Tools & Utilities

Current Projects

Nikto - An Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including vulnerabilities and misconfigurations.

Clickjack Testing - HTML pages to quickly test the validity of site framing/click-jacking.

lw_build_req - A PERL script to build valid LibWhisker PERL code from raw HTTP headers.

CMS-Explorer - Discover plugins and themes installed on popular content management systems.

DAVTest - Test and exploit WebDAV enabled servers.

Nessus Plugins - Plugins for the Nessus security scanner.

MP3 Duplicate Finder - Find MP3 file duplicates based on the audio content's hash.

pjl-file - A script to act like an FTP front end to PCL/PJL compatible printers.

CMS Explorer - Figure out the installed components on Content Management System sites.

Click Jacking Test Page - A visual demonstration of click jacking suitable for screen shots in reports.

SVN cloner - For when people check out their subversion repo directly into web root.

Closed Projects

SETI-Web - SETI@Home Web Statistics.

htmap - An nmap styled scanner that looks for HTTP ports.

YaHa - An experiment in brute-force HTTP authentication. Fully working code, and perhaps a jumpstart for someone's larger application.