测试工具箱 - Security test tools

winston

Babel Enterprise
Description:
BabelEnterprise manages the risk, dividing it by domains (groups ororganizations), assets and policies. With all this, it can be checked,point by point the fully compliance of a security regulation, such asUNE-ISO/IEC 27001 or other ones that depend on this such as LOPD, SOX,etc.
Requirement:
Linux, Solaris, WinXP, HP-UX, IBM AIX
Download data:
                        Downloadable files: 6792 total downloads to date
                       

BFBTester - Brute Force Binary Tester
Description:
BFBTesteris good for doing quick, proactive security checks of binary programs.BFBTester will perform checks of single and multiple argument commandline overflows and environment variable overflows. It can also watchfor tempfile creation activity to alert the user of any programs usingunsafe tempfile names.
Requirement:
POSIX, BSD, FreeBSD, OpenBSD, Linux
Download data:
                        Downloadable files: 8590 total downloads to date
                       

CROSS
Description:
TheCROSS (Codenomicon Robust Open Source Software) program is designed tohelp open source projects fix critical flaws in their code.Codenomicon's CROSS program provides open source projects with fullaccess to its award-winning DEFENSICS testing solutions, helping theprojects find and fix a large number of critical flaws very rapidly.
Requirement:
130 protocol interfaces and formats
Download data:
                        No data feed available

Flawfinder
Description:
Programthat scans C/C++ source code and reports potential security flaws. Bydefault, it sorts its reports by risk level (the riskiest operations inthe code are listed first).
Requirement:
Python 1.5 or greater
Download data:
                        No data feed available

Gendarme
Description:
Gendarmeis a extensible rule-based tool to find problems in .NET applicationsand libraries. Gendarme inspects programs and libraries that containcode in ECMA CIL format (Mono and .NET) and looks for common problemswith the code, problems that compilers do not typically check or havenot historically checked.
Requirement:
.NET (Mono or MS runtime)
Download data:
                        No data feed available

Metasploit
Description:
TheMetasploit Framework is an advanced open-source platform fordeveloping, testing, and using exploit code. This project initiallystarted off as a portable network game and has evolved into a powerfultool for penetration testing, exploit development, and vulnerabilityresearch.
Requirement:
Win32 / UNIX
Download data:
                        No data feed available

Nessus
Description:
TheNessus vulnerability scanner is the world-leader in active scanners,featuring high speed discovery, configuration auditing, assetprofiling, sensitive data discovery and vulnerability analysis of yoursecurity posture. Nessus scanners can be distributed throughout anentire enterprise, inside DMZs, and across physically separatenetworks. Note that Nessus 3.x is propietary, while Nessus 2.x is opensource, which the vendor has committed to maintaining.
Requirement:
Linus, Solaris, Mac, Windows
Download data:
                        No data feed available

Nikto
Description:
Niktois an open source web server scanner which performs comprehensive testsagainst web servers for multiple items, including over 3200 potentiallydangerous files/CGIs, versions on over 625 servers, and versionspecific problems on over 230 servers.
Requirement:
Windows/UNIX
Download data:
                        No data feed available

Oedipus
Description:
Oedipusis an open source web application security analysis and testing suitewritten in Ruby. It is capable of parsing different types of log filesoff-line and identifying security vulnerabilities. Using the analyzedinformation, Oedipus can dynamically test web sites for application andweb server vulnerabilities.
Requirement:
OS Independent
Download data:
                        No data feed available

OSSTMM - Open Source Security Testing Methodology Manual
Description:
This manual is to set forth a standard for Internet security testing.
Requirement:
Download data:
                        No data feed available

Paros
Description:
Parosis for people who need to evaluate the security of their webapplications. It is completely written in Java. All HTTP and HTTPS databetween server and client, including cookies and form fields, can beintercepted and modified.
Requirement:
Cross-platform, Java JRE/JDK 1.4.2 or above
Download data:
                        No data feed available

WebScarab
Description:
WebScarabis a loose suite of web application security assessment tools writtenentirely in Java. It is a tool primarily designed to be used bydevelopers who can write code themselves.
Requirement:
OS Indpendent
Download data:
                        No data feed available

Wireshark
Description:
Wireshark,formerly known as Ethereal, is used by network professionals around theworld for troubleshooting, analysis, software and protocol development,and education. It has all of the standard features you would expect ina protocol analyzer, and several features not seen in any other product.
Requirement:
Unix, Linux, and Windows
Download data:
                        No data feed available

For those projects hosted on SourceForge, the project activity data is updated weekly using live newsfeeds powered by CaRP