The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

As promised, I am releasing the new and improved MultiInjector version 0.3
It's been QA'ed against a home-grown ASP application.

Tr4c3注：Some Security videos.

Tr4c3注：一款mysql注入工具，作者Reiluke(dsreiluke_at_gmail.com)。

This tool has been around for a LONG time in some form or another, some of you old-skool guys may remember a package called SATAN, this was the best semi-automatic security analysis tool around back then. From SATAN and it’s development came SARA, which is now in it’s 3rd generation.

这是昨晚弄的，没怎么调试。所以我可能会随时改进这个程序。
更改的时候我会注明一下时间。

版权所有:
        http://www.pcsec.org
        BK瞬间群
感谢无敌小黄瓜的投递

原始代码可见http://hi.baidu.com/tr4c3/blog/item/da1c1c30c93da89ca9018e27.html
经过黄瓜修改代码，功能更加强大了，希望能给大家的渗透工作带来方便。
 

感谢无敌小黄瓜[BK瞬间群]的投递

Some Videos of Security.

If you enjoyed this upload, please share my linx everywhere!

ASPXshell MS08-067插件
感谢hi群众兄测试，附赠几个插件。。。

Neosploit是一款专门用于网络犯罪的黑客工具包，它可以被用来对网络浏览器以及苹果QuickTime和Adobe的Adobe Reader等流行的网络软件进行攻击。

Anehta -- 新一代的web攻击平台

CSSHttpRequest (CHR) is a method for cross-domain AJAX using CSS for transport.

Similar to JavaScript, this works because CSS is not subject to the same-origin policy that affects XMLHttpRequest. Like JSONP, CSSHttpRequest is limited to making GET requests. Unlike JSONP, untrusted third-party JavaScript cannot execute in the context of the calling page.

CSSHttpRequest (CHR) is a method for cross-domain AJAX using CSS for transport.

Similar to JavaScript, this works because CSS is not subject to the same-origin policy that affects XMLHttpRequest. Like JSONP, CSSHttpRequest is limited to making GET requests. Unlike JSONP, untrusted third-party JavaScript cannot execute in the context of the calling page.