SOLDIERX.COM Nobody Can Stop Information Insemination

The basic principle behind wXf is to collect and place into a framework, all of the various scripts that web security testers create on a per-engagement scenario. This tool is like metasploit for webapps.

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

A Firefox extension that demonstrates HTTP session hijacking attacks.

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop security test. VoIP Hopper is a VoIP infrastructure security testing tool but also a tool that can be used to test the (in)security of VLANs.

The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file. Vomit is not a VoIP sniffer also it could be but the naming is probably related to H.323.

tcp-over-dns contains a special dns server and a special dns client. The client and server work in tandem to provide a TCP (and UDP!) tunnel through the standard DNS protocol.

SslStrip will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.

Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.

Updated/new name: Wireshark

CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
Additionally, CMS Explorer can be used to aid in security testing.
While it performs no direct security checks, the "explore" option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible.
This is done by retrieving the module's current source tree and then requesting those file names from the target system.
These requests can be sent through a distinct proxy to help "bootstrap" security testing tools like Burp, Paros, Webinspect, etc.
CMS Explorer can also search OSVDB for vulnerabilities with the installed components.

CMS Explorer currently supports module/theme discovery with the following products:
* Drupal
* Wordpress
* Joomla!
* Mambo

And exploration of the following products:
* Drupal
* Wordpress

Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing