourceforge.net/
EFS and GPF: Evolutionary Fuzzing System
- http://www.appliedsec.com/resources.html



Written by
Tag : , ,

댓글 없음:

댓글 쓰기

..