2 3 Next >
Category: Auditing » Source Code
Katana: Portable Multi-Boot Security Suite
Katana v1 (Kyuzo) has just been released from www.hackfromacave.com . The Katana: Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite security tools, you can keep them all conveniently in your pocket. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots. Katana comes with over 100 portable Windows applications, such as Wireshark, HiJackThis, Unstoppable Copier, Firefox, and OllyDBG. It also includes the following distributions: - Backtrack 4 pre - the Ultimate Boot CD - Ophcrack Live - Damn Small Linux - the Ultimate Boot CD for Windows - Got Root? Slax - Organizational Systems Wireless Auditor (OSWA) Assistant - Damn Vulnerable Linux Katana is also highly customizable. You can modify Katana by adding or removing distributions and portable apps with ease. You can add functionality to distributions like the Ultimate Boot CD, Got Root? Slax and UBCD4Win. You can also load your personal scripts and documents to keep them conveniently with you on your flash drive to use in concert with the provided tools. More informations on this can be found at forum.hackfromacave.com
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for: 1. Testing Web Application Security Scanners 2. Testing Static Code Analysis tools (SCA) 3. Giving an introductory course to Web Application Security
Yasca is a source code analyzer that integrates other open-source tools (PMD, FindBugs, Jlint) to produce a single output file. Yasca is easily extensible and includes a large number of custom rules implemented via a plugin-based architecture. Yasca is designed to find "low hanging fruit" and has plugins supporting a variety of languages, but mostly focused on Java and C/C++.
sourcesec.com provides Web-based access to code auditing applications, and was created to assist developers and users in auditing their programs for vulnerabilities. You can upload your code for static analysis by RATS, Flawfinder and ITS4 as applicable - the C/C++, PHP Python and Perl languages are supported. Additionally, a simplified search function is available which easily allows efficient Web searches for security-related information.
LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE is inspired by existing lightweight security auditing tools such as RATS, pscan, and FlawFinder. Unlike those tools, however, LAPSE addresses vulnerabilities in Web applications. LAPSE is not intended as a comprehensive solution for Web application security, but rather as an aid in the code review process.
Security compass Web Application Auditing Tool (SWAAT) is a free static web application source code auditing tool. The aim of SWAAT is to help developers, testers, security staff, and auditors locate potentially dangerous portions of source code; it is designed to assist source code review.
JAAScois X-Code v1.0 PHP Version
analysis all php projects & discover exploits
LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags , which often refer to dynamic pages that might be subject to sql injection or other flaws.
Flawfinder searches through source code looking for potential security flaws. It will provide a list of potential security flaws, sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Flawfinder ignores text inside comments and strings.
Browse by category