1 WSfuzzer:
WSFuzzer is a LGPL’d program, written in Python, that currently targets Web Services. In the current version HTTP based SOAP services are the main target. This tool was created based on, and to automate, some real-world manual SOAP pen testing work. This tool is NOT meant to be a replacement for solid manual human analysis. Please view WSFuzzer as a tool to augment analysis performed by competent and knowledgable professionals. Web Services are not trivial in nature so expertise in this area is a must for proper pen testing.
wiki: http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
2
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
página: http://www.cirt.net/nikto2
3 w3af
w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
página: http://w3af.sourceforge.net/
4 wapiti,
funcionalidades:
funcionalidades:
* Detección de errores en la gestión de ficheros (fopen, includes…)
* Inyección SQL
* Inyección XSS
* Inyección LDAP
* Ejecución de comandos (eval(), system()…)
* Inyección CRLF (HTTP splitting)
5 paros_proxy
este tiene muchas cosas mejor paso el link directamente :
http://www.parosproxy.org/faq.shtml
6 DirBuster
Attempt to find hidden pages/directories and directories with a web application, thus giving a another attack vector (For example. Finding an unlinked to administration page).
busca directorios que no están linkeados,( sin mas comentarios )
wiki: http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
7 SPIKE
When you need to analyze a new network protocol for buffer overflows or similar weaknesses, the SPIKE is the tool of choice for professionals. While it requires a strong knowledge of C to use, it produces results second to none in the field. SPIKE is available for the Linux platform only.
http://www.immunitysec.com/resources-freesoftware.shtml#SPIKE
8 MALTEGO
Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.
Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool in the forensics.security and intelligence fields!
Maltego offers the user with unprecedented information. Information is leverage.
9 fierce
Fierce is not an IP scanner, it is not a DDoS tool, it is not designed to scan the whole internet or perform any un-targeted attacks. It is meant specifically to locate likely targets both inside and outside a corporate network.
10 gooscan
Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on web pages. Think “cgi scanner†that never communicates directly with the target web server, since all queries are answered by a Google appliance, not by the target itself.
página: http://blackhammer.org/gooscan-automated-google-hacking-tool/