Open Source Security Testing Tools

Open Source Security Testing Tools

1. Zed Attack Proxy (ZAP) : -
ZAP or Zed Attack Proxy is a multi-platform, open-source web application security testing equal ease is used for finding a number of security vulnerabilities in a web app during the development as well as the testing phase. Thanks to its intuitive GUI, Zed Attach Proxy can be used with equal ease by newbies as that by experts. The security testing tool supports command-line access, for advanced users. In addition to being one of the most famous OWASP projects, it is awarded the flagship status: 
  1. Application error disclosure
  2. Cookie not HttpOnly flag
  3. Missing anti-CSRF tokens and security headers
  4. Private IP disclosure
  5. Session ID in URL rewrite
  6. SQL injection
  7. XSS injection
2.Wfuzz: -
HIGHLIGHTS: Multiple injection points with multiple dictionaries, Post, headers and authentication data brute forcing, Output to HTML, Cookies fuzzing, Multithreading, Proxy Support, SOCK Support, Authentication Support (NTLM, Basic, Multiple encoders per payload, HEAD scan.
Wfuzz is popularly used for brute-forcing web applications. The open-source security testing tool has no GUI interface and is usable only via the command line. Vulnerabilities exposed by Wfuzz are:
  1. LDAP injection
  2. SQL injection
  3. XSS injection
3. Wapiti: -
HIGHLIGHTS: Support HTTP, HTTPS, and SOCKS5 proxies, Basic, Digest, NTLM or GET/POST authentication, acts like a fuzzer.
Wapiti is a web application vulnerability scanner. It allows us to audit the security of websites or web applications. It performs black-box scans of the web application by crawling the web pages of the deployed web app, looking for scripts and forms where it can inject data.
Once it gets the list of URLs, forms and their inputs, Wapiti acts like fuzzer, injecting payloads tosee if a script is vulnerable. Vulnerabilities exposed by Wapiti are:
  1. Command Execution detection
  2. CRLF injection
  3. Database injection
  4. File disclosure
  5. Shellshock or Bash bug
  6. SSRF (Server Side Request Forgery)
  7. Weak .htaccess configurations that can be bypassed
  8. XSS injection
  9. XXE injection
4. W3af : -
HIGHLIGHTS: Proxy support, HTTP Basic and Digest authentication, UserAgent faking,Add custom headers to requests, Cookie handling, HTTP response cache, DNS cache, Fileupload using multipart, fuzzing engine.
W3af is a web application attack and audit framework. It comes with both GUI and console interface. It helps developers and penetration testers identify and exploit vulnerabilities in web applications. It is able to identify more than 200 types of security issues in web applications, including:
  1. Cross-Site Scripting
  2. SQL Injection
  3. Guessable credentials
  4. Unhandled application errors
  5. PHP misconfigurations
  6. Blind SQL injections
  7. Buffer overflow vulnerability
  8. CORS (Cross-Origin Resource Sharing)
  9. CSRF (Cross-Site Request Forgeries) vulnerabilities
  10. OS Commanding
  11. Authentication support
5. SQL Map:-
HIGHLIGHTS: support a wide range of database services (including MySQL, Oracle &
PostgreSQL), operating systems, SQL injection techniques.
SQL Map is a penetration testing tool that allows users to automate the process of detecting and exploiting SQL injection vulnerabilities in a website’s database. It comes with a powerful detection engine and many features to detect vulnerabilities. The security testing tool comes with a powerful testing engine, capable of supporting 6 types of SQL injection techniques:
  1. Boolean-based blind
  2. Error-based
  3. Out-of-band
  4. Stacked queries
  5. Time-based blind
  6. UNION query
6.SonarQube: -
HIGHLIGHTS: Continuous inspection, Multi-Language support, DevOps Integration, Centralize Quality.
In addition to exposing vulnerabilities, SonarQube is used to measure the source code quality of a web application. It is able to carry out analysis of over 20 programming languages. Furthermore, it gets easily integrated with continuous integration tools to the likes of Jenkins. Some of the vulnerabilities exposed by SonarQube include:
  1. Cross-site scripting
  2. Denial of Service (DoS) attacks
  3. HTTP response splitting
  4. Memory corruption
  5. SQL injection
7. Wireshark: -
HIGHLIGHTS: rich VoIP analysis, decryption support, packet browser, deep protocol inspection, live capturing and offline analysis, standard three-pane packet browser.
Wireshark is a security tool that captures and analyses network packets in real-time and outputs them in readable formats. It comes with an integration for GUI or TTY mode T Shark Utility for agraphical presentation of the collected data. Wireshark exploits the following:

  1. ARP scanning
  2. IP Protocol scanning
  3. ICMP, TCP, UDP ping sweeps
  4. TCP stealth/ Null/ FIN/ Xmass scan
  5. ARP Poisoning
  6. ICMP flooding
  7. VLAN hoping
  8. Unexplained packet loss
  9. Client deauthenticaion/disassociation
  10. Fake AP beacon flood
  11. Authentication DoS
8. Nogotofail: -
HIGHLIGHTS: support setting up as a router, proxy or VPN server, SSL certificate verification, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, and cleartext issues.
Nogotofail is a network security testing tool (network vulnerability scanner tool) designed to help developers and penetration testers. Vulnerabilities exposed by Nogotofail are:
  1. MiTM attacks
  2. SSL certificate verification issues
  3. SSL injection
  4. TLS injection
9. Vega ; -
HIGHLIGHTS: TLS / SSL security settings, identifying improvements of TLS servers.
Vegais an open-source web application security testing tool with three testing modes: automated, manual, and hybrid. When supplied with a user credential, it can automatically log into a website and scan the web pages for vulnerabilities. It identifies vulnerabilities as:

  1. Find and validate SQL injection
  2. Cross-Site Scripting (XSS) injection
  3. Blind SQL injection
  4. Header injection
  5. Remote file include
  6. Shell injection
10. Arachni: -
HIGHLIGHTS: Tracing of data & execution flows of DOM and JavaScript environments.
Arachni is an open-source security testing tool aimed at helping penetration testers and administrators evaluate the security of web applications. It is a featureful, modular, high-performance Ruby framework. It captures the following vulnerabilities:
  1. Local file inclusion
  2. Remote file inclusion
  3. Invalidated redirects
  4. Invalidated DOM redirects
  5. XPath injection
  6. SQL injection
  7. XSS injection









    • Related Articles

    • What is Security Testing?

      Security testing is performed to ensure that the data within an information system is protected and is not accessible by unauthorized users. It protects the applications against serious malware and other unanticipated threats that may crash it. ...

    • Purpose of security testing

      The primary purpose of security testing is to identify the security leakage and fix it in the initial stage itself. Security testing helps to rate the stability of the current system and also helps to stand in the market for a longer time.

    • Types of Security Frameworks

      There are mainly three types of frameworks. Each of the types has its different functions. Those three types are − Control Frameworks − This framework is known to develop an essential strategy for the cyber security department of an organization. ...

    • Why do we need Cyber Security Frameworks?

      Cyber Security networks are needed in every organization because setting up one secures many data from cyberattacks. It also removes some guesswork when it comes to securing assets. Frameworks provide a plan to the cyber security managers and give ...

    • What is a Cyber Security Framework?

      These documents describe guidelines, standards, and best practices for cyber security risk management. These frameworks reduce an organization’s exposure to weaknesses and vulnerabilities that cybercriminals can exploit. The word ‘Framework’ may seem ...