Platform Independent Petri Net Editor (PIPE) creates and analyses Petri Nets quickly, efficiently, and effectively. A key design feature is the modular approach adopted for analysis, enabling new modules to be written easily and powerfully, using built-in data layer methods for standard calculations. Six analysis modules are provided, including Invariant Analysis, State-Space Analysis (deadlock, etc.), and Simulation Analysis and Classification. PIPE adheres to the XML Petri net standard (PNML). The file format for saving and loading Petri Nets is extensible through the use of XSLT, the default being PNML.
Burp intruder is a tool that facilitates automated attacks against Web-enabled applications. It is highly configurable and can test for common Web application vulnerabilities such as SQL injection, cross-site scripting, buffer overflows, and directory traversal as well as performing brute force attacks against authentication schemes, enumeration, parameter manipulation, trawling for hidden content and functionality, session token sequencing and session hijacking, data mining, concurrency attacks, and application-layer denial-of-service attacks.
Oink is a collaboration of backends for the Elsa C and C++ frontend. It aims to be industrial-strength for immediate utility in finding bugs, extensible for ease in adding backends, and composable for ease in combining existing ones. It computes expression-level and type-level data flow, and statement-level intra-procedural control flow (by delegating to Elsa). It's easy to get started by using the two demo backends that print graphs of these flows. It also comes with a client of the data flow analysis that does type qualifier inference: Cqual++, a C/C++ frontend for Cqual. Whole-program analyses may be attempted using the linker imitator.
ACL2 is a mathematical logic, programming language, and mechanical theorem prover based on the applicative subset of Common Lisp. It is an "industrial-strength" version of the NQTHM or Boyer/Moore theorem prover, and has been used for the formal verification of commercial microprocessors, the Java Virtual Machine, interesting algorithms, and so forth.
Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyse, attack, and exploit Web applications. The various burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another. Numerous interfaces are implemented between the different tools, designed to facilitate and speed up the process of attacking a Web application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting, and extensibility. Burp suite is extensible via the IBurpExtender interface.
Bunny the Fuzzer is a closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. It uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data.
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.