BFBTester - Brute Force Binary Tester
Description:
BFBTester is good for doing quick, proactive security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. It can also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names.
Requirement:
POSIX, BSD, FreeBSD, OpenBSD, Linux
Download data:
[CaRP] XML error: syntax error at line 1
Description:
The CROSS (Codenomicon Robust Open Source Software) program is designed to help open source projects fix critical flaws in their code. Codenomicon's CROSS program provides open source projects with full access to its award-winning DEFENSICS testing solutions, helping the projects find and fix a large number of critical flaws very rapidly.
Requirement:
130 protocol interfaces and formats
Download data:
No data feed available
Description:
Program that scans C/C++ source code and reports potential security flaws. By default, it sorts its reports by risk level (the riskiest operations in the code are listed first).
Requirement:
Python 1.5 or greater
Download data:
No data feed available
Description:
Gendarme is a extensible rule-based tool to find problems in .NET applications and libraries. Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that compilers do not typically check or have not historically checked.
Requirement:
.NET (Mono or MS runtime)
Download data:
No data feed available
Description:
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.
Requirement:
Win32 / UNIX
Download data:
No data feed available
Description:
The Nessus vulnerability scanner is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. Note that Nessus 3.x is propietary, while Nessus 2.x is open source, which the vendor has committed to maintaining.
Requirement:
Linus, Solaris, Mac, Windows
Download data:
No data feed available
Description:
Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers.
Requirement:
Windows/UNIX
Download data:
No data feed available
Description:
Oedipus is an open source web application security analysis and testing suite written in Ruby. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities.
Requirement:
OS Independent
Download data:
No data feed available
OSSTMM - Open Source Security Testing Methodology Manual
Description:
This manual is to set forth a standard for Internet security testing.
Requirement:
Download data:
No data feed available
Description:
Paros is for people who need to evaluate the security of their web applications. It is completely written in Java. All HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
Requirement:
Cross-platform, Java JRE/JDK 1.4.2 or above
Download data:
No data feed available
Description:
WebScarab is a loose suite of web application security assessment tools written entirely in Java. It is a tool primarily designed to be used by developers who can write code themselves.
Requirement:
OS Indpendent
Download data:
No data feed available
Description:
Wireshark, formerly known as Ethereal, is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.
Requirement:
Unix, Linux, and Windows
Download data:
No data feed available
For those projects hosted on SourceForge, the project activity data is updated weekly using live newsfeeds powered by CaRP
