SOLDIERX.COM Nobody Can Stop Information Insemination

This java based application helps you parse contents of your script e.g. PHP scripts and automatically convert it as hex value, some pentesters use this method to test for possible sql injection vulnerability in a website.

SMBShell is a cross platform java based multi threaded application with minimal smb client shell pentesting tool. This application uses dictionary attack method against remote samba daemon with the capability of spawning an smb client shell with every credential found if the check box ‘spawn shell’ is checked. This will help network/system administrator test the password integrity with the very basic common password attack in your Linux, BSD or Windows box with samba installed.

Firebug is an add-on for Firefox that provides access to browser internals. It features live editing of HTML and CSS, a DOM viewer, and a JavaScript debugger. Web application security testers appreciate the ability to see what's happening behind the scenes of the browser.

AIDE (Advanced Intrusion Detection Environment) is a rootkit detector, a free replacement for Tripwire. It makes cryptographic hashes of important system files and stores them in a database. It can then make reports about which files have changed.

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

DirBuster searches for hidden pages and directories on a web server. Sometimes developers will leave a page accessible, but unlinked; DirBuster is meant to find these potential vulnerabilities.

A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections.

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.

Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.