首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. WEB安全
    3. 发新帖
[转帖]WEB安全工具集
发表于: 2010-4-13 08:16 12136

[转帖]WEB安全工具集

零时 活跃值
2010-4-13 08:16
12136
LiveCDs
Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - 78dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8S2j5$3E0W2N6r3k6G2j5%4g2K6i4K6u0W2j5$3!0E0i4K6u0r3K9r3q4U0K9$3!0K6i4K6u0r3
DVL (Damn Vulnerable Linux) - f65K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8S2L8h3&6$3N6h3I4F1k6i4u0S2j5X3I4W2L8r3W2F1N6i4S2Q4x3X3g2G2M7X3N6Q4x3V1j5`.

Test sites / testing grounds
SPI Dynamics (live) - d30K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4A6W2M7X3!0Q4x3X3g2%4k6h3u0S2M7s2m8K6k6h3y4#2M7X3W2@1P5g2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
Cenzic (live) - fdfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4J5j5h3y4C8L8h3g2Q4x3X3g2U0k6h3&6*7K9h3y4Q4x3X3g2U0L8$3#2Q4x3V1j5`.
Watchfire (live) - 3ecK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8W2L8h3!0Q4x3X3g2@1k6i4y4@1k6X3W2J5k6g2)9J5k6h3&6W2N6q4)9J5c8R3`.`.
Acunetix (live) - 895K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8W2M7%4c8H3K9s2m8Q4x3X3g2S2j5%4g2F1k6i4c8A6P5q4)9J5k6h3y4G2L8g2)9J5c8R3`.`. 6bfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8W2M7%4c8S2M7%4m8Q4x3X3g2S2j5%4g2F1k6i4c8A6P5q4)9J5k6h3y4G2L8b7`.`. c39K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8W2M7%4c8S2M7%4m8F1k6i4c8Q4x3X3g2S2j5%4g2F1k6i4c8A6P5q4)9J5k6h3y4G2L8b7`.`.
WebMaven / Buggy Bank - c53K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2S2N6X3g2F1M7$3g2U0N6i4u0A6N6s2W2Q4x3X3g2U0L8$3#2Q4x3V1k6%4k6h3u0E0j5i4k6W2L8R3`.`.
Foundstone SASS tools - 1e9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3k6G2N6h3&6V1M7%4c8G2L8X3g2Q4x3X3g2U0L8$3#2Q4x3V1k6#2M7#2)9J5c8Y4u0W2M7$3!0#2M7X3y4W2M7#2)9J5k6r3k6J5k6h3g2Q4x3X3c8@1L8$3!0D9M7#2)9J5k6h3q4K6M7l9`.`.
Updated HackmeBank - 208K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3)9J5i4K6u0V1L8%4g2F1j5$3g2G2M7r3g2F1i4K6u0W2j5$3!0E0i4K6u0r3N6r3g2U0K9r3&6A6j5$3q4D9i4K6u0V1K9h3&6X3L8#2)9J5c8U0t1H3x3o6S2Q4x3V1j5I4x3W2)9J5c8U0S2Q4x3V1k6#2M7r3c8S2N6r3g2V1i4K6u0V1N6X3g2J5M7$3W2G2L8W2)9J5k6r3!0X3i4K6u0V1K9r3q4U0L8h3g2T1j5h3&6C8i4K6u0W2K9s2c8E0L8l9`.`.
OWASP WebGoat - c01K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6a6g2@1q4e0f1q4)9#2k6W2N6W2j5V1N6G2j5i4c8Q4y4h3k6b7M7X3!0B7k6h3y4@1
OWASP SiteGenerator - c61K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6a6N6$3q4K6M7q4)9#2k6W2y4A6N6r3g2s2k6h3&6W2M7X3q4@1L8%4t1`.
Stanford SecuriBench - 1cbK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4#2K9h3k6Q4x3X3g2K6N6r3q4F1k6X3!0J5k6q4)9J5k6h3g2V1N6g2)9J5c8W2)9%4c8h3I4A6N6Y4y4Z5K9i4c8K6i4K6u0r3M7$3g2U0N6i4u0A6j5X3g2F1j5$3S2Q4x3V1j5`.
SecuriBench Micro - 936K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4#2K9h3k6Q4x3X3g2K6N6r3q4F1k6X3!0J5k6q4)9J5k6h3g2V1N6g2)9J5c8W2)9%4c8h3I4A6N6Y4y4Z5K9i4c8K6i4K6u0r3N6$3!0J5K9#2)9J5c8Y4y4W2j5%4g2J5K9h3u0W2L8X3y4Z5i4K6u0V1L8h3W2U0M7X3!0Q4x3V1j5`.

HTTP proxying / editing
WebScarab - 6c4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6o6j5i4c8W2k6$3!0J5P5g2)9K6b7f1!0i4b7g2y4b7i4K6g2X3g2$3g2T1f1$3y4S2M7X3q4T1i4K6g2X3f1s2u0G2K9X3g2U0N6l9`.`.
Burp - ca7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8G2M7Y4c8K6N6$3W2Y4k6$3g2J5i4K6u0W2L8X3g2@1i4K6u0r3
Paros - 89eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8S2M7X3!0K6M7s2u0G2P5s2W2Q4x3X3g2G2M7X3N6Q4x3V1j5`.
Fiddler - 16cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3k6A6k6r3c8D9k6i4u0@1L8$3!0D9i4K6u0W2j5$3!0E0i4K6u0r3
Web Proxy Editor - cd2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2A6j5%4u0G2M7$3!0X3N6q4)9J5k6h3y4G2L8g2)9J5c8X3#2K6M7s2u0W2M7%4y4Q4x3V1k6U0L8$3#2H3j5h3&6A6L8$3&6Q4x3V1j5H3i4K6u0V1y4K6x3#2y4W2)9J5k6o6t1I4z5o6N6Q4x3X3c8j5i4K6u0r3
Pantera - 143K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6o6j5i4c8W2k6$3!0J5P5g2)9K6b7f1!0i4b7g2y4b7i4K6g2X3f1r3q4F1N6r3g2J5j5g2)9#2k6W2N6W2j5W2)9#2k6V1q4K6M7$3g2K6M7$3#2W2L8Y4c8Q4y4h3k6e0N6s2g2V1K9h3!0Q4y4h3k6b7M7X3!0B7k6h3y4@1
Suru - edfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2L8Y4y4W2M7r3!0K6N6q4)9J5k6h3y4G2L8g2)9J5c8Y4u0W2M7$3g2S2M7X3y4Z5i4K6u0r3M7%4g2J5N6g2)9J5c8R3`.`.
httpedit (curses-based) - ae7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6W2N6i4c8J5j5h3I4T1K9i4c8Q4x3X3g2U0L8$3#2Q4x3V1k6W2L8W2)9J5c8Y4u0V1i4K6u0r3K9s2c8@1M7r3g2V1K9i4c8Q4x3V1j5`.
Charles - ae8K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4S2C8y4K6u0Q4x3X3g2U0L8$3#2Q4x3V1k6U0K9r3q4J5L8r3g2K6i4K6u0r3
Odysseus - 933K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3u0A6L8X3c8K6K9r3g2D9L8q4)9J5k6h3&6W2N6q4)9J5c8Y4c8G2L8$3I4K6i4K6u0r3L8$3c8&6M7%4y4W2N6i4x3`.
Burp, Paros, and WebScarab for Mac OS X - 5d5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4G2M7Y4y4S2K9i4u0W2i4K6u0W2j5$3!0E0i4K6u0r3k6r3!0%4L8X3I4G2j5h3c8K6i4K6u0r3
Web-application scanning tool from `Network Security Tools'/O'Reilly - a65K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3g2^5j5h3#2H3L8r3g2K6i4K6u0W2L8%4u0W2K9h3I4D9P5g2)9J5k6h3y4G2L8g2)9J5c8X3&6W2N6s2N6G2M7X3E0K6N6q4)9J5c8R3`.`.
JS Commander - bb2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3A6K6j5$3#2V1i4K6u0W2M7Y4g2T1P5h3k6G2M7X3N6W2i4K6u0W2L8%4u0Y4i4K6u0r3
Ratproxy - 5b9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4G2k6r3g2Q4x3X3g2Y4L8$3!0Y4L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6H3i4K6u0r3M7X3q4@1M7s2u0G2P5s2W2Q4x3V1j5`.

RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools
Wfuzz - 0fdK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2V1k6$3g2Q4x3X3c8K6k6h3y4#2M7X3W2@1P5g2)9J5k6h3y4G2L8g2)9J5c8Y4N6X3N6i4A6*7i4K6u0W2M7r3S2H3
ProxMon - 910K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2K6k6h3y4H3j5i4u0@1L8X3g2J5M7#2)9J5k6h3y4G2L8g2)9J5c8Y4m8J5L8%4S2E0L8$3&6Q4x3X3g2Z5N6r3#2D9
Wapiti - 264K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6S2M7r3W2@1K9g2)9J5k6i4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3
Grabber - ed4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0Y4j5i4g2U0K9r3g2J5i4K6u0W2K9h3&6X3L8#2)9J5c8X3u0W2N6r3q4Q4x3V1k6Y4M7X3q4T1j5X3g2J5i4K6u0r3
XSSScan - be0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8S2M7X3E0U0L8$3c8W2i4K6u0W2j5i4c8Z5i4K6u0W2j5%4S2Q4x3V1k6K6j5$3q4F1L8X3g2J5M7#2)9J5c8W2S2e0f1%4y4U0j5h3&6Q4x3X3g2H3P5b7`.`.
CAL9000 - 239K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6o6j5i4c8W2k6$3!0J5P5g2)9K6b7f1!0i4b7g2y4b7i4K6g2X3b7@1q4x3z5e0l9H3x3q4)9#2k6W2m8J5L8$3A6W2j5%4b7`.
HTMangLe - dc3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3k6A6M7$3S2F1k6i4c8K6k6h3y4#2M7X3W2@1P5g2)9J5k6h3y4G2L8g2)9J5c8W2c8G2L8$3I4K6i4K6u0r3d9q4c8y4j5h3&6Y4e0r3g2Q4x3V1k6H3N6h3u0D9K9i4y4Z5i4K6u0W2K9s2c8E0
JBroFuzz - 70dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6B7j5Y4u0G2k6Y4g2*7P5R3`.`.
XSSFuzz - dc5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2S2i4K6u0W2j5$3E0W2M7Y4y4Q4x3X3g2G2M7X3N6Q4x3V1k6T1L8r3!0Y4i4K6u0r3x3U0l9H3y4U0l9&6x3U0q4Q4x3V1k6^5M7%4y4X3N6i4A6*7i4K6u0V1M7X3g2D9k6h3q4K6k6h3c8Q4x3V1j5`.
WhiteAcid's XSS Assistant - b54K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4N6Z5K9i4c8W2j5h3y4A6k6q4)9J5k6h3!0J5k6#2)9J5c8X3N6J5k6h3q4K6k6h3#2G2L8X3E0W2P5g2)9J5c8R3`.`.
Overlong UTF - a2fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2A6j5%4u0G2M7$3!0X3N6q4)9J5k6h3y4G2L8g2)9J5c8X3#2K6M7s2u0W2M7%4y4Q4x3V1k6U0L8$3#2H3j5h3&6A6L8$3&6Q4x3V1j5H3i4K6u0V1y4K6x3#2y4W2)9J5k6o6t1I4z5o6N6Q4x3X3c8j5i4K6u0r3
[TGZ] MielieTool (SensePost Research) - 232K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8S2j5$3E0W2N6s2y4@1L8%4u0E0M7$3g2U0N6i4u0A6N6s2W2Q4x3X3g2G2M7X3N6Q4x3V1k6g2e0V1W2j5i4K6u0r3N6i4c8A6L8r3W2@1K9h3g2K6i4K6u0r3L8h3W2W2L8r3W2W2N6r3!0G2L8s2y4Q4x3X3c8$3x3g2)9J5k6e0m8Q4x3X3g2@1k6%4Z5`.
RegFuzzer: test your regular expression filter - c47K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0Y4j5i4g2U0K9r3g2J5i4K6u0W2K9h3&6X3L8#2)9J5c8X3u0Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9J5c8Y4m8G2M7%4c8Q4x3V1j5J5x3o6l9%4i4K6u0r3x3o6g2Q4x3V1j5J5y4W2)9J5c8W2u0W2k6@1k6#2P5Y4A6W2M7W2)9J5y4e0y4m8i4K6u0V1g2r3g2K6N6q4)9J5k6s2W2G2N6i4u0Q4x3X3c8J5k6h3N6#2L8r3q4J5i4K6u0V1k6i4S2H3M7X3g2K6M7$3W2G2L8W2)9J5k6r3k6A6L8s2c8W2M7R3`.`.
screamingCobra - b36K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8S2j5$3S2T1x3r3c8W2L8W2)9J5k6h3y4G2L8g2)9J5c8Y4m8J5L8$3A6W2j5%4c8K6i4K6u0r3M7$3y4J5k6h3q4E0K9h3&6Y4j5$3!0T1M7X3q4Q4x3X3g2Z5N6r3#2D9
SPIKE and SPIKE Proxy - e17K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0L8i4g2F1K9i4c8&6M7$3g2U0i4K6u0W2j5$3!0E0i4K6u0r3M7X3g2K6L8%4g2J5j5$3g2K6i4K6u0V1k6Y4u0W2k6i4y4G2k6Y4c8%4j5i4u0W2i4K6u0W2M7$3S2@1L8h3H3`.
RFuzz - b0aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0X3N6i4A6*7i4K6u0W2M7Y4g2T1P5h3k6G2M7X3N6W2i4K6u0W2L8%4u0Y4i4K6u0r3
WebFuzz - 673K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4G2k6r3g2T1M7X3g2S2K9$3g2J5M7#2)9J5k6r3A6G2N6i4u0F1j5h3I4Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8X3!0H3N6r3W2G2L8W2)9K6c8r3y4G2L8g2)9#2k6X3y4G2L8Y4c8W2L8Y4c8Q4x3U0k6@1j5i4y4C8i4K6y4p5N6X3W2W2N6#2)9J5y4X3W2V1i4K6y4p5x3e0p5J5i4K6t1$3d9i4c8W2L8h3W2V1i4K6y4p5z5e0V1&6z5e0V1&6z5e0V1`.
TestMaker - c20K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8#2M7$3S2@1L8%4c8W2M7%4c8Q4x3X3g2U0L8$3#2Q4x3V1k6p5L8$3y4K6i4K6u0r3k6r3!0%4L8X3I4G2j5h3c8K6i4K6u0r3k6X3g2S2N6s2g2J5k6i4y4Q4x3X3g2Z5N6r3#2D9
ASP Auditor - 2cdK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2A6j5$3S2S2k6h3I4V1j5i4N6Q4x3X3g2G2M7X3N6Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8X3q4K6M7q4)9J5k6r3q4#2k6r3W2@1L8%4u0Q4x3X3c8$3x3W2)9J5c8R3`.`.
WSTool - 587K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6K6N6r3!0G2L8q4)9J5k6i4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3
Web Hack Control Center (WHCC) - f44K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4g2K6M7%4W2K6j5h3c8E0K9h3&6Q4x3X3g2U0L8$3#2Q4x3V1k6%4K9r3y4U0i4K6u0r3
Web Text Converter - 753K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2A6j5%4u0G2M7$3!0X3N6q4)9J5k6h3y4G2L8g2)9J5c8X3#2K6M7s2u0W2M7%4y4Q4x3V1k6U0L8$3#2H3j5h3&6A6L8$3&6Q4x3V1j5H3i4K6u0V1y4K6x3#2y4W2)9J5k6o6t1I4z5o6N6Q4x3X3c8j5i4K6u0r3
HackBar (Firefox Add-on) - 1bfK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0x3^5z5e0W2Q4x3V1j5`.
Net-Force Tools (NF-Tools, Firefox Add-on) - eb8K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6W2N6q4)9J5k6r3k6G2M7X3y4W2i4K6u0W2L8X3I4Q4x3V1k6D9K9h3u0J5j5i4u0&6i4K6u0r3k6r3!0%4L8X3I4G2j5h3c8K6i4K6u0r3
PostIntercepter (Greasemonkey script) - d69K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4g2K6k6i4u0K6j5%4u0A6M7s2c8K6i4K6u0W2L8%4u0Y4i4K6u0r3M7$3y4J5K9i4m8@1M7#2)9J5c8Y4y4Z5L8%4N6Q4x3V1j5%4y4o6x3`.

HTTP general testing / fingerprinting
Wbox: HTTP testing tool - 910K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2H3K9h3&6Y4i4K6u0W2L8%4u0Y4i4K6u0r3N6$3u0G2P5q4)9J5c8R3`.`.
ht://Check - 6a9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2@1j5$3S2W2j5$3E0Q4x3X3g2K6L8%4g2J5j5$3g2X3L8%4u0Y4k6g2)9J5k6h3&6W2N6q4)9J5c8R3`.`.
Mumsie - 276K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3I4#2M7X3S2I4i4K6u0W2j5$3!0E0i4K6u0r3N6r3!0G2L8s2y4Q4x3V1k6E0N6h3#2K6K9h3g2Q4x3X3g2Z5N6r3#2D9
WebInject - 115K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4N6W2j5X3W2F1K9X3g2U0N6q4)9J5k6h3!0J5k6#2)9J5c8R3`.`.
Torture.pl Home Page - 26cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4@1k6h3W2F1i4K6u0W2j5%4y4Z5L8q4)9J5k6h3!0J5k6#2)9J5c8W2)9%4c8h3I4K6N6r3g2A6L8W2)9J5c8Y4c8G2M7Y4c8#2M7X3g2Q4x3V1j5`.
JoeDog's Seige - 129K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6G2k6h3c8G2k6#2)9J5k6h3!0J5k6#2)9J5c8V1A6G2k6f1c8G2k6#2)9J5c8W2y4A6k6h3N6W2i4K6u0r3
OPEN-LABS: metoscan (http method testing) - e3dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0H3k6h3&6Q4x3X3c8D9j5h3u0K6i4K6u0W2L8%4u0Y4i4K6u0r3
Load-balancing detector - aacK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3N6W2i4K6u0W2L8h3W2F1k6g2)9J5k6h3&6#2i4K6u0r3L8r3u0V1i4K6u0W2K9s2c8E0L8l9`.`.
HMAP - 5d4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4g2B7k6h3&6A6i4K6u0W2L8i4g2J5K9%4W2J5L8$3y4Q4x3X3g2U0L8$3#2Q4x3V1k6Z5L8h3q4H3i4K6u0r3
Net-Square: httprint - cfaK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3&6W2N6q4)9J5k6s2y4I4N6h3q4J5k6g2)9J5k6h3y4G2L8g2)9J5c8X3S2@1N6s2m8J5K9h3&6@1i4K6u0r3
Wpoison: http stress testing - 672K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6H3L8$3W2K6L8$3&6Q4x3X3g2K6L8%4g2J5j5$3g2X3L8%4u0Y4k6g2)9J5k6h3&6W2N6q4)9J5c8R3`.`.
Net-square: MSNPawn - 64fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3&6W2N6q4)9J5k6s2y4I4N6h3q4J5k6g2)9J5k6h3y4G2L8g2)9J5c8X3#2K6L8Y4m8S2N6$3&6Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4y4Z5N6r3#2D9
hcraft: HTTP Vuln Request Crafter - 522K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8J5N6h3W2V1i4K6u0W2j5$3q4#2k6$3S2I4i4K6u0W2L8%4u0Y4i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6Z5j5%4u0S2k6Y4c8Q4x3V1j5`.
rfp.labs: LibWhisker - 8f4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4N6A6M7X3g2@1M7X3W2H3i4K6u0W2L8X3g2@1i4K6u0r3M7X3k6H3i4K6u0r3L8s2N6Q4x3X3g2S2M7%4l9`.
Nikto - 047K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4A6M7Y4c8Q4x3X3g2F1k6i4c8Q4x3V1k6U0L8$3c8W2i4K6u0r3L8X3W2C8N6r3!0Q4x3X3g2K6K9s2c8E0L8l9`.`.
twill - 7c7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8%4K9h3I4D9i4K6u0W2K9h3c8&6L8r3I4Q4x3X3g2G2M7X3N6Q4x3V1j5`.
DirBuster - a75K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6o6j5i4c8W2k6$3!0J5P5g2)9K6b7f1!0i4b7g2y4b7i4K6g2X3c8r3W2J5b7Y4g2K6N6r3g2J5i4K6g2X3f1s2u0G2K9X3g2U0N6l9`.`.
[ZIP] DFF Scanner - d1fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4W2j5%4g2J5K9i4c8&6i4K6u0V1L8X3g2@1i4K6u0W2j5X3W2*7i4K6u0r3k6X3W2D9k6i4y4Q4x3V1k6V1k6X3k6Q4x3V1k6p5c8V1k6Q4x3X3g2*7K9i4l9`.
[ZIP] The Elza project - 9faK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8S2j5$3E0W2N6s2y4@1L8%4u0E0M7$3g2U0N6i4u0A6N6s2W2Q4x3X3g2G2M7X3N6Q4x3V1k6%4k6h3u0Q4x3V1k6W2L8s2A6S2i4K6u0V1x3g2)9J5k6e0c8Q4x3X3f1%4i4K6u0V1j5X3g2@1j5g2)9J5k6i4A6A6M7l9`.`. 669K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4@1L8$3g2$3i4K6u0W2L8%4u0Y4i4K6u0r3k6h3I4*7j5g2)9J5k6h3S2@1L8h3H3`.
HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled - a6cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4X3i4K6u0W2L8X3g2@1i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6Z5j5h3y4C8k6X3!0^5

Browser-based HTTP tampering / editing / replaying
TamperIE - 070K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3u0S2P5h3c8W2L8W2)9J5k6h3y4G2L8g2)9J5c8V1!0@1K9r3g2J5i4K6u0r3
isr-form - 56dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2F1k6X3!0T1P5i4c8W2i4K6u0W2j5$3!0E0i4K6u0W2j5i4u0Q4x3V1k6V1k6i4k6W2L8r3!0H3L8h3g2F1N6s2y4Q4x3X3g2Z5N6r3#2D9
Modify Headers (Firefox Add-on) - 25dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2G2k6r3W2X3P5h3S2W2j5h3c8W2M7Y4y4Q4x3X3g2E0L8%4A6V1k6i4k6Q4x3X3g2G2M7X3N6Q4x3V1j5`.
Tamper Data (Firefox Add-on) - 394K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8S2L8i4m8W2M7X3c8S2N6r3q4Q4x3X3g2E0L8%4A6V1k6i4k6Q4x3X3g2G2M7X3N6Q4x3V1j5`.
UrlParams (Firefox Add-on) - df3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5J5z5e0m8Q4x3V1j5`.
TestGen4Web (Firefox Add-on) - 7c0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5K6z5o6g2Q4x3V1j5`.
DOM Inspector / Inspect This (Firefox Add-on) - a1aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5^5x3o6k6Q4x3V1j5`. e38K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5&6x3e0y4Q4x3V1j5`.
LiveHTTPHeaders / Header Monitor (Firefox Add-on) - 749K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3I4A6N6X3g2Z5N6s2c8H3K9r3g2S2k6r3g2J5M7#2)9J5k6h3#2G2P5X3c8W2N6W2)9J5k6h3!0J5k6#2)9J5c8R3`.`. c01K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0f1%4y4g2)9J5c8R3`.`.

