Security Compass is pleased to announce the release of the free Exploit-Me series of application penetration testing tools at SecTor.

The toolset is made specifically for security consultants, developers and QA staff to facilitate testing of applications. The Exploit-Me series of tools are plug-ins to Firefox that allow for easy "right-click" style parameter fuzzing for web applications.

Included in the Exploit-Me series are:

SQL Inject-Me - Point to any HTML field in your Firefox browser and
try to inject it with an individual SQL injection payload or
multiple-payloads via fuzzing by simply right clicking on the field
and selecting "SQL-Inject Me".

XSS-Me - As with SQL-Inject me, point to any field on an HTML document
and attempt to perform Cