Security Tools
Below is a list of free (and also mostly open source) security tools that I have used and recommend. Documentation and tutorials can usually be found on respective websites, or on Google.
Scanning & Enumeration
Network Vulnerability Scanning
Web Vulnerability Scanning
Web Fuzzing
wfuzz
Python-based web application fuzzer. Great bruteforcing tool with recursion, encodings, headers, and more. Very fast and configurable.
RFuzz
Ruby library for quickly creating custom fuzzers.
Tarantula
Ruby on Rails application fuzzer.
SQL Injection
sqlmap
Command line SQL injection tool based on Python . Can fuzz multiple parameters to discovery possible SQL injection, fingerprint the database, and carry out various attacks. Supports MySQL, Oracle, Postgresql, and MS SQL Server.
Absinthe
GUI-based tool for automating blind SQL injection attacks including downloading the database schema and contents. It does not help you discover SQL injection attacks - it only helps you automate known attack vectors. Written in C# and runs on a variety of platforms.
Web Proxies
Paros
A basic man-in-the-middle proxy that can intercept and modify both requests and responses. Also features a spider and a vulnerability scanner. Written in Java.
Burp Proxy
Part of Burp Suite, which provides a lot more than just a proxy. Based on Java.
Wireless Auditing
Posts