Cookie editing / poisoning
[TGZ] stompy: session id tool - 331K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3I4U0j5h3#2@1N6h3k6Q4x3X3g2U0L8%4u0W2k6s2g2E0M7q4)9J5k6h3y4^5i4K6u0r3M7%4c8G2L8i4m8&6i4K6u0W2N6r3N6*7
Add'N Edit Cookies (AnEC, Firefox Add-on) - df9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3q4V1k6r3&6W2k6r3W2@1j5$3!0G2K9$3W2W2M7#2)9J5k6h3#2G2P5X3c8W2N6W2)9J5k6h3!0J5k6#2)9J5c8R3`.`.
CookieCuller (Firefox Add-on) - 0f9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4G2L8$3E0A6k6h3y4#2L8r3I4W2M7W2)9J5k6h3#2G2P5X3c8W2N6W2)9J5k6h3!0J5k6#2)9J5c8R3`.`.
CookiePie (Firefox Add-on) - a96K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6W2K9%4c8J5j5g2)9J5k6h3y4G2L8g2)9J5c8X3!0K6M7#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6W2P5s2c8W2L8Y4y4A6L8$3&6K6i4K6u0r3j5$3!0G2K9$3W2W2M7r3W2W2i4K6u0r3
CookieSpy - c85K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4G2k6r3g2H3M7X3!0B7k6h3y4@1i4K6u0W2j5$3!0E0i4K6u0r3M7$3S2W2L8r3I4Q4x3V1k6U0L8$3!0C8K9h3g2K6M7s2W2Q4x3X3g2S2M7%4l9`.
Cookies Explorer - adbK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8#2N6r3y4Z5k6s2g2U0K9#2)9J5k6h3y4G2L8g2)9J5c8V1k6W2j5i4c8#2M7X3g2K6i4K6u0r3b7$3!0G2K9$3W2W2M7#2)9J5k6h3q4K6M7s2R3`.

Ajax and XHR scanning
Sahi - 915K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4S2K9r3W2Q4x3X3g2U0L8#2)9J5k6h3W2F1i4K6u0r3
scRUBYt - c8eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4U0M7Y4g2T1P5i4c8Q4x3X3g2G2M7X3N6Q4x3V1j5`.
jQuery - 4baK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3A6I4N6h3g2J5P5g2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
jquery-include - 652K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6F1N6h3y4A6N6r3W2*7k6h3&6Q4x3X3g2G2M7X3N6Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8X3A6I4N6h3g2J5P5g2)9J5k6r3W2F1j5$3I4#2k6r3f1`.
Sprajax - e34K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8W2L8X3W2E0k6%4u0G2N6i4m8Q4x3X3g2U0L8$3#2Q4x3V1k6K6M7s2u0S2K9X3q4^5i4K6u0W2K9s2c8E0L8l9`.`.
Watir - 3bcK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6@1M7W2)9J5k6i4u0#2j5Y4W2X3L8%4u0Y4k6g2)9J5k6h3!0J5k6#2)9J5c8R3`.`.
Watij - 82cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6S2N6r3W2B7i4K6u0W2j5$3!0E0i4K6u0r3
Watin - 5efK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6S2N6r3W2F1i4K6u0W2M7$3!0#2M7X3y4W2k6X3!0J5k6$3g2Q4x3X3g2F1k6i4c8Q4x3V1j5`.
RBNarcissus - 737K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2V1L8$3&6@1M7$3#2G2K9$3g2Q4x3X3g2U0L8#2)9J5k6i4g2C8i4K6u0r3x3U0l9H3y4g2)9J5c8Y4u0T1L8X3q4J5j5$3W2K6M7%4g2K6i4K6u0r3
SpiderTest (Spider Fuzz plugin) - 1e0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2U0j5h3u0G2L8#2)9J5k6i4y4W2i4K6u0r3j5i4u0@1K9h3y4D9k6i4y4Q4x3V1j5J5x3o6l9%4i4K6u0r3x3W2)9J5c8U0t1I4i4K6u0r3N6r3S2W2i4K6u0V1k6X3q4T1N6h3I4G2N6i4y4Q4x3X3c8K6M7r3W2V1k6i4u0Q4x3X3c8X3N6i4A6*7i4K6u0V1M7r3I4#2k6$3W2F1
Javascript Inline Debugger (jasildbg) - dd0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3A6S2M7$3W2D9k6r3u0Y4i4K6u0W2k6$3!0G2k6$3I4W2M7r3q4Y4k6i4y4Q4x3X3g2U0L8$3#2Q4x3V1j5`.
Firebug Lite - 72eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6W2N6r3k6A6M7X3g2T1N6h3N6Q4x3X3g2U0L8$3#2Q4x3V1k6D9K9i4c8W2i4K6u0W2K9s2c8E0L8l9`.`.
firewaitr - 3c3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4G2k6r3g2Q4x3X3g2Y4L8$3!0Y4L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6H3i4K6u0r3k6X3W2J5k6i4N6S2N6r3W2J5i4K6u0r3

RSS extensions and caching
LiveLines (Firefox Add-on) - c29K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0x3J5y4q4)9J5c8R3`.`.
rss-cache - 3f9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8#2j5X3k6A6M7X3g2Q4x3X3g2F1k6i4c8Q4x3V1k6U0K9s2u0A6M7#2)9J5c8Y4m8J5L8$3A6W2j5%4c8K6i4K6u0r3M7Y4y4K6i4K6u0V1j5$3q4U0K9r3g2Q4x3V1j5`.

SQL injection scanning
0x90.org: home of Absinthe, Mezcal, etc - d15K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0m8^5z5e0m8Q4x3X3g2G2M7X3N6Q4x3V1k6J5k6h3I4W2j5i4y4W2M7#2)9J5k6i4m8Z5M7l9`.`.
SQLiX - eb0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6o6j5i4c8W2k6$3!0J5P5g2)9K6b7f1!0i4b7g2y4b7i4K6g2X3f1#2q4x3K9g2S2Q4y4h3k6b7M7X3!0B7k6h3y4@1
sqlninja: a SQL Server injection and takover tool - 059K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4I4L8r3&6A6L8X3A6S2i4K6u0W2M7$3!0#2M7X3y4W2k6X3!0J5k6$3g2Q4x3X3g2F1k6i4c8Q4x3V1j5`.
JustinClarke's SQL Brute - ec0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6#2M7%4c8A6L8X3y4D9j5i4u0C8k6g2)9J5k6h3y4G2L8g2)9J5c8X3q4J5j5$3S2A6N6X3g2K6i4K6u0r3x3U0l9H3y4W2)9J5c8U0l9K6i4K6u0r3M7%4q4D9j5Y4u0#2N6r3g2Q4x3X3g2Z5N6r3#2D9
BobCat - cd7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6G2M7Y4c8Z5k6i4u0F1i4K6u0V1L8h3!0F1K9$3g2W2i4K6u0W2j5$3!0Q4x3X3g2#2K9#2)9J5c8Y4m8J5L8$3A6W2j5%4c8K6i4K6u0r3j5X3!0T1j5$3q4@1i4K6u0r3j5X3!0T1j5$3q4@1i4K6u0W2K9s2c8E0L8l9`.`.
sqlmap - ad5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4I4L8r3#2S2M7q4)9J5k6i4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3
Scully: SQL Server DB Front-End and Brute-Forcer - 826K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2L8Y4y4W2M7r3!0K6N6q4)9J5k6h3y4G2L8g2)9J5c8Y4u0W2M7$3g2S2M7X3y4Z5i4K6u0r3M7$3y4#2L8r3I4&6i4K6u0r3
FG-Injector - ccaK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3k6D9L8%4N6Y4j5i4c8W2i4K6u0W2L8X3g2@1i4K6u0r3i4K6y4r3L8r3q4F1k6#2)9K6c8r3g2F1i4K6t1$3M7$3g2U0j5$3W2G2L8W2)9K6c8r3S2W2M7Y4u0S2L8h3W2W2L8Y4c8S2M7H3`.`.
PRIAMOS - 6f9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8J5K9h3q4E0L8%4y4Q4x3X3c8H3M7X3!0B7k6h3y4@1i4K6u0W2j5$3!0E0i4K6u0r3

Web application security malware, backdoors, and evil code
W3AF: Web Application Attack and Audit Framework - 22fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4M7K6j5h3k6Q4x3X3g2K6L8%4g2J5j5$3g2X3L8%4u0Y4k6g2)9J5k6h3&6W2N6q4)9J5c8R3`.`.
Jikto - b71K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0#2M7$3W2F1x3%4y4K6i4K6u0W2L8X3q4E0k6g2)9J5c8X3A6A6K9%4c8G2i4K6u0V1K9h3&6Q4x3X3c8@1K9r3g2Q4x3X3c8%4K9h3I4V1i4K6u0r3
XSS Shell - 9e6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6W2M7Y4u0#2K9q4)9J5k6h3#2S2N6X3W2@1N6h3&6S2i4K6u0W2j5$3!0E0i4K6u0r3j5i4u0@1K9h3y4D9k6g2)9J5c8W2)9K6c8U0p5K6x3K6R3`.
XSS-Proxy - b71K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4S2K6M7#2)9J5k6s2m8J5L8%4S2&6i4K6u0W2M7$3!0#2M7X3y4W2k6X3!0J5k6$3g2Q4x3X3g2F1k6i4b7`.
AttackAPI - e6fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6F1N6h3y4A6N6r3W2*7k6h3&6Q4x3X3g2G2M7X3N6Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8X3q4@1N6r3q4U0K9$3q4H3K9g2)9J5c8R3`.`.
FFsniFF - ebdK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3q4*7N6i4u0A6N6q4)9J5k6h3g2D9j5X3W2S2K9r3!0K6N6r3W2F1k6#2)9J5k6i4y4C8i4K6u0r3k6X3k6K6L8X3W2X3k6W2)9J5c8R3`.`.
HoneyBlog's web-based junkyard - 515K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2G2L8X3g2&6j5X3I4G2k6#2)9J5k6h3!0J5k6#2)9J5c8X3A6#2L8X3E0&6j5i4u0V1i4K6u0r3N6$3g2T1i4K6u0V1j5X3q4K6k6h3c8Q4x3V1j5`.
BeEF - 5fcK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3u0A6L8X3c8K6K9r3g2D9L8q4)9J5k6h3&6W2N6q4)9J5c8Y4c8G2L8$3I4K6i4K6u0r3j5X3g2W2k6W2)9J5c8R3`.`.
Firefox Extension Scanner (FEX) - fe5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6F1N6h3y4A6N6r3W2*7k6h3&6Q4x3X3g2G2M7X3N6Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8X3k6W2P5q4)9J5c8R3`.`.
What is my IP address? - 502K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0W2k6$3I4G2M7#2)9J5k6h3c8W2i4K6u0r3L8i4W2S2k6r3c8J5k6i4y4K6i4K6u0r3
xRumer: blogspam automation tool - 267K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3u0G2N6r3#2S2M7%4c8W2M7W2)9J5k6h3&6W2N6q4)9J5c8X3#2G2N6X3W2W2M7#2)9J5c8W2S2r3N6h3I4D9i4K6u0W2K9s2c8E0
SpyJax - 362K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2W2M7X3y4Z5j5h3&6@1L8%4y4Q4x3X3g2U0L8$3#2Q4x3V1k6E0j5h3E0W2j5X3g2@1j5g2)9J5c8Y4c8G2L8$3I4K6i4K6u0r3M7%4m8&6K9X3q4^5i4K6u0r3
Greasecarnaval - 1d3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6F1N6h3y4A6N6r3W2*7k6h3&6Q4x3X3g2G2M7X3N6Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8X3N6J5k6h3q4K6k6h3y4S2M7X3&6S2N6X3q4D9
Technika - f9fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6F1N6h3y4A6N6r3W2*7k6h3&6Q4x3X3g2G2M7X3N6Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8Y4c8W2j5$3S2F1K9h3E0S2i4K6u0r3
Load-AttackAPI bookmarklet - e55K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6F1N6h3y4A6N6r3W2*7k6h3&6Q4x3X3g2G2M7X3N6Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8X3I4G2j5h3c8Q4x3X3c8S2N6s2c8S2j5$3E0S2M7r3W2Q4x3X3c8T1L8$3!0C8L8h3q4J5K9$3I4W2N6l9`.`.
MD's Projects: JS port scanner, pinger, backdoors, etc - 51cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2A6j5$3S2S2k6h3I4V1j5i4N6Q4x3X3g2G2M7X3N6Q4x3V1k6E0P5g2)9J5k6s2m8J5L8$3A6W2j5%4c8K6i4K6u0r3

