Rich tools for instrumenting, analyzing, and visualizing web apps.
Catches mail and serves it through a dream.
MailCatcher runs a super simple SMTP server which catches any message sent to it to display in a web interface.
Record your test suite's HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests.
Zombie.js is a lightweight framework for testing client-side JavaScript code in a simulated environment. No browser required.
A scriptable browser for Web developers
A CLI tool for detecting frontend SPOF, mainly blocking scripts and CSS
Vaurien is basically a Chaos Monkey for your TCP connections. Vaurien acts as a proxy between your application and any backend.
You can use it in your functional tests or even on a real deployment through the command-line.
Set of tools for testing with older or newer IE browsers
A debugger for RESTful web services.
Hurl.it makes HTTP requests.
Choose the request method, customize headers and POST parameters, add basic authorization or OAuth credentials, and even follow redirects. Then view the nicely formatted request and response.
It's the perfect tool for testing APIs. Just enter a URL and click send.
Testing an HTTP Library can become difficult sometimes. PostBin.org is fantastic for testing POST requests, but not much else. This exists to cover all kinds of HTTP scenarios. Additional endpoints are being considered (e.g. /deflate). All endpoint responses are JSON-encoded.
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
ghost.py is a webkit web client written in python.
This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
Sitespeed.io is an open source tool that helps you analyze and optimize your website speed and performance based on performance best practices. It collects data from multiple pages on your website, analyze the pages using performance best practices rules and output the result as HTML-files or JUnit XML.
PhantomJS is a headless WebKit with JavaScript API. It has fast and native support for various web standards: DOM handling, CSS selector, JSON, Canvas, and SVG.
The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target.
A Python Mocking and Patching Library for Testing
Mink is an open source acceptance test framework for web applications, written in PHP 5.3.