AttackAPI
published: August 26th, 2006
partners:
AttackAPI provides simple and intuitive programmable interface for composing attack vectors with JavaScript and other client and server related technologies. This is the 2.x branch which among other improvements introduces better interaction with the attack subroutines.
AttackAPI is standard part of many public and private security related projects hosted on GNUCITIZEN and other organizations. This library may be treated as open source (GPLv2) project. As such, feel free to extend upon it. Keep in mind, that AttackAPI may only be used for experimental and demonstration purposes. GNUCITIZEN disclaims any responsibility for your own actions.
trackbacks
- Depressive Developer » F?hr! Mich! Aus!
- Johannes Gumbel [Pentestare] : XSS blir ett allvarligt hot
- GNUCITIZEN » AttackAPI 0.8 is OUT
- Talk at 0sec at Disenchant’s Blog
- Operation n » Blog Archive » JSScanner
- AttackAPI 0.8 JavaScript Hacking Suite Available »
- Depressive Developer » Backframe und AttackAPI installieren und nutzen
- Operation n » Hacking with Images 1
- AttackAPI 2.0 Alpha - JavaScript Hacking Suite »
- The Security Catalyst » Blog Archive » Web App Security: Comparing and contrasting Black Box, White Box, Fault Injection, and SCA
- Web App Security: Comparing and contrasting Black Box, White Box, Fault Injection, and SCA - QuietMove
- 2007 Security Testing tools in review | tssci security
comments
i’d like to test this api
sure, give it a go. If you find any problems with it please post them here. Thanks.
I’m really banking alot of the future of web application security on XSS, As in i’m staking my career on it. Sure BUffer overflows are still gonna exist and teh skillz are requisite but xss is the future and any hacker worth his salt should know about this. thanks Mr pdp, you are an invaluable resource/person. Big Up.
pdp, I really like your library so far, helped me a _LOT_ developing my own stuff. At the moment I am pretty much stuck here with a problem regarding execution of an AttackApi script in an IE 6 environment. Is there anything like a chat or forum which can be used for problems like this (I’d rather do it this way than posting it to code.google.com, as I am not sure if this really is an issue or simply stupidity of me). I’d really like to see a AttackAPI community out there..:)
rootkid, I’ve created AttackAPI Google group. Feel free to post your stuff there. I would like to build community around the library too since V3 looks very promising in terms of new features. I am not sure whether I discussed this thing somewhere else, but AttackAPIv3 has features to export the most basic set of requirements for each attack payload.