Web application services that aid in web application security assessment
Netcraft - e0eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6W2N6r3y4J5j5h3k6@1i4K6u0W2L8X3g2@1
AboutURL - 6edK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4T1L8%4g2@1N6i4u0D9i4K6u0W2j5$3!0E0i4K6u0r3
The Scrutinizer - 6b6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4U0M7Y4g2@1K9h3&6A6P5X3g2@1K9r3W2K6i4K6u0W2j5$3!0E0i4K6u0r3
net.toolkit - 1b6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4D9k6i4A6Q4x3X3g2F1k6i4c8Q4x3V1j5`.
ServerSniff - aedK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2M7Y4k6W2M7Y4y4F1K9h3k6X3i4K6u0W2L8X3g2@1i4K6u0r3
Online Microsoft script decoder - 28fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6J5k6i4W2E0j5h3N6A6j5#2)9J5k6h3y4G2L8g2)9J5c8Y4y4W2j5%4g2J5K9i4c8&6i4K6u0r3N6r3!0G2L8s2y4Q4x3V1k6V1k6h3y4G2k6r3g2J5i4K6u0r3
Webmaster-Toolkit - 1ddK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4N6W2j5X3#2S2M7%4c8W2M7W2)9J5k6s2c8G2L8$3I4C8K9i4c8Q4x3X3g2U0L8$3#2Q4x3V1j5`.
myIPNeighbbors, et al - fa2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8A6k6$3N6Q4x3X3g2U0L8$3#2Q4x3V1k6K6k6h3y4#2M7X3W2@1P5g2)9J5c8V1#2&6d9g2m8z5k6h3W2Y4K9r3u0G2M7Y4y4Q4y4h3k6r3K9h3&6V1i4K6g2X3e0%4g2@1i4K6g2X3g2$3S2G2i4K6g2X3c8h3I4K6k6g2)9#2k6X3W2K6i4K6g2X3d9r3!0K6N6r3g2V1i4K6g2X3L8$3&6Q4y4h3k6k6L8%4g2J5i4K6g2X3f1$3W2@1k6g2)9#2k6Y4y4Q4y4h3k6u0f1q4)9#2k6V1q4V1k6s2u0W2M7%4x3`.
PHP charset encoding - 063K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3R3@1K9#2)9J5k6h3W2F1i4K6u0r3k6h3&6U0L8$3c8A6L8X3M7`.
data: URL testcases - d32K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3R3@1K9#2)9J5k6h3W2F1i4K6u0r3k6r3q4@1j5i4g2J5L8l9`.`.

Browser-based security fuzzing / checking
Zalewski's MangleMe - 83dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3I4U0j5h3#2@1N6h3k6Q4x3X3g2U0L8%4u0W2k6s2g2E0M7q4)9J5k6h3y4^5i4K6u0r3L8h3q4F1k6$3I4W2L8h3g2Q4x3V1k6E0j5h3&6Y4L8r3g2Q4x3X3g2U0k6$3V1`.
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - 10fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2W2N6r3q4K6M7r3I4G2K9i4c8Q4x3X3g2U0L8$3#2Q4x3V1k6#2M7$3g2J5M7#2)9J5c8X3S2V1L8g2)9J5c8Y4c8G2L8$3I4K6i4K6u0r3
Peach Fuzzer Framework - e74K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8W2j5h3y4Z5k6Y4g2*7P5W2)9J5k6i4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3
TagBruteForcer - d67K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0W2M7$3g2S2M7X3y4Z5i4K6u0W2k6h3g2&6k6g2)9J5k6h3y4G2L8g2)9J5c8X3S2@1L8h3I4Q4x3V1k6@1L8$3!0D9M7#2)9J5c8W2u0f1x3U0l9H3y4U0l9^5x3o6q4Q4x3X3b7K6i4K6u0W2K9s2c8E0L8l9`.`.
PROTOS Test-Suite: c05-http-reply - 42dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2W2i4K6u0W2L8%4g2D9N6g2)9J5k6h3k6A6i4K6u0r3M7X3g2K6k6h3q4J5j5$3S2Q4x3V1k6G2N6i4y4H3k6#2)9J5c8Y4m8J5L8%4c8G2M7#2)9J5c8Y4c8W2M7%4c8A6L8X3N6Q4x3V1k6U0x3o6g2Q4x3V1k6Z5N6s2c8H3i4K6u0V1M7X3g2H3L8s2W2Q4x3V1k6A6L8X3c8W2P5q4)9J5k6h3S2@1L8h3H3`.
COMRaider - 624K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3I4S2j5Y4y4Q4x3X3g2A6k6r3g2X3k6h3&6K6k6g2)9J5k6h3y4G2L8b7`.`.
bcheck - 7b3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0U0K9r3g2U0K9#2)9J5k6i4y4U0j5h3&6A6N6q4)9J5k6h3u0W2i4K6u0r3j5X3y4Z5k6h3y4C8i4K6u0r3
Stop-Phishing: Projects page - 653K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2F1k6r3W2S2L8X3q4Q4x3X3g2W2k6s2g2Q4x3V1k6Q4y4@1g2H3K9r3W2K6K9r3W2F1k6#2)9J5c8W2)9K6c8Y4m8J5L8$3A6W2j5%4c8K6
LinkScanner - d1dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3I4A6L8X3E0K6j5$3q4F1L8X3g2J5i4K6u0W2k6i4S2H3L8r3q4T1M7#2)9J5k6h3y4G2L8g2)9J5c8X3I4A6L8X3E0K6j5$3q4F1L8X3g2J5i4K6u0r3k6r3g2X3j5i4g2D9N6q4)9J5k6h3q4K6M7l9`.`.
BrowserCheck - d7bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2W2K9i4y4W2i4K6u0V1M7$3g2U0N6i4u0A6N6s2W2Q4x3X3g2U0L8#2)9J5k6i4g2C8i4K6u0r3M7$3g2J5N6X3W2U0k6i4y4Q4x3V1k6T1M7X3!0%4M7$3g2J5j5$3S2W2j5$3E0Q4x3V1j5`.
Cross-browser Exploit Tests - 301K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6#2L8X3N6K6L8$3&6F1M7%4c8#2k6r3W2G2M7#2)9J5k6h3y4G2L8g2)9J5c8X3y4G2L8$3I4Q4x3X3g2H3K9s2l9`.
Stealing information using DNS pinning demo - cf3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6#2L8i4m8W2M7Y4A6Q4x3X3g2F1k6i4c8Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8X3W2Q4x3@1b7J5i4K6t1$3j5g2)9K6c8o6q4Q4x3U0k6T1i4K6y4p5y4H3`.`.
Javascript Website Login Checker - 5ffK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2S2i4K6u0W2j5$3E0W2M7Y4y4Q4x3X3g2G2M7X3N6Q4x3V1k6%4k6h3W2J5k6q4)9J5c8X3A6S2N6X3q4K6j5%4u0A6M7s2c8Q4x3X3c8%4k6h3u0K6K9i4c8W2i4K6u0V1L8r3!0Y4K9h3&6Q4x3X3c8U0K9r3g2U0K9$3g2J5i4K6u0W2K9s2c8E0L8l9`.`.
Mozilla Activex - e83K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2G2L8q4)9J5k6h3W2W2i4K6u0r3i4K6N6q4L8r3!0U0K9$3q4Q4x3V1k6E0L8%4A6A6L8r3I4S2i4K6u0r3L8h3!0*7K9h3I4D9j5g2)9J5k6h3S2@1L8b7`.`.
Jungsonn's Black Dragon Project - 800K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9j5h3y4C8k6s2u0S2k6$3!0F1i4K6u0W2K9Y4g2F1k6%4y4G2L8X3&6K6N6s2g2V1K9h3!0K6i4K6u0W2j5$3!0E0i4K6u0r3
Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - cf2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2S2i4K6u0W2j5$3E0W2M7Y4y4Q4x3X3g2G2M7X3N6Q4x3V1k6E0M7W2)9J5k6s2c8Q4x3V1j5`.
Vulnerable Adobe Plugin Detection For UXSS PoC - 21fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0m8^5x3o6l9H3x3o6l9H3i4K6u0W2j5$3!0E0i4K6u0r3i4K6y4r3K9g2)9K6c8o6x3J5y4l9`.`.
About Flash: is your flash up-to-date? - e57K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2S2j5%4u0G2L8h3g2V1K9h3q4Q4x3X3g2U0L8$3#2Q4x3V1k6K6L8$3k6@1N6$3q4J5k6g2)9J5c8X3k6D9j5i4y4Z5i4K6u0r3j5h3u0G2N6i4c8Q4x3V1j5`.
Test your installation of Java software - 864K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3A6S2N6X3q4Q4x3X3g2U0L8$3#2Q4x3V1k6W2L8W2)9J5c8X3c8G2N6$3&6D9L8$3q4V1i4K6u0r3K9h3&6K6N6r3q4D9L8r3g2V1i4K6u0W2K9Y4y4H3i4K6y4r3k6r3g2@1k6h3y4@1i4K6y4p5K9Y4u0W2i4K6t1$3N6s2u0&6i4K6y4p5x3b7`.`.
WebPageFingerprint - Light-weight Greasemonkey Fuzzer - 2ddK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4g2K6k6i4u0K6j5%4u0A6M7s2c8K6i4K6u0W2L8%4u0Y4i4K6u0r3M7$3y4J5K9i4m8@1M7#2)9J5c8Y4y4Z5L8%4N6Q4x3V1j5K6x3o6t1^5y4b7`.`.

PHP static analysis and file inclusion scanning
PHP-SAT.org: Static analysis for PHP - a18K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8J5L8$3N6J5j5h3#2Q4x3X3c8@1M7X3q4F1M7$3k6G2M7X3#2S2N6r3W2G2L8W2)9J5k6h3!0J5k6#2)9J5c8W2m8t1f1q4)9J5c8R3`.`.
Unl0ck Research Team: tool for searching in google for include bugs - 721K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4g2F1L8o6m8U0K9#2)9J5k6h3&6W2N6q4)9J5c8Y4c8G2L8$3I4K6i4K6u0W2M7r3S2H3
FIS: File Inclusion Scanner - 1f8K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2k6$3k6S2N6h3I4@1i4K6u0W2k6%4u0Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8X3y4S2N6q4)9#2k6X3W2V1i4K6y4p5x3#2)9J5y4X3y4G2L8Y4c8Q4y4h3k6A6k6q4)9K6c8o6t1#2
PHPSecAudit - beaK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8W2N6X3g2D9L8%4m8W2M7W2)9J5k6i4y4H3K9h3E0W2M7$3!0#2M7X3y4W2i4K6u0W2j5$3!0E0i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6H3K9s2m8K6k6h3y4S2N6h3c8A6N6l9`.`.

PHP Defensive Tools
PHPInfoSec - Check phpinfo configuration for security - e7aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8Z5M7s2y4W2j5#2)9J5k6h3!0J5k6#2)9J5c8Y4m8J5L8$3A6W2j5%4c8K6i4K6u0r3M7r3S2H3M7$3g2U0K9h3&6X3L8#2)9J5c8R3`.`.

A Greasemonkey Replacement can be found at 893K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4W2W2K9r3N6Q4x3X3g2F1k6i4c8Q4x3V1k6D9j5h3u0Q4x3V1k6Q4x3U0y4@1L8$3!0D9M7#2)9J5k6h3N6J5k6h3q4K6k6h3#2G2L8X3E0W2P5b7`.`.
Php-Brute-Force-Attack Detector - Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. fa5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4W2W2K9r3N6Q4x3X3g2F1k6i4c8Q4x3V1k6D9j5h3u0Q4x3V1k6H3M7U0m8B7M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0W2M7r3S2H3i4K6u0r3M7r3S2H3i4K6g2X3j5Y4u0#2N6r3g2Q4y4h3k6X3L8%4u0U0k6g2)9#2k6X3c8W2N6r3g2U0N6q4)9J5k6i4A6A6M7l9`.`.
PHP-Login-Info-Checker - Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlic

590K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4W2W2K9r3N6Q4x3X3g2F1k6i4c8Q4x3V1k6D9j5h3u0Q4x3V1k6H3M7U0m8B7M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0W2M7r3S2H3i4K6u0r3L8r3!0Y4K9h3&6X3L8#2)9#2k6X3y4Z5k6h3y4C8k6i4u0$3x3q4)9J5k6e0q4Q4x3X3g2*7K9i4l9`.

babK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4W2W2K9r3N6Q4x3X3g2F1k6i4c8Q4x3V1k6D9j5h3u0Q4x3V1k6H3M7U0m8B7M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0W2M7r3S2H3i4K6u0r3M7r3S2H3L8r3!0Y4K9h3&6X3L8#2)9#2k6X3y4Z5k6h3y4C8k6i4u0Q4y4h3k6V1k6h3#2G2i4K6u0W2P5X3W2H3
php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. e46K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4G2k6r3g2Q4x3X3g2Y4L8$3!0Y4L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6H3i4K6u0r3k6r3c8G2M7#2)9J5k6s2y4Z5K9h3g2D9k6q4)9J5c8R3`.`.
PHPMySpamFIGHTER - 31bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4W2W2K9r3N6Q4x3X3g2F1k6i4c8Q4x3V1k6D9j5h3u0Q4x3V1k6H3M7U0m8B7M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0W2M7r3S2H3i4K6u0r3M7r3S2H3L8i4W2K6M7r3q4E0k6X3W2Y4K9s2c8W2M7W2)9J5k6i4A6A6M7l9`.`. bdeK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4W2W2K9r3N6Q4x3X3g2F1k6i4c8Q4x3V1k6D9j5h3u0Q4x3V1k6H3M7U0m8B7M7#2)9J5c8X3k6A6L8r3g2K6i4K6u0W2M7r3S2H3i4K6u0r3M7r3S2H3e0i4W2e0M7r3q4E0c8X3W2Y4K9s2c8W2M7W2)9#2k6X3c8W2L8h3!0Q4x3X3g2J5j5i4t1`.

Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources
APIDS on Wikipedia - 37aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3g2F1i4K6u0W2N6$3W2C8K9i4m8W2k6r3W2S2i4K6u0W2L8%4u0Y4i4K6u0r3N6$3W2C8K9g2)9J5c8V1q4b7d9f1c8e0
PHP Intrusion Detection System (PHP-IDS) - 2e6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8Z5M7q4)9J5k6r3W2V1M7#2)9J5k6h3!0J5k6#2)9J5c8R3`.`. 99bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4G2k6r3g2Q4x3X3g2Y4L8$3!0Y4L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6H3i4K6u0r3M7r3S2H3K9h3c8K6i4K6u0r3
dotnetids - 513K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4G2k6r3g2Q4x3X3g2Y4L8$3!0Y4L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6H3i4K6u0r3k6r3!0@1L8X3g2@1K9h3c8K6i4K6u0r3
Secure Science InterScout - edfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2j5%4g2J5k6i4y4U0K9h3g2F1j5$3g2Q4x3X3g2U0L8$3#2Q4x3V1k6Z5L8$3#2W2i4K6u0r3L8X3g2%4M7$3q4F1k6r3g2$3k6h3&6@1M7#2)9J5c8X3&6W2N6%4y4Q4x3V1k6A6L8Y4c8W2M7Y4y4U0L8%4g2@1x3g2)9J5k6e0m8Q4x3X3g2Z5N6r3#2D9
Remo: whitelist rule editor for mod_security - 76dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0W2L8h3!0Q4x3X3g2F1k6i4c8F1k6h3q4Q4x3X3g2U0L8$3#2Q4x3V1j5`.
GotRoot: ModSecuirty rules - 95cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6G2N6s2u0G2L8%4c8Q4x3X3g2U0L8$3#2Q4x3V1k6@1K9h3E0A6i4K6u0V1K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6H3j5h3N6W2i4K6y4p5L8h3!0V1i4K6g2X3M7$3g2U0N6i4u0A6N6s2W2Q4x3V1u0J5N6h3I4W2M7H3`.`.
The Web Security Gateway (WSGW) - 8a1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6K6k6%4N6Q4x3X3g2K6L8%4g2J5j5$3g2X3L8%4u0Y4k6g2)9J5k6h3&6W2N6q4)9J5c8R3`.`.
mod_security rules generator - bd0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3&6G2k6h3I4B7j5h3y4C8M7$3!0F1i4K6u0W2j5$3!0E0i4K6u0r3N6r3!0G2L8s2y4Q4x3V1k6E0L8$3c8K6k6h3y4#2M7X3W2@1P5g2)9J5c8R3`.`.
Mod_Anti_Tamper - 458K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4N6A6M7$3g2U0i4K6u0W2K9i4c8Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5k6i4m8Z5M7q4)9K6c8X3W2V1i4K6y4p5x3H3`.`.
[TGZ] Automatic Rules Generation for Mod_Security - 75eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4N6A6M7$3g2U0i4K6u0W2K9i4c8Q4x3V1k6J5k6s2u0Q4x3X3g2H3K9s2m8Q4x3@1k6X3L8W2)9K6c8q4)9J5c8W2m8J5L8$3A6W2j5%4c8K6i4K6u0r3f1Y4g2D9k6g2)9J5k6r3!0Q4x3X3c8E0j5i4c8A6j5#2)9J5k6i4c8Y4P5R3`.`.
AQTRONIX WebKnight - f60K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4I4N6s2u0G2L8X3W2^5i4K6u0W2j5$3!0E0i4K6u0r3i4K6y4r3f1r3q4Y4k6f1W2p5i4K6y4p5z5e0V1`.
Akismet: blog spam defense - dc1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3q4C8K9i4y4E0k6i4c8Q4x3X3g2U0L8$3#2Q4x3V1j5`.
Samoa: Formal tools for securing web services - 375K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0W2M7$3g2S2M7X3y4Z5i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6K6j5h3#2G2j5g2)9J5c8R3`.`.

Web services enumeration / scanning / fuzzing
WebServiceStudio2.0 - c56K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4G2k6r3g2H3L8r3g2^5i4K6u0W2j5$3!0E0i4K6u0r3g2$3g2T1M7$3g2J5N6X3W2U0k6g2y4@1N6h3c8A6L8H3`.`.
Net-square: wsChess - a47K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3&6W2N6q4)9J5k6s2y4I4N6h3q4J5k6g2)9J5k6h3y4G2L8g2)9J5c8Y4N6K6j5$3S2W2M7%4y4Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4y4Z5N6r3#2D9
WSFuzzer - ba9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6o6j5i4c8W2k6$3!0J5P5g2)9K6b7f1!0i4b7g2y4b7i4K6g2X3g2#2y4r3N6i4A6*7k6i4u0Q4y4h3k6b7M7X3!0B7k6h3y4@1
SIFT: web method search tool - 6f3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4A6k6Y4c8Q4x3X3g2U0L8$3#2Q4x3X3g2S2N6g2)9J5c8U0M7K6i4K6u0r3x3e0M7I4i4K6u0r3M7$3W2X3N6q4)9J5k6s2N6W2j5W2)9J5k6r3#2W2N6r3S2G2k6q4)9J5k6s2y4W2j5i4u0U0K9q4)9J5k6s2c8G2L8$3I4Q4x3X3g2Z5N6r3@1`.
iSecPartners: WSMap, WSBang, etc - c05K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2K6k6h3y4H3j5i4u0@1L8X3g2J5M7#2)9J5k6h3y4G2L8g2)9J5c8Y4c8G2L8$3I4K6i4K6u0W2K9s2c8E0L8l9`.`.

Web application non-specific static source-code analysis
Pixy: a static analysis tool for detecting XSS vulnerabilities - 2c1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2j5$3I4S2j5W2)9J5k6i4c8#2N6$3W2W2L8W2)9J5k6h3q4U0i4K6u0W2j5i4c8Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8Y4m8A6P5s2W2Q4x3V1j5`.
Brixoft.Net: Source Edit - 49aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3u0J5K9i4S2G2k6Y4c8Q4x3X3g2F1k6i4c8Q4x3V1k6H3M7X3!0V1K9h3&6X3L8#2)9J5k6h3q4K6M7q4)9K6c8X3W2V1i4K6y4p5x3b7`.`.
Security compass web application auditing tools (SWAAT) - 065K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6o6j5i4c8W2k6$3!0J5P5g2)9K6b7f1!0i4b7g2y4b7i4K6g2X3f1#2N6m8b7g2c8Q4y4h3k6b7M7X3!0B7k6h3y4@1
An even more complete list here - 9a5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4K6i4K6u0W2j5$3#2#2i4K6u0W2k6h3c8#2i4K6u0r3i4K6N6q4j5h3I4V1M7X3W2U0K9q4)9J5c8X3y4G2N6i4u0K6k6i4y4Q4x3V1j5$3y4e0c8Q4x3V1k6@1L8$3!0D9M7#2)9J5c8R3`.`.
A nice list that claims some demos available - 4bfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4K6i4K6u0W2j5$3#2#2i4K6u0W2k6h3c8#2i4K6u0r3i4K6N6q4j5h3I4V1M7X3W2U0K9q4)9J5c8X3y4G2N6i4u0K6k6i4y4Q4x3V1j5@1x3e0y4Q4x3V1k6@1L8$3!0D9M7#2)9J5k6h3S2@1L8h3H3`.
A smaller, but also good list - c0cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4H3K9h3&6J5L8$3!0@1i4K6u0W2j5$3!0E0i4K6u0r3M7%4c8S2N6r3W2U0i4K6u0r3
Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. 0b9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4W2S2M7$3y4S2i4K6u0W2L8%4u0Y4i4K6u0r3

Static analysis for C/C++ (CGI, ISAPI, etc) in web applications
RATS - 5c6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2j5%4g2J5k6i4y4G2k6Y4c8%4j5i4u0W2i4K6u0W2j5$3!0E0i4K6u0r3M7X3g2K6L8%4g2J5j5$3g2K6i4K6u0r3k6r3!0%4L8X3I4G2j5h3c8Q4y4h3k6J5j5i4c8K6i4K6u0W2K9s2c8E0L8l9`.`.
ITS4 - 9b3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4A6k6$3W2@1j5h3I4Q4x3X3g2U0L8$3#2Q4x3V1k6A6N6s2x3@1i4K6u0r3
FlawFinder - 19aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8%4K9r3g2W2L8r3g2J5i4K6u0W2j5$3!0E0i4K6u0r3k6X3I4S2N6$3k6A6L8X3c8W2M7W2)9J5c8R3`.`.
Splint - 3d3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4H3L8r3W2F1N6q4)9J5k6h3!0J5k6#2)9J5c8R3`.`.
Uno - c47K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4H3K9h3&6J5L8$3!0@1i4K6u0W2j5$3!0E0i4K6u0r3N6h3&6G2i4K6u0r3
BOON (Buffer Overrun detectiON) - fdcK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4K6i4K6u0W2j5X3g2J5K9$3g2D9k6i4W2Q4x3X3g2W2k6s2g2Q4x3V1k6Q4y4@1g2V1j5i4N6Q4x3V1k6T1L8$3!0F1i4K6u0r3 47eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0G2L8$3&6Q4x3X3g2K6L8%4g2J5j5$3g2X3L8%4u0Y4k6g2)9J5k6h3&6W2N6l9`.`.
Valgrind - 349K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6S2L8r3N6J5K9h3&6V1i4K6u0W2L8%4u0Y4i4K6u0r3

Java static analysis, security frameworks, and web application security tools
LAPSE - 252K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4#2K9h3k6Q4x3X3g2K6N6r3q4F1k6X3!0J5k6q4)9J5k6h3g2V1N6g2)9J5c8W2)9%4c8h3I4A6N6Y4y4Z5K9i4c8K6i4K6u0r3N6$3!0J5K9#2)9J5c8X3I4S2M7s2y4W2i4K6u0r3
HDIV Struts - 6d0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2V1K9i4k6Q4x3X3g2G2M7X3N6Q4x3V1j5`.
Orizon - 4a9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6G2M7X3W2*7L8$3&6Q4x3V1j5`.
FindBugs: Find bugs in Java programs - 63bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6A6L8X3c8T1N6h3N6K6i4K6u0W2M7$3!0#2M7X3y4W2k6X3!0J5k6$3g2Q4x3X3g2F1k6i4c8Q4x3V1j5`.
PMD - a92K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8E0k6q4)9J5k6i4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3
CUTE: A Concolic Unit Testing Engine for C and Java - cbeK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3!0K6L8q4)9J5k6h3y4K6i4K6u0W2N6h3W2#2j5#2)9J5k6h3g2V1N6g2)9J5c8W2)9%4c8h3E0K6k6h3&6Q4x3V1k6U0N6i4c8W2i4K6u0r3
EMMA - 357K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3g2E0L8h3q4Q4x3X3g2K6L8%4g2J5j5$3g2X3L8%4u0Y4k6g2)9J5k6h3&6W2N6q4)9J5c8R3`.`.
JLint - 3dfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3A6D9K9h3&6@1i4K6u0W2M7$3!0#2M7X3y4W2k6X3!0J5k6$3g2Q4x3X3g2F1k6i4c8Q4x3V1j5`.
Java PathFinder - 89cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3A6S2N6X3q4H3j5i4c8Z5k6X3W2F1k6r3g2J5i4K6u0W2M7$3!0#2M7X3y4W2k6X3!0J5k6$3g2Q4x3X3g2F1k6i4c8Q4x3V1j5`.
Fujaba: Move between UML and Java source code - d02K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6$3y4K6i4K6u0W2N6h3&6A6i4K6u0V1M7r3q4V1k6i4u0T1L8%4u0F1i4K6u0W2k6r3g2Q4x3V1k6U0M7#2)9J5c8X3k6#2K9X3q4T1j5g2)9J5c8R3`.`.
Checkstyle - 1caK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4Z5k6h3y4C8M7%4c8&6L8r3g2Q4x3X3g2K6L8%4g2J5j5$3g2X3L8%4u0Y4k6g2)9J5k6h3&6W2N6q4)9J5c8R3`.`.
Cookie Revolver Security Framework - 2f7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6U0L8$3!0C8K9h3g2Q4x3X3c8J5k6i4k6G2L8s2k6W2M7R3`.`.
tinapoc - 5b4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6@1K9h3&6S2M7r3!0U0
jarsigner - 694K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3A6S2N6X3q4Q4x3X3g2K6N6h3&6Q4x3X3g2U0L8$3#2Q4x3V1k6B7x3Y4y4W2i4K6u0r3x3g2)9J5k6e0g2Q4x3X3f1H3i4K6u0r3k6r3!0U0M7#2)9J5c8Y4c8G2L8$3I4V1L8$3y4K6i4K6u0r3M7$3!0D9j5i4u0A6M7#2)9J5c8X3A6S2M7Y4y4A6k6$3&6W2M7W2)9J5k6h3S2@1L8h3H3`.
Solex - bebK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4G2L8r3g2^5i4K6u0W2M7$3!0#2M7X3y4W2k6X3!0J5k6$3g2Q4x3X3g2F1k6i4c8Q4x3V1j5`.
Java Explorer - 87fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2W2N6r3q4D9i4K6u0W2K9s2g2J5L8r3q4F1N6q4)9J5k6h3y4G2L8g2)9J5c8X3A6W2P5s2m8D9L8%4u0W2i4K6u0r3
HTTPClient - e35K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2F1L8X3!0$3j5i4c8A6L8$3&6Q4x3X3g2U0K9q4)9J5c8X3A6S2N6X3q4Q4x3V1k6t1g2q4c8b7b7$3I4A6k6h3&6@1i4K6u0r3
another HttpClient - 869K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3A6S2K9$3q4J5N6r3q4Q4x3X3g2S2M7r3q4U0K9r3g2Q4x3X3g2G2M7X3N6Q4x3V1k6U0L8$3#2E0L8$3&6K6i4K6u0r3K9s2c8@1M7r3y4D9K9h3g2F1N6q4)9J5c8R3`.`.
a list of code coverage and analysis tools for Java - 8d7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2&6N6r3S2A6L8X3E0H3L8$3&6V1i4K6u0W2j5X3I4G2k6%4y4H3L8%4c8Q4x3X3g2U0L8$3#2Q4x3V1j5J5x3o6l9%4i4K6u0r3x3o6k6Q4x3V1k6B7j5i4k6S2i4K6u0V1k6X3!0K6M7#2)9J5k6r3k6J5k6h3g2G2M7r3g2F1i4K6u0V1M7$3!0#2M7X3y4W2i4K6u0V1M7$3!0X3N6s2N6S2M7X3g2Q4x3X3g2Z5N6r3#2D9

Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET
Visual Studio 2008 Code Analysis, available in:
VSTS 2008 Development Edition (25eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2K6k6r3&6Q4x3X3g2E0K9h3y4J5L8%4y4G2k6Y4c8Q4x3X3g2U0L8$3#2Q4x3V1k6$3M7%4c8K6x3U0l9H3z5q4)9J5c8Y4m8J5L8$3c8#2j5%4c8K6i4K6u0r3j5X3t1&6x3K6x3%4y4e0u0Q4x3X3g2S2M7%4m8^5i4K6t1&6 and
VSTS 2008 Team Suite (1d6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2K6k6r3&6Q4x3X3g2E0K9h3y4J5L8%4y4G2k6Y4c8Q4x3X3g2U0L8$3#2Q4x3V1k6$3M7%4c8K6x3U0l9H3z5q4)9J5c8Y4m8J5L8$3c8#2j5%4c8K6i4K6u0r3j5X3t1&6x3K6x3%4x3K6g2Q4x3X3g2S2M7%4m8^5i4K6t1&6
Visual Studio 2005 Code Analyzer, available in:
Visual Studio 2005 Team Edition for Software Developers (327K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2K6k6r3&6Q4x3X3g2E0K9h3y4J5L8%4y4G2k6Y4c8Q4x3X3g2U0L8$3#2Q4x3V1k6W2L8W2)9J5k6s2g2K6i4K6u0r3N6Y4y4@1N6h3c8A6L8#2)9J5c8X3q4S2y4K6p5^5z5o6l9$3i4K6u0W2j5i4y4H3P5q4)9J5z5b7`.`.
Visual Studio 2005 Team Suite (91cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3#2K6k6r3&6Q4x3X3g2E0K9h3y4J5L8%4y4G2k6Y4c8Q4x3X3g2U0L8$3#2Q4x3V1k6W2L8W2)9J5k6s2g2K6i4K6u0r3N6Y4y4@1N6h3c8A6L8#2)9J5c8X3q4S2y4K6p5^5z5o6l9$3i4K6u0W2j5i4y4H3P5q4)9J5z5b7`.`.
Web Development Helper - 6c0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6A6K9$3S2A6L8r3E0Q4x3X3g2F1k6i4c8Q4x3V1k6b7M7X3!0B7k6h3y4@1i4K6u0W2g2$3g2T1c8r3g2$3d9r3g2D9M7r3g2J5i4K6u0W2j5i4y4H3P5l9`.`.
FxCop:
(blog) 6d7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6K6i4K6u0W2L8i4y4V1L8W2)9J5k6h3y4G2L8g2)9J5c8X3k6^5j5$3!0H3i4K6u0r3
(download) 7aaK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4G2k6r3g2Q4x3X3g2E0M7$3c8F1i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3j5$3!0V1k6h3q4F1j5h3I4&6M7$3W2K6
Microsoft internal tools you can't have yet:
8bcK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2A6j5%4u0G2M7$3!0X3N6q4)9J5k6h3y4G2L8g2)9J5c8Y4N6A6L8X3c8G2N6%4y4Q4x3V1k6U0M7$3g2Q4x3V1k6H3j5g2)9#2k6Y4m8J5L8$3A6W2j5%4c8K6i4K6u0W2L8i4y4H3P5l9`.`.
0ccK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0W2M7$3g2S2M7X3y4Z5i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3f1r3g2^5i4K6u0r3
241K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3#2S2k6$3g2K6i4K6u0r3y4g2)9J5c8U0g2T1i4K6u0r3e0#2N6m8f1#2m8Q4y4h3k6u0e0q4)9#2k6U0N6Q4y4h3k6r3N6i4A6*7c8%4g2J5N6g2)9J5k6i4m8V1k6R3`.`.

Threat modeling
Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - 039K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2A6j5%4u0G2M7$3!0X3N6q4)9J5k6h3y4G2L8g2)9J5c8X3c8G2N6$3&6D9L8$3q4V1M7#2)9J5c8X3c8W2N6r3q4A6L8s2y4Q4x3X3g2S2M7%4m8^5i4K6y4r3c8X3q4E0K9h3I4&6d9f1c8Q4x3@1b7#2z5e0R3^5z5o6l9%4z5q4)9J5k6o6W2V1j5h3k6Q4x3X3b7@1k6e0V1$3i4K6u0V1j5U0N6V1x3g2)9J5k6o6V1@1y4o6M7H3x3K6b7%4z5e0b7#2x3g2)9J5y4X3c8A6M7%4m8D9j5i4W2D9j5h3&6Y4i4K6y4p5k6h3^5`.
Amenaza: Attack Tree Modeling (SecurITree) - a65K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4E0k6h3&6S2P5X3q4Q4x3X3g2U0L8$3#2Q4x3V1k6K6L8$3k6@1N6$3q4J5k6g2)9J5k6i4m8Z5M7l9`.`.
Octotrike - 9b4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0U0N6r3!0@1M7X3W2C8k6g2)9J5k6h3!0J5k6#2)9J5c8R3`.`.

Add-ons for Firefox that help with general web application security
Web Developer Toolbar - 4c8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0j5H3i4K6u0r3
Plain Old Webserver (POW) - eedK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0x3H3x3o6u0Q4x3V1j5`.
XML Developer Toolbar - 22aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0t1^5z5e0N6Q4x3V1j5`.
Public Fox - 800K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0x3&6x3e0q4Q4x3V1j5`.
XForms Buddy - 46eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0W2j5i4g2X3L8%4g2J5i4K6u0W2k6r3E0Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8Y4y4W2j5#2)9K6c8r3#2A6M7$3y4Q4x3U0k6H3j5h3N6W2L8X3q4E0k6g2)9K6c8s2S2X3L8%4u0E0M7H3`.`.
MR Tech Local Install - fe6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2J5N6r3g2U0K9q4)9J5k6h3y4G2L8g2)9J5c8X3g2^5N6r3g2F1M7$3W2G2L8Y4y4Q4x3V1k6D9L8$3y4S2L8q4)9#2k6X3W2F1M7%4c8S2L8r3I4Q4x3V1j5`.
Nightly Tester Tools - ef8K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4g2K6k6i4u0K6i4K6u0W2j5X3I4#2k6i4m8J5K9h3&6@1K9i4c8Q4x3X3g2U0L8#2)9J5k6i4g2C8i4K6u0r3i4K6N6q4k6r3q4$3k6g2)9J5c8Y4N6W2j5W2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6T1N6h3W2D9k6r3W2V1i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2Z5N6r3#2D9
IE Tab - 026K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0p5@1x3e0W2Q4x3V1j5`.
User-Agent Switcher - fe0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0f1&6i4K6u0r3
ServerSwitcher - db2K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0t1@1x3o6W2Q4x3V1j5`.
HeaderMonitor - e95K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0f1%4y4g2)9J5c8R3`.`.
RefControl - 09aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0V1#2x3#2)9J5c8R3`.`.
refspoof - c78K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0j5$3y4#2)9J5c8R3`.`.
No-Referrer - ffcK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0p5&6z5e0W2Q4x3V1j5`.
LocationBar^2 - 313K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0b7H3x3e0c8Q4x3V1j5`.
SpiderZilla - a9dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4H3K9h3c8W2M7Y4A6A6L8r3I4S2i4K6u0W2L8h3!0*7k6r3g2$3i4K6u0W2L8%4u0Y4i4K6u0r3
Slogger - 328K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5@1x3H3`.`.
Fire Encrypter - d63K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0x3J5x3o6S2Q4x3V1j5`.

Add-ons for Firefox that help with Javascript and Ajax web application security
Selenium IDE - 332K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0H3k6h3&6I4j5g2)9J5k6h3!0J5k6#2)9J5c8Y4y4W2L8r3g2F1K9i4g2E0i4K6u0V1K9h3c8W2i4K6u0r3
Firebug - 200K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6G2k6h3S2W2N6$3W2@1N6q4)9J5k6h3y4G2L8g2)9J5c8Y4y4G2k6Y4c8%4j5i4u0W2i4K6u0r3k6X3W2J5k6h3u0#2k6#2)9J5c8R3`.`.
Venkman - 1c5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2G2P5X3W2D9L8r3q4Q4x3X3g2G2M7X3N6Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8Y4k6W2L8X3E0E0j5h3&6Q4x3V1j5`.
Chickenfoot - d95K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3N6J5L8%4g2H3M7#2)9J5k6h3y4K6j5h3W2D9i4K6u0W2L8h3W2@1i4K6u0W2k6h3c8#2i4K6u0r3N6h3W2V1i4K6u0r3j5$3S2A6j5$3E0W2L8X3k6G2L8%4c8Q4x3V1j5`.
Greasemonkey - 514K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3N6J5k6h3q4K6k6i4y4H3L8%4c8Q4x3X3g2F1k6i4c8Q4x3V1j5`.
Greasemonkey compiler - 515K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3I4W2N6r3W2@1j5X3I4G2k6#2)9J5k6h3y4G2L8g2)9J5c8X3N6J5k6h3q4K6k6h3#2G2L8X3E0W2P5g2)9J5k6r3y4G2L8i4m8A6L8r3g2J5i4K6u0r3
User script compiler - fcbK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3q4J5j5h3&6@1K9i4g2K6i4K6u0W2j5$3!0E0i4K6u0r3L8h3W2K6j5#2)9J5c8X3N6J5k6h3q4K6k6h3#2G2L8X3E0W2P5g2)9J5c8Y4y4U0M7X3W2H3N6q4)9J5k6r3y4G2L8i4m8A6L8r3g2J5
Extension Developer's Extension (Firefox Add-on) - b17K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8W2k6q4)9J5k6h3#2A6k6h3I4U0P5X3q4J5k6h3E0Q4x3X3g2G2M7X3N6Q4x3V1k6U0L8$3c8W2i4K6u0r3L8h3!0*7K9h3I4D9j5g2)9J5c8X3g2^5N6r3g2F1M7$3W2G2L8X3c8W2N6W2)9J5c8R3`.`.
Smart Middle Click (Firefox Add-on) - 80bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0x3^5z5o6g2Q4x3V1j5`.

Bookmarklets that aid in web application security
RSnake's security bookmarklets - 381K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2S2i4K6u0W2j5$3E0W2M7Y4y4Q4x3X3g2G2M7X3N6Q4x3V1k6T1L8$3!0C8L8h3q4J5K9$3I4W2N6s2y4Q4x3X3g2Z5N6r3#2D9
BMlets - a9cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3!0H3N6r3!0G2L8s2y4Q4x3X3g2S2N6$3q4J5k6s2y4H3j5h3y4W2i4K6u0W2j5$3!0E0i4K6u0r3j5X3#2D9k6i4c8Q4x3X3g2Z5N6r3#2D9
Huge list of bookmarklets - 298K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4I4N6h3q4J5k6h3k6J5k6h3g2Q4x3X3g2U0L8$3#2Q4x3V1k6T1L8$3!0C8L8h3q4J5K9$3I4W2N6s2y4Q4x3V1j5`.
Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - 1beK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3u0D9N6h3#2E0P5g2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
Bookmarklets every blogger should have - ba8K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2A6j5%4u0G2M7r3g2J5M7%4g2S2M7$3W2G2L8W2)9J5k6h3y4G2L8g2)9J5c8U0t1H3x3o6g2Q4x3V1j5I4x3q4)9J5c8X3u0G2L8$3E0E0j5i4u0C8L8r3g2@1M7#2)9#2k6X3g2$3i4K6u0W2K9s2c8E0L8l9`.`.
Flat Bookmark Editing (Firefox Add-on) - d74K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3^5H3x3i4y4W2i4K6u0W2L8X3g2@1i4K6u0r3j5$3S2G2N6i4y4W2M7W2)9J5c8Y4m8J5L8$3A6Q4x3V1k6E0L8%4A6Z5j5h3y4C8i4K6u0r3
OpenBook and Update Bookmark (Firefox Add-ons) - a3fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4Z5N6h3!0F1N6r3S2A6M7#2)9J5k6h3y4G2L8g2)9J5c8X3g2^5N6r3g2F1M7$3W2G2L8Y4y4Q4x3V1j5`.

SSL certificate checking / scanning
[ZIP] THCSSLCheck - 081K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8Z5j5#2)9J5k6h3!0J5k6#2)9J5c8Y4u0G2L8%4c8Q4x3V1k6@1L8$3!0D9M7#2)9J5c8W2c8t1b7#2y4e0e0p5y4Z5k6h3y4C8i4K6u0W2P5X3W2H3
[ZIP] Foundstone SSLDigger - 1b9K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3k6G2N6h3&6V1M7%4c8G2L8X3g2Q4x3X3g2U0L8$3#2Q4x3V1k6#2M7#2)9J5c8Y4u0W2M7$3!0#2M7X3y4W2M7#2)9J5c8Y4c8W2M7X3#2K6L8$3k6#2M7$3g2Q4x3X3g2S2M7%4m8Q4x3@1k6X3K9h3I4W2i4K6y4p5M7%4y4D9k6r3W2Y4k6$3g2J5i4K6u0W2P5X3W2H3
Cert Viewer Plus (Firefox Add-on) - a94K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0p5&6y4U0c8Q4x3V1j5`.

Honeyclients, Web Application, and Web Proxy honeypots
Honeyclient Project: an open-source honeyclient - 108K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2G2L8X3g2&6j5$3I4A6k6h3&6@1i4K6u0W2L8%4u0Y4i4K6u0r3N6s2u0S2j5#2)9J5c8R3`.`.
HoneyC: the low-interaction honeyclient - 655K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2G2L8X3g2&6j5#2)9J5k6i4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3
Capture: a high-interaction honeyclient - a1cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3y4S2M7s2c8#2M7X3g2Q4x3X3c8Z5M7r3y4Q4x3X3g2K6L8%4g2J5j5$3g2X3L8%4u0Y4k6g2)9J5k6h3&6W2N6q4)9J5c8R3`.`.
Google Hack Honeypot - a38K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3N6Z5K9q4)9J5k6i4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3
PHP.Hop - PHP Honeynet Project - 389K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4u0K6N6r3q4U0K9#2)9J5k6h3!0J5k6#2)9J5c8Y4m8Z5M7r3S2G2M7q4)9J5c8R3`.`.
SpyBye - 98dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2G2L8X3E0W2P5g2)9J5k6h3!0J5k6#2)9J5c8W2)9%4c8i4m8J5L8%4k6G2M7#2)9J5c8Y4y4H3P5h3u0&6k6g2)9J5c8R3`.`.
Honeytokens - a98K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2j5%4g2J5K9i4c8&6k6X3!0U0N6i4y4Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8X3k6G2j5%4g2K6i4K6u0r3x3e0M7I4x3H3`.`.

