Flaws

Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. SPIKE Proxy is part of the Spike Application Testing Suite and supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory traversal detection. To... Platforms: *nix

Flawfinder searches through source code looking for potential security flaws. This is the main web site for flawfinder, a program that examines source code and reports possible security weaknesses (``flaws) sorted by risk level. Its very useful for quickly finding and removing at least some... Platforms: *nix

Orizon is a framework intended to provide tools and facilities to test java sources for security flaws. The main goal is to detect common threats as described in Owasp top 10 vulnerability document. Platforms: Windows, Mac, Linux

PHPCallGraph generates static call graphs for PHP source code using the CodeAnalyzer of the InstantSVC project and the DOT tool.The graphs can be leveraged to gain a better understanding of large software systems or even to debunk design flaws in them. Platforms: PHP

PHPCallGraph generates static call graphs for PHP source code using the CodeAnalyzer of the InstantSVC project and the DOT tool.The graphs can be leveraged to gain a better understanding of large software systems or even to debunk design flaws in them. Platforms: PHP

The Omega Theme is a powerful and free HTML5 Drupal base theme based on the 960gs. It harnesses the power and features of many popular themes to provide an excellent base theme, and sub-theming system to help you quickly prototype and theme your site...Join us on IRC in the #drupal-omega... Platforms: PHP

Q-Views is currently in Alpha and has a couple of security flaws that need to be sorted out before being released as beta. Note that Alpha releases should never be used on production sites. Please also note this module has multiple critical security flaws.Query-Based Views (Q-Views) provides the... Platforms: PHP

Just when developers are starting to run in circles over Cross Site Scripting, the 'sleeping giant' awakes for yet another web-catastrophe. Cross-Site Request Forgery (CSRF) is an attack whereby the victim is tricked into loading information from or submitting information to a web application for... Platforms: Mac

Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others. Platforms: Mac

SpaceMonkey is a Web application auditing tool. It can detect bugs or security flaws without using a knowledge database. It uses fault injection technics ('fuzzing') in order to reveal the flaws (SQL injection, XSS, File inclusion, command execution ). Platforms: *nix

XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.rnrnThe tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.rnrnIf the resulting HTML page sets... Platforms: *nix

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very... Platforms: *nix

InspIRCd is a modular C++ IRCd (IRC daemon) for Linux, BSD, Windows and Apple OS X systems created to provide a stable, modern, and lightweight IRCd written from scratch. As InspIRCd is one of the few IRCd projects written from scratch, it avoids a number of design flaws and speed issues that... Platforms: Windows, *nix

To provide the computer experience available, SmartFix is an all-in-one system and security repair tool that allows you to fix and eliminate the pesky bugs and problems that make slow down your computer through easy one-click menu options. Furthermore, SmartFix adds an extra layer of protection... Platforms: Windows

Blink« Personal Internet Security provides consumers with the most protection available. Blink Personal is the only internet security solution to protect a user's system and sensitive data from viruses, spyware, phishing attempts, identity theft, and other attacks that target system flaws... Platforms: Windows

FTPWebLog project is a freeware integrated WWW and FTP log reporting tool. Its primary inspiration was the wwwstat program written by Roy Fielding. While a good program - wwwstat has some design flaws that make it unsuited for use by large sites as released - notably difficult reconfiguration... Platforms: *nix

sqlmap is an automatic blind SQL injection tool, developed in python, capable to enumerate entire remote database, perform an active database fingerprint and much more. sqlmaps aim is to implement a fully functional database mapper tool which takes advantages of web application programming... Platforms: *nix

phpMyID is a small, fairly lightweight, standalone, single-user Identity Provider for OpenID authentication. OpenID is an open, decentralized, free framework for user-centric digital identity (I stole that from their website). But what does it mean? Well, basically OpenID is a way to... Platforms: *nix

OpenSSH LDAP Public Key patch provides an easy way of centralizing strong user authentication by using an LDAP server for retrieving public keys instead of ~/.ssh/authorized_keys. It uses the standard core.schema/nis.schema and strongAuthenticationUser object class, which can simplify login... Platforms: *nix

Chess::PGN::Filter is a Perl extension for converting PGN files to other formats. SYNOPSIS use Chess::PGN::Filter; filter(source => $pgn,filtertype => XML); OR my %substitutions = ( hsmyers => Myers, Hugh S (ID), ); my @exclude = qw( WhiteElo BlackElo EventDate ); filter(... Platforms: *nix