SQLol is a configurable SQL injection testbed. SQLol allows you to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw.


XMLmao is a configurable XML/XPath injection testbed. XMLmao allows
you to exploit XML/XPath injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaws.

XMLmao is based on the idea of SQLol, an earlier release which
allows for SQL injection exploitation.


Subdomainer is an information gathering tool designed for obtaining subdomain names from public sources, like Google, Msn search, Yahoo, PgP servers, etc.

After obtaining potential subdomain names, it will check if the subdomain really exists.


This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool). It's useful when doing forensics, log analisis, or just plain curiosity.


SqlCake is an Automatic SQL injection and database information gathering tool.

HTTP Post Tool

A tool for the purpose of performing web application security assessment around the availability concerns. Web Denial of Service Attack tool.


WebSlayer is a tool designed for brute forcing Web Applications, it can be used to discover not linked resources (directories, servlets, scripts, etc), brute force GET and POST parameters, brute force Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and a easy and powerful results analyzer to aid the tester in all the brute force tests.


Webshag is a multi-threaded, multi-platform web server auditing tool coded in python. It is used for crawling a URL, port scanning, file fuzzing and audits your website.


Web vulnerable scan tool SQL injection XSS Cross Site Scripting 404/500 server error Admin/Manage folder search web-base or command-line scanner by PHP Check up collate with HTML FORM and LINK

Php-Vulnerability Hunter

PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI.

Syndicate content