Projects

  • Nikto – An Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including vulnerabilities and misconfigurations.

  • Clickjack Testing – HTML pages to quickly test the validity of site framing/click-jacking.

  • pjl-file – A script to act like an FTP front end to PCL/PJL compatible printers.

  • SVN Pristine Extractor – For when people check out their subversion repo directly into web root.

  • Mercurial Extractor –  if you know the format of the binary files and somebody leaves the .hg file in place on a web root, you can extract pretty much all the files in the repository.

Dead Projects

  • CMS Explorer – CMS Explorer was the first dedicated CMS (Content Management System) product-specific scanner, which targeted both WordPress and Drupal, released in 2010. It brought innovation to scanners by doing plugin/theme enumeration and then actively searching the OSVDB for potential vulnerabilities. 

  • DavTest – Exploit web servers by uploading files to web servers and making them executable using the WebDAV protocol. Much of this functionality was later added to a Metasploit module.