Scanners to test security


VulnDetector is a project coded in python which scans a website and detects various web based security vulnerabilities in the website. It was developed by Brad Cable who is into coding open source tools.


Pangolin is a penetration testing, SQL Injection test tool on database security. It finds SQL Injection vulnerabilities.Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user”s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

MSSQL Scanner Pentesting Tool

MSSQLScanner is a multithreaded java based dictionary attack tool with the capability of spawning an SQL Query Shell and xp_cmdshell for pentesting your MS SQL Database server.

SMB Shell

SMBShell is a cross platform java based multi threaded application with minimal smb client shell pentesting tool. This application uses dictionary attack method against remote samba daemon with the capability of spawning an smb client shell with every credential found if the check box ‘spawn shell’ is checked. This will help network/system administrator test the password integrity with the very basic common password attack in your Linux, BSD or Windows box with samba installed.


Wireless cracking Ubuntu Suite / Distro. Need I say more..


This is another pentesting lab system.


AIDE (Advanced Intrusion Detection Environment) is a rootkit detector, a free replacement for Tripwire. It makes cryptographic hashes of important system files and stores them in a database. It can then make reports about which files have changed.


Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.


Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.


Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.

Syndicate content