Displaying 1 to 4 from 4 results

commix - Automated All-in-One OS command injection and exploitation tool.

  •    Python

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header. Usage of commix for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

PHP Vulnerability Hunter

  •    

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications.

lfi-labs - small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns

  •    PHP

for training and testing purposes. you can test detection products (e.g. vulnerability scanners), exploit tools, etc. these are NOT intended for evaluating appsec testing tools.

SourceCodeSniffer - The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions

  •    HTML

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) based on regular expressions. The Source Code Sniffer uses search patterns to score common high risk functions (Injection, LFI/RFI, file uploads etc) across multiple application development languages (C#, C/C++,Java, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner. When performing a source code review, it can help to prioritize the code files that should be reviewed. Source Code Sniffer is written in Python 2.7 and supports both Windows and Linux.