Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use.

The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. Along with this SecTor is making the audio of the talk available.

XSS-Me

Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.

• Download XSS-Me Now!
• XSS-Me 0.4 release notes
• Get the source
• Read the FAQ to find out more
• Extended XSS string set
• Known issues

SQL Inject-Me

SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.

• Download SQL Inject-Me Now!
• SQL Inject-Me 0.4 release notes
• Get the source
• Read the FAQ to find out more
• Known issues

Access-Me

Access vulnerabilites in an application can allow an attacker to access resources without being authenticated. Access-Me is the Exploit-Me tool used to test for Access vulnerabilities.

• Download Access-Me Now!
• Access-Me 0.2 release notes
• Get the source
• Learn to Hack Access Me to add evaluation code
• Read the FAQ to find out more
• Known issues