Watcher: Web security testing tool and passive vulnerability scanner

  •        75

A Fiddler plugin that passively checks web application's for a variety of security issues. Watcher acts as assistant to the web developer, tester, or security auditor, by quickly identifying real issues and hot-spots that commonly lead to security problems in web apps.



Related Projects

AATT - Automated Accessibility Testing Tool

Browser-based accessibility testing tools and plugins require manually testing each page, one at a time. Tools that can crawl a website can only scan pages that do not require login credentials, and that are not behind a firewall. Instead of developing, testing, and using a separate accessibility test suite, you can now integrate accessibility testing into your existing automation test suite using AATT.AATT tests web applications regarding conformance to the Web Content Accessibility Guidelines (WCAG) 2.0. Find a list of the WCAG 2.0 rules checked by HTMLCS Engine on the HTML CodeSniffer WCAG Standard Summary page and Chrome Engine on the Google Chrome Developer Audit rules. AATT provides an accessibility API and custom web application for HTML CodeSniffer, Axe and Chrome developer tool. Using the AATT web application, you can configure test server configurations inside the firewall, and test individual pages.

qark - Tool to look for several security related Android application vulnerabilities

Quick Android Review Kit - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.

Mongoaudit - A powerful MongoDB auditing and pentesting tool

Mongoaudit not only detects mis-configurations, known vulnerabilities and bugs but also gives you advice on how to fix them, recommends best practices and teaches you how to DevOp like a pro! There are quite a few holes in its default configuration settings. This fact, combined with abundant lazy system administrators and developers, led to what the press has called the MongoDB apocalypse.

iOSSecAudit - iOS Security Audit Toolit - A semi-automatic tool for iOS App security audit and iOS reverse engineering

iOS Security Audit Toolit - A semi-automatic tool for iOS App security audit and iOS reverse engineering

it-audit-tools - IT security audit tools, example scanning ip,port,leak...

IT security audit tools, example scanning ip,port,leak...


The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. The initial version is intended to support Static Analysis Security Testing Tools (SAST). A future release will support Dynamic Analysis Security Testing Tools (DAST), like OWASP ZAP, and Interactive Analysis Security Testing Tools (IAST). The goal is that this test application is fully runnable and all the vulnerabilities are actually exploitable so its a fair test for an

Beef - Browser Exploitation Framework

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.

w3af - Web Application Attack and Audit Framework

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.

Opa - Elegant language for Web

Opa is a concise and elegant language for writing scalable and distributed web applications. Opa pushes boundaries of the state of the art in web security by making its application immune to XSS attacks, SQL injections and more. Opa is designed to get you to your finished app faster, concentrating only on the interesting parts, without the hassle of writing the glue or of using a programming language against its original design.

Search Guard - Rock solid Elasticsearch security on all levels

Search Guard is an Elasticsearch plugin that offers encryption, authentication, and authorization. It builds on Search Guard SSL and provides pluggable authentication and authorization modules in addition. Search Guard is fully compatible with Kibana, Logstash and Beats.

Splinter - Python test framework for web applications

Splinter is an open source tool for testing web applications using Python. It lets you automate browser actions, such as visiting URLs and interacting with their items. Splinter is an abstraction layer on top of existing browser automation tools such as Selenium, PhantomJS and zope.testbrowser. It has a high-level API that makes it easy to write automated tests of web applications. It has drivers for Chrome and Firefox for browser-based testing, and zope.testbrowser and PhantomJS for headless testing.

Network Security Toolkit (NST)

Network Security Toolkit (NST) is a bootable ISO image (Live DVD) based on Fedora 18 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanc

Network Config Audit Tool

The goal of this project is to produce practical tools to assist network administraotr, network security practitioners and other interested parties in auditing security settings of routers and other network infrastructure devices.

Nogotofail - Network Security Testing Tool

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Audit Test Project

audit-test is a test suite designed to provide automated testing for the light-weight audit framework that first appeared in the 2.6.4 kernel. It has been used regularly since RHEL4 and has most recently been updated for RHEL6.3 and SLES11. The test suite now covers functionality beyond audit and includes the automated tests required for the BSI OSPP, including labeled security and virtualization.

Wapiti - Web application vulnerability scanner / security auditor

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. It is able to differentiate ponctual and permanent XSS vulnerabilities.

Selenium - Web app testing tool

Selenium is a suite of tools such as Selenium IDE, Selenium Remote Control and Selenium Grid to test the web application. Selenium IDE is an integrated development environment for Selenium scripts. It is implemented as a Firefox extension, and allows you to record, edit, and debug tests. It supports record and playback.

SQL Data Capture - Black Box Application Testing

A tool for capturing and analyzing data modifications; an audit trail generator with a data modifications viewer. Helps with testing, troubleshooting and exploring application functionality. ASP.NET 3.5 C#, SMO application. Audit and CRUD generators are included.

find-sec-bugs - Plugin for FindBugs that aim to help security audit on Java web application.

Plugin for FindBugs that aim to help security audit on Java web application.

Debian rough audits

Reports from security audit tools run on source code and other material in the Debian project along with notes. This is a stalled project. Other related projects include