Penetration testing- Tools & Software > WebApp testing

w3af - Web application attack and audit framework
w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
http://w3af.sourceforge.net/

Wfuzz - The web bruteforcer
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
http://www.edge-security.com/wfuzz.php


	[Home] [Suggest a Link] [Our Blog] [Contact Us]
	Created in an attempt to have an organized directory strictly related to the penetration testing business, here's the project! Always looking for contributions in terms of submitting links and categories, feedback, and anything that may help the project grow into a useful resource. Don't miss our Blog for any particular tips and tricks and feel free to add yours to our Blogs category!