Anything related to websites

Fiddler Web Proxy

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.


A plugin for the free Fiddler HTTP proxy, x5s actively injects tiny probes of ASCII and Unicode into every user-controlled input of a Web-application in order to elicit and identify character transformations and encoding issues that could lead to XSS vulnerability.

NetSparker CE

Netsparker Community Edition is a SQL Injection Scanner. It's a free edition of our web vulnerability scanner for the community so you can start securing your website now. It's user friendly, fast, smart and as always False-Positive-Free.


Httprecon is an open-source application which is able to do an application fingerprinting of web servers. This is done to determine the used product which might be a requirement in vulnerability analysis (e.g. preparation for an exploitation of a product-related vulnerability).

Burp Spider

Burp Spider is a tool for mapping web applications. It automates the laborious task of cataloging an application's content and functionality, and lets you:

Work manually via your browser, by passively inspecting traffic passing through Burp Proxy and cataloging everything that this identifies.

Actively crawl the application, by automatically following links, submitting forms, and parsing responses for new content.

Browse a detailed site map of discovered content, in tree and table form.

Retain full control of all spidering actions, with fine-grained scope definition, automatic or user-guided submission of forms, and detailed configuration of the spidering engine.

Send interesting items to other Burp Suite tools with a single click.

Deal with complex applications, with automatic handling of login credentials and session cookies, and detection of custom "not found" responses.

Save all of your work, and resume working later.

Web Sleuth

Sleuth is a manual research and exploration tool for web applications. It is not just one application, it is a complete toolbox of applications that come together to let you do some unique things.


ThreatSentry combines a state-of-the-art Web Application Firewall and advanced behavioral components to block any activity falling outside of trusted parameters. ThreatSentry delivers enterprise-grade, multi-layered protection and compliance


SslStrip will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.

Goolag Scanner

The Goolag Scanner is a tool that has been released by the Cult of the Dead Cow to automate Google hacking using 1,500 predefined search queries.

The original site is down, I found a copy of the tool on the packet storm website. Old school tool, still works ok to automate the google information gathering phase.

Google Hack Honeypot

Google Hack Honeypot is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a “Google Hack” honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence.

Syndicate content