Armory
Serva32/64
A small, lightweight multi-server engine.Combines multiple features into one program. Includes: HTTP server FTP server TFTP server TFTP client DHCP server proxyDHCP server 1 BINL server 2 DNS server SNTP server SYSLOG server It was conceived mainly as an Automated PXE Server Solution Accelerator. It bundles on a single exe ...
Netsparker
Netsparker® can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Netsparker's unique detection and exploitation techniques allows it to be dead accurate in reporting hence it's the first and the ...
Paros
Paros is an HTTP and HTTPS proxy application written in Java. It allows for easy interception and manipulation of web traffic to and from a client.
Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated ...
HttpFox
An HTTP analyzer addon for Firefox
Burp Suite
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting ...
Hackvertor
Hackvertor is an online conversion tool which can serve as many tools to aide browser hacking, XSS testing, SQL injection, fuzzing, hashing, and lots more. Thanks to Gareth Heyes for suggesting this tool!
wget
GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc. GNU Wget has many features to make retrieving large ...
WebScarab
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, ...
Tamper Data
Firefox plugin by Adam Judson. Use Tamper Data to view and modify HTTP/HTTPS headers and post parameters, trace and time http response/requests, and security test web applications by modifying POST parameters.
Samurai Web Testing Framework
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection ...
ratproxy
A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic ...