current ver: v301 (beta)

httprint is a web server fingerprinting tool. httprint relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask.

click here for more details

current ver: v1.0 (beta/prototype)

The continuous adoption of Web 2.0 architecture for web applications is instrumental in Ajax, Web services and Flash, emerging as key components. Ajax is a combination of technologies such as JavaScript with the XMLHttpRequest object, DOM and XML streams. Cross site scripting (XSS) can make browsers vulnerable to critical information hijacking if exploited with malicious intent. XSS is already categorized as persistent, non-persistent and DOM-based. Ajax code loaded in browser can have entry points to XSS and it is the job of the security analyst to identify these entry points. It is difficult to decisively conclude that possible entry points to an application can be exploited. One may need to do a trace or debug to measure the risk of these entry points. This script helps to identify XSS entry points in an application. Paper is attached to understand methodology.

click here to download

current ver: v1.0 (beta/prototype)

This ruby script downloads the target page and scan for all scripts dependencies. On the basis of the filename of these scripts it tries to judge the Ajax framework with which the target site (page) is running with. It has local signature database in ajaxfinger-db. At this point it covers all popular Ajax frameworks like prototype, script.aculous, Dojo, DWR, Moo.fx, Rico, Mochikit, Yahoo UI, GWT, Atlas etc. You can add your signature as well since the file is in clear text. This script helps in web application assessment.

click here to download

current ver: v1.5 (beta/prototype)

wsChess is a toolkit for Web Services Assessments and Defense. It's a set of tools written C# for the .Net platform. This is a prototype, released as beta with limited support at this point. Toolkit includes wsPawn, wsKnight, and wsRook tools.

click here for more details

current ver: v1.0 (beta)

The datapipe_http program essentially, software based on datapipe port redirector originally written by Todd Vierling in 1995, , opens up a connection with the HTTP proxy server, and uses the CONNECT server:port HTTP/1.0 technique to open a plain bi-directional TCP connection to the destination server. The TCP connection is then handed off to the program that connects to the incoming datapipe listener port.

click here for more details

Credits: The original datapipe program was © Todd Vierling, 1995

nstools is set of security tools developed by Net-Square. Following software tools are the part this toolkit that can be used to perform various security related activities on Microsoft Windows platform .

netexec (v1.0 beta) - Remote Command Execution

netps (v1.0 beta) - Lists active processes

netport (v1.0 beta) - Port to process mapping tool

netservice (v1.0 beta) - Service Management for local and remote machines

netxslt (v1.0 beta) - XML data conversion tool that converts XML and correspoinding XSL into HTML

click here for more details

current ver: 1.1 (Beta)

MSNPawn has been designed and developed on the .Net framework and must be installed on the system. It is web application Footprinting, Profiling & Assessment tool using MSN Search web APIs. It has utilities like MSNHostFP, MSNDomainFP, MSNCrossDomainFP, MSNCrawler, MSNFetch, Search.MSN.* *Whitepaper is included for better understanding for all these utilities.

click here for more details