Test sites / testing grounds SPI Dynamics (live)
Cenzic (live)
Watchfire (live)
Acunetix (live)
WebMaven / Buggy Bank
Foundstone SASS tools
Updated HackmeBank
OWASP WebGoat
蚯蚓拼音OWASP SiteGenerator
Stanford SecuriBench
SecuriBench Micro
Google’s web application training
HTTP proxying / editing WebScarab
Burp
Paros
Fiddler
Web Proxy Editor
Pantera
Suru
httpedit (curs-bad)
Charles
Odysus
Burp, Paros, and WebScarab for Mac OS X Web-application scanning tool from `Network Security Tools'/O'Reilly
冬天的秘密歌词JS Commander
Ratproxy
RSnake's XSS cheat sheet bad-tools, webapp fuzzing, and encoding tools
Wfuzz
ProxMon
Wapiti
Grabber
XSSScan
CAL9000
HTMangLe
JBroFuzz
XSSFuzz
WhiteAcid's XSS Assistant
Overlong UTF
[TGZ] MielieTool (SenPost Rearch) RegFuzzer: test your regular expression filter screamingCobra
SPIKE and SPIKE Proxy
RFuzz
WebFuzz
TestMaker
ASP Auditor
WSTool
Web Hack Control Center (WHCC)
Web Text Converter
HackBar (Firefox Add-on)
Net-Force Tools (NF-Tools, Firefox Add-on) PostIntercepter (Greamonkey script)
HTTP general testing / fingerprinting
Wbox: HTTP testing tool
ht://Check
Mumsie
WebInject
Torture.pl Home Page
JoeDog's Seige
OPEN-LABS: metoscan (http method testing) Load-balancing detector
HMAP
Net-Square: httprint
Wpoison: http stress testing
Net-square: MSNPawn
hcraft: HTTP Vuln Request Crafter
rfp.labs: LibWhisker
Nikto
交通指挥手势Webcurify
twill
DirBuster
[ZIP] DFF Scanner
[ZIP] The Elza project
HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled Browr-bad HTTP tampering / editing / replaying
TamperIE
isr-form
Modify Headers (Firefox Add-on)
Tamper Data (Firefox Add-on)
UrlParams (Firefox Add-on)
TestGen4Web (Firefox Add-on)
DOM Inspector / Inspect This (Firefox Add-on) LiveHTTPHeaders / Header Monitor (Firefox Add-on)
Cookie editing / poisoning [TGZ] stompy: ssion id tool
Add'N Edit Cookies (AnEC, Firefox Add-on) CookieCuller (Firefox Add-on)
CookiePie (Firefox Add-on)
CookieSpy
Cookies Explorer
Ajax and XHR scanning
Sahi
scRUBYt
jQuery
jquery-include
Sprajax
Watir
Watij
Watin
RBNarcissus
SpiderTest (Spider Fuzz plugin)
Javascript Inline Debugger (jasildbg)
Firebug Lite
firewaitr
RSS extensions and caching LiveLines (Firefox Add-on)
rss-cache
SQL injection scanning
0x90: home of Absinthe, Mezcal, etc
SQLiX
sqlninja: a SQL Server injection and takover tool
JustinClarke's SQL Brute
BobCat
sqlmap
Scully: SQL Server DB Front-End and Brute-Forcer
FG-Injector
PRIAMOS
Web application curity malware, backdoors, and evil code
W3AF: Web Application Attack and Audit Framework
Jikto
XSS Shell
XSS-Proxy
AttackAPI
FFsniFF
HoneyBlog's web-bad junkyard
BeEF
Firefox Extension Scanner (FEX)
What is my IP address?
xRumer: blogspam automation tool
SpyJax
Greacarnaval
Technika
Load-AttackAPI bookmarklet
MD's Projects: JS port scanner, pinger, backdoors, etc
Web application rvices that aid in web application curity asssment
Netcraft
AboutURL
旅游路线规划The Scrutinizer
ServerSniff
Online Microsoft script decoder
Webmaster-Toolkit
myIPNeighbbors, et al卧式镗床
PHP chart encoding
data: URL testcas
Browr-bad curity
fuzzing / checking
Zalewski's MangleMe
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan Peach Fuzzer Framework
TagBruteForcer
PROTOS Test-Suite: c05-http-reply
COMRaider
bcheck
Stop-Phishing: Projects page
LinkScanner
怕冷怕热BrowrCheck
Cross-browr Exploit Tests
Stealing information using DNS pinning demo Javascript Website Login Checker
Mozilla Activex
Jungsonn's Black Dragon Project
Mr. T (Master Recon Tool, includes Read
Firefox Settings PoC)
Vulnerable Adobe Plugin Detection For UXSS PoC About Flash: is your flash up-to-date?
Test your installation of Java software WebPageFingerprint - Light-weight Greamonkey Fuzzer
PHP static analysis and file inclusion scanning
PHP-SAT: Static analysis for PHP
Unl0ck Rearch Team: tool for arching in google for include bugs
FIS: File Inclusion Scanner
PHPSecAudit
PHP Defensive Tools
PHPInfoSec - Check phpinfo configuration for curity
A Greamonkey Replacement can be found at Php-Brute-Force-Attack Detector - Detect your web rvers being scanned by brute force tools such as WFuzz, OWASP DirBuster and
vulnerability scanners such as Nessus, Nikto, Acunetix ..etc.
PHP-Login-Info-Checker - Strictly enforce admins/urs to lect stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?t
estlic
yehg/lab/pr0js/files.php/loginfo_ch eckerv0.1.zip
yehg/lab/pr0js/files.php/phploginfo _checker_demo.zip
php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code.
PHPMySpamFIGHTER
Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources APIDS on Wikipedia
PHP Intrusion Detection System (PHP-IDS) dotnetids
月亮金牛Secure Science InterScout
Remo: whitelist rule editor for mod_curity GotRoot: ModSecuirty rules
The Web Security Gateway (WSGW)
mod_curity rules generator
Mod_Anti_Tamper
[TGZ] Automatic Rules Generation for
Mod_Security
AQTRONIX WebKnight
Akismet: blog spam defen
Samoa: Formal tools for curing web rvices Web rvices enumeration / scanning / fuzzing WebServiceStudio2.0
Net-square: wsChess
WSFuzzer
SIFT: web method arch tool
iSecPartners: WSMap, WSBang, etc
Web application non-specific static source-code analysis Pixy: a static analysis tool for detecting XSS vulnerabilities
人民币折玫瑰花Brixoft.Net: Source Edit
Security compass web application auditing
tools (SWAAT)
An even more complete list here
A nice list that claims some demos available