Blackhat SEO and maybe some whitehat SEO
SearchStatus (Firefox Add-on) - eafK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4q4#2K9i4u0C8i4K6u0W2j5X3W2*7i4K6u0r3M7$3g2S2M7X3y4Z5M7%4c8S2N6s2g2K6i4K6u0r3
SEO for Firefox (Firefox Add-on) - 4cfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4c8G2L8$3I4K6i4K6u0W2M7$3g2G2j5X3!0G2K9#2)9J5k6h3y4G2L8g2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6K6k6h3!0Q4x3X3c8X3L8%4u0Q4x3X3c8X3K9i4u0W2k6X3!0^5i4K6u0W2K9s2c8E0L8l9`.`.
SEOQuake (Firefox Add-on) - 476K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2L8%4q4#2j5h3E0W2i4K6u0W2j5$3!0E0i4K6u0r3

Footprinting for web application security
Evolution - 373K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8S2N6r3g2J5N6X3q4Q4x3X3g2U0L8$3#2Q4x3V1k6W2N6X3!0D9N6i4c8A6L8$3&6Q4x3X3c8W2i4K6u0W2K9s2c8E0L8l9`.`.
GooSweep - 9d0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2U0k6%4u0W2N6%4y4W2j5%4g2J5K9i4c8&6i4K6u0W2j5$3!0E0i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6Y4L8$3!0K6N6$3g2W2M7q4)9J5c8R3`.`.
Aura: Google API Utility Tools - a1dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2L8Y4y4W2M7r3!0K6N6q4)9J5k6h3y4G2L8g2)9J5c8Y4u0W2M7$3g2S2M7X3y4Z5i4K6u0r3j5i4g2J5j5g2)9J5c8R3`.`.
Edge-Security tools - 2e0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2V1k6$3g2Q4x3X3c8K6k6h3y4#2M7X3W2@1P5g2)9J5k6h3y4G2L8g2)9J5c8Y4y4G2k6Y4c8Q4x3X3g2H3K9s2l9`.
Fierce Domain Scanner - 07cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2S2i4K6u0W2j5$3E0W2M7Y4y4Q4x3X3g2G2M7X3N6Q4x3V1k6X3K9h3g2J5j5$3g2Q4x3V1j5`.
Googlegath - b0aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6G2N6r3S2A6L8X3E0Q4x3X3g2G2M7X3N6Q4x3V1k6H3k6i4u0D9i4K6u0r3k6$3!0G2k6$3I4W2k6$3q4@1K9q4)9J5c8R3`.`.
Advanced Dork (Firefox Add-on) - de4K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0t1I4y4o6c8Q4x3V1j5`.
Passive Cache (Firefox Add-on) - 4a8K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0V1%4y4#2)9J5c8R3`.`.
CacheOut! (Firefox Add-on) - 83aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5@1y4e0y4Q4x3V1j5`.
BugMeNot Extension (Firefox Add-on) - b62K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4u0G2j5h3y4Z5k6X3W2W2L8X3c8Q4x3X3g2U0L8$3#2Q4x3V1k6S2M7X3y4Z5K9i4k6W2M7#2)9J5c8U0t1H3x3o6g2Q4x3V1j5H3x3W2)9J5c8U0l9%4i4K6u0r3j5Y4g2Y4L8h3g2F1L8%4c8Q4x3V1j5`.
TrashMail.net Extension (Firefox Add-on) - e56K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5^5x3e0y4Q4x3V1j5`.
DiggiDig (Firefox Add-on) - 430K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0t1^5x3e0W2Q4x3V1j5`.
Digger (Firefox Add-on) - 8d0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5@1y4U0N6Q4x3V1j5`.

Database security assessment
Scuba by Imperva Database Vulnerability Scanner - 6feK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2E0M7r3g2J5N6X3q4Q4x3X3g2U0L8$3#2Q4x3V1k6K6j5%4g2T1j5g2)9J5c8R3`.`.

Browser Defenses
DieHard - fd0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3c8A6k6h3S2S2M7X3c8Q4x3X3c8K6L8$3k6@1N6$3q4J5k6g2)9J5k6h3!0J5k6#2)9J5c8R3`.`.
LocalRodeo (Firefox Add-on) - 1d4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8S2N6r3q4T1j5i4y4W2L8h3g2F1N6q4)9J5k6h3&6W2N6q4)9J5c8X3I4S2j5Y4y4Q4x3V1k6D9L8$3y4S2L8s2u0G2k6r3g2G2i4K6u0r3
NoMoXSS - 4a3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2j5$3I4S2j5W2)9J5k6i4c8#2N6$3W2W2L8W2)9J5k6h3q4U0i4K6u0W2j5i4c8Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8X3A6K6N6r3q4A6L8Y4c8Q4x3V1j5`.
Request Rodeo - 32cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4S2N6X3q4F1L8X3q4Z5i4K6u0W2L8X3!0F1k6$3&6#2i4K6u0W2L8%4u0Y4i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6J5k6i4q4#2k6i4y4@1M7X3!0V1k6h3)9`.
FlashBlock (Firefox Add-on) - e6cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6D9j5i4y4Z5j5X3I4G2j5$3E0Q4x3X3g2E0L8%4A6V1k6i4k6Q4x3X3g2G2M7X3N6Q4x3V1j5`.
CookieSafe (Firefox Add-on) - 970K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0t1@1z5e0M7`.
NoScript (Firefox Add-on) - 602K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3&6G2M7$3y4J5K9i4m8@1i4K6u0W2L8X3g2@1i4K6u0r3
FormFox (Firefox Add-on) - d93K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5#2y4K6W2Q4x3V1j5`.
Adblock (Firefox Add-on) - ab6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3q4V1j5X3I4G2j5$3E0Q4x3X3g2E0L8%4A6V1k6i4k6Q4x3X3g2G2M7X3N6Q4x3V1j5`.
httpOnly in Firefox (Firefox Add-on) - 410K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2H3K9s2m8Q4x3X3c8K6k6h3y4#2M7X3W2@1P5g2)9J5k6h3!0J5k6#2)9J5c8X3q4J5j5$3S2A6N6X3g2K6i4K6u0r3y4o6m8Q4x3X3c8Z5N6s2c8H3e0$3&6D9P5g2)9J5k6p5y4G2L8$3E0A6k6i4y4Q4x3X3c8A6L8W2)9J5k6p5k6A6M7X3g2X3L8%4S2Q4x3X3b7J5i4K6u0W2x3q4)9J5k6h3S2@1L8h3H3`.
SafeCache (Firefox Add-on) - 850K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4S2k6X3g2U0j5h3y4Z5k6g2)9J5k6h3y4G2L8g2)9J5c8R3`.`.
SafeHistory (Firefox Add-on) - 48bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4S2k6X3g2Z5K9i4y4@1L8%4u0&6i4K6u0W2j5$3!0E0i4K6u0r3
PrefBar (Firefox Add-on) - ff2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8J5k6h3k6T1j5i4u0Q4x3X3g2E0L8%4A6V1k6i4k6Q4x3X3g2G2M7X3N6Q4x3V1j5`.
All-in-One Sidebar (Firefox Add-on) - 37dK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0p5H3x3U0N6Q4x3V1j5`.
QArchive.org web file checker (Firefox Add-on) - b85K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0b7I4x3e0g2Q4x3V1j5`.
Update Notified (Firefox Add-on) - 852K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6h3&6Q4x3X3c8g2f1#2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4x3V1k6S2k6r3c8G2L8W2)9J5c8U0t1H3z5e0S2Q4x3V1j5`.
FireKeeper - df4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6A6M7X3g2C8k6h3g2H3k6i4u0Q4x3X3g2E0L8%4A6V1k6i4k6Q4x3X3g2G2M7X3N6Q4x3V1j5`.
Greasemonkey: XSS Malware Script Detector - 350K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4W2W2K9r3N6Q4x3X3g2F1k6i4c8Q4x3V1k6D9j5h3u0Q4x3V1k6Q4x3U0y4@1L8$3!0D9M7#2)9J5k6h3N6J5k6h3q4K6k6h3#2G2L8X3E0W2P5b7`.`.

Browser Privacy
TrackMeNot (Firefox Add-on) - ea3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6S2k6r3c8G2L8Y4y4Q4x3X3g2E0L8%4A6A6L8r3I4S2i4K6u0W2L8%4u0Y4i4K6u0r3k6X3W2J5k6h3k6G2P5q4)9J5c8U0x3I4y4K6y4Q4x3V1j5`.
Privacy Bird - f1fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8J5K9i4k6S2j5%4W2T1K9i4u0V1i4K6u0W2j5$3!0E0i4K6u0r3

Application and protocol fuzzing (random instead of targeted)
Sulley - 080K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3k6#2P5Y4A6A6L8X3N6Q4x3X3g2G2M7X3N6Q4x3V1j5`.
taof: The Art of Fuzzing - e0cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3M7s2u0G2K9X3g2U0N6s2y4Q4x3V1k6@1j5h3!0X3i4K6u0r3
zzuf: multipurpose fuzzer - 930K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4S2L8g2)9J5k6i4A6G2P5g2)9J5k6h3!0J5k6#2)9J5c8Y4A6*7N6h3k6Q4x3V1j5`.
autodafé: an act of software torture - d02K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3q4#2N6r3!0V1j5h3k6W2i4K6u0W2M7$3!0#2M7X3y4W2k6X3!0J5k6$3g2Q4x3X3g2F1k6i4c8Q4x3V1j5`.
EFS and GPF: Evolutionary Fuzzing System - 919K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4H3M7r3I4A6k6h3c8K6k6h3y4Q4x3X3g2U0L8$3#2Q4x3V1k6J5k6i4y4G2N6i4u0U0k6i4y4Q4x3X3g2Z5N6r3#2D9

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (23)
shichangll
雪    币: 167
活跃值: (136)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
再鬼仔博客看到过 很不错
2010-4-13 16:55
0
ggggg
雪    币: 1885
活跃值: (1258)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
哇~~真丰富,不错~~
2010-4-13 17:30
0
ashell
雪    币: 0
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
好强大的工具啊!
2010-4-13 19:04
0
panzhen
雪    币: 218
活跃值: (56)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
恩 看得眼花缭乱
2010-4-14 10:15
0
newine
雪    币: 1849
活跃值: (68)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
6
不得了啊。。。。。。
2010-4-15 12:44
0
笨恐龙
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
7
好多工具!有时间一个个个试一试。
2010-4-15 16:55
0
快雪时晴
雪    币: 370
活跃值: (15)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
私信
8
Tag:WEB 安全 Safety 工具 Tool
2010-4-15 18:31
0
kaakaa
雪    币: 202
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
9
这么多,还的一个一个的试,收藏了。
2010-4-18 08:27
0
青鸟kai
雪    币: 75
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
10
什么都有了~~
2010-5-1 23:24
0
encipher
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
11
这从零开始把人学死算了~
2010-5-12 21:23
0
lgccaa
雪    币: 232
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
12
mark

确实很多,要看都需要很多时间
2010-5-24 17:56
0
林smile
雪    币: 31
活跃值: (11)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
13
这个看不懂啊
2010-5-27 19:43
0
tsqdhh
雪    币: 0
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
14
下了,还行。。
2010-5-29 18:57
0
dougals
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
15
不错  收藏下
2010-6-5 10:40
0
chinafox
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
16
工具不错!                                                                              服务器安全
2010-6-11 08:30
0
xenophane
雪    币: 212
活跃值: (12)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
17
看的眼花缭乱。。。
2010-6-12 16:30
0
lixupeng
雪    币: 559
活跃值: (349)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
18
真多都英文的
2010-6-22 14:20
0
longmang
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
19
这个列表很全,不过OWASP有一段时间没有更新这个列表了。
2010-6-22 23:20
0
longmang
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
20
这是原文链接2feK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0%4j5i4y4H3i4K6u0W2L8%4u0Y4i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3V1k6b7K9r3!0W2L8X3W2^5i4K6u0r3g2r3!0G2L8s2x3`.
2010-6-22 23:22
0
sinitic
雪    币: 41
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
21
额!有点乱,不过收藏了,谢谢!
2010-6-24 13:45
0
sunningboy
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
22
好多工具!有时间一个个个试
2010-6-26 11:12
0
风雪归人
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
23
工具真多啊 多謝了
2010-7-1 21:21
0
xupeihua
雪    币: 19
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
24
全贴E文链接?
没有一点解释的呀?
2010-7-3 01:38
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回