Functional testing | Performance testing | Test management | Bug databases | Link checkers | Security

Security test tools (18 found)


Babel Enterprise

Description:

Babel Enterprise manages the risk, dividing it by domains (groups or organizations), assets and policies. With all this, it can be checked, point by point the fully compliance of a security regulation, such as UNE-ISO/IEC 27001 or other ones that depend on this such as LOPD, SOX, etc.

Requirement:

Linux, Solaris, WinXP, HP-UX, IBM AIX


BFBTester - Brute Force Binary Tester

Description:

BFBTester is good for doing quick, proactive security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. It can also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names.

Requirement:

POSIX, BSD, FreeBSD, OpenBSD, Linux


Brakeman

Description:

Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. If you happen to use the Hudson/Jenkins continuous integration tool, there is a Brakeman plugin for it.

Requirement:

Rails 3


CROSS

Description:

The CROSS (Codenomicon Robust Open Source Software) program is designed to help open source projects fix critical flaws in their code. Codenomicon's CROSS program provides open source projects with full access to its award-winning DEFENSICS testing solutions, helping the projects find and fix a large number of critical flaws very rapidly.

Requirement:

130 protocol interfaces and formats


Flawfinder

Description:

Program that scans C/C++ source code and reports potential security flaws. By default, it sorts its reports by risk level (the riskiest operations in the code are listed first).

Requirement:

Python 1.5 or greater


Gendarme

Description:

Gendarme is a extensible rule-based tool to find problems in .NET applications and libraries. Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that compilers do not typically check or have not historically checked.

Requirement:

.NET (Mono or MS runtime)


Knock Subdomain Scan

Description:

Knock allows you to scan subdomains, Transfer Zone discovery, Wildcard testing with internal or external wordlist. This tool can be useful in black box pentest to find vulnerable subdomains.

Requirement:

Linux, Windows and MAC OS X with Python version 2.x


Metasploit

Description:

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

Requirement:

Win32 / UNIX


Nessus

Description:

The Nessus vulnerability scanner is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. Note that Nessus 3.x is propietary, while Nessus 2.x is open source, which the vendor has committed to maintaining.

Requirement:

Linus, Solaris, Mac, Windows


Nikto

Description:

Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers.

Requirement:

Windows/UNIX


nsiqcppstyle

Description:

nsiqcppstyle is aiming to provide an extensible, easy to use, highly maintainable coding style checker for C/C++ source code. The rules and analysis engine are separated and users can develop their own C/C++ coding style rules. Furthermore, there is a customizable rule server(Google App Engine or dJango based) as well. This project is developed to provide the internal toolset for NHN corp in South Korea.

Requirement:

Platform Independent


Oedipus

Description:

Oedipus is an open source web application security analysis and testing suite written in Ruby. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities.

Requirement:

OS Independent


OSSTMM - Open Source Security Testing Methodology Manual

Description:

This manual is to set forth a standard for Internet security testing.

Requirement:


OWASP Zed Attack Proxy

Description:

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

Requirement:

Windows, Linux, Mac OS


Paros

Description:

Paros is for people who need to evaluate the security of their web applications. It is completely written in Java. All HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

Requirement:

Cross-platform, Java JRE/JDK 1.4.2 or above


Vega

Description:

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own.

Requirement:

Java. Runs on OS X, Linux, Windows.


WebScarab

Description:

WebScarab is a loose suite of web application security assessment tools written entirely in Java. It is a tool primarily designed to be used by developers who can write code themselves.

Requirement:

OS Indpendent


Wireshark

Description:

Wireshark, formerly known as Ethereal, is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.

Requirement:

Unix, Linux, and Windows


For those projects hosted on SourceForge, the project activity data is updated weekly using live newsfeeds powered by CaRP