OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
IPv6 CARE, "IPv6 Compliant Automatic Runtime Environment", provides an environment where applications instantly become IPv6-compliant ('patch' mode, see RFC6535). It can also generate a diagnosis about the IPv6 compliance of an application ('check' mode). It uses an LD_PRELOAD-based library injection technique.
PyMuTester is tool to facilitate Mutant Testing (a.k.a Mutant Analysis or Program Mutation) on software systems written in Python. Its main purpose is to assist you in improving your existing unit tests to cover missing checks and “loopholes” in your testing. It works by making small changes (technically known as mutants) to your Python application’s source code and re-running your unit tests over these mutated applications' source code. Since the mutants usually go against the specifications, your unit tests should fail in such tests. If the unit tests still pass, then that is an indication that your unit tests might have missed some checks.
Kundo provides a structured, convention based approach for Java builds. Kundo has a pluggable, extensible architecture; it harnesses the power and flexibility of Groovy and Ant to provide a highly configurable Java build framework. Kundo achieves this flexibility with a plug-in architecture that attaches behaviors (provided by Kundo plug-ins) to build lifecycle phases. Kundo consists of a kernel and a set of foundation plug-ins. The kernel is responsible for the orchestration of the multiple collaborators within the build system.
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
Bunny the Fuzzer is a closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. It uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data.