CAL9000 Web Application Security Testing Assistant


Unless you have one of these ...
JailCard
... please only use this tool for testing your own applications or those that
you have been authorized to test. See the Help file for browser restrictions.

OWASP
CAL9000 is an OWASP tool and is one of the sponsored
projects for the 2006 Autumn of Code.


CAL9000 v2.0, Copyright © 2006 Christopher Loomis
Distributed under the GNU General Public License











 

XSS Attack Library

Attack info from RSnake
Browser support: 
Code: 

Description: 

Filter:   |     Selected Text:  | Clear:
Editor: 
Regex: / /  Replace With:







 

Character Encoder/Decoder

Uppercase   Trailing Character:   Delimiter:    Include Unselected Text  |  Base64 Filler Chars:
Wrapper:  Apply:
Select Encoding Type: Plain Text:  

| |
Select Decoding Type: Encoded Text:  

|   |







 

HTTP Requests

Load AutoAttack:
List:
Placeholder:

Quick Encode:
Method:     Auth: User: Password:
:

Add Request Header:



Add Browser Headers:
Add Method Headers:
Add Request Parameter:
Name:
Value:



 |   |  History:
Selected Text:  |  Clear:







 

HTTP Responses

Target Url (from Request): 
Response Status:
 Selected Text:  |  Clear:
Elements:  |   |  History:







 

Scratch Pad

Selected Text: |







 

Cheat Sheets









 

Misc Tools

IP Encoder / Decoder

Set Dword level:

IP:       |
Dword: |
Hex:     |
Octal:  |
Selected Text: |

String Generator

String Length:   Character:  
  Selected Text: |

Scroogle Search

Term:
Domain:

Advanced Operators site:
filetype:
cache:
link:
related:
define
inurl:
allinurl:
intitle:
allintitle:
intext:
allintext:








 

Testing Checklist

Testing Tips:
Tip Description:
Examples / Actions:
Checklist: (see owasp guide) Results / Notes:
Editor:   Category:       Title:   
 Selected Text:   |   Clear:







 

AutoAttack List Editor

Attack Lists: 
Individual Item Display:
Attack List Workarea:
Item # of #:  
List Editor:  List Name:  
Item Editor:    |   Quick Encode:
 Selected Text:   |   Clear: