Source Code Analyzer

Used for source code analysis, generally security related.


Tamper data is a firefox add on that is used to view and modify HTTP/HTTPS headers and post parameters

HTTP Post Tool

A tool for the purpose of performing web application security assessment around the availability concerns. Web Denial of Service Attack tool.


Arachni is an open source web application security scanner framework coded in ruby that helps website administrators and penetration testers evaluate the security of a web application.


nm command, is used to list the symbols from the target program. By using nm, we can get to know the local and library functions and also the global variables used. nm cannot work on a program which is striped using ‘strip’ command. Below is a link on usage for reverse engineering with linux.

Script Hex Dump

This java based application helps you parse contents of your script e.g. PHP scripts and automatically convert it as hex value, some pentesters use this method to test for possible sql injection vulnerability in a website.


Firebug is an add-on for Firefox that provides access to browser internals. It features live editing of HTML and CSS, a DOM viewer, and a JavaScript debugger. Web application security testers appreciate the ability to see what's happening behind the scenes of the browser.


Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.


Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.


No Script is a firefox add on that blocks active content from running in the browser.


Rational AppScan Standard Edition software can help reduce costs associated with manual vulnerability testing and help to protect against the threat of cyber-attack by automating security analysis to detect exploitable vulnerabilities.

Syndicate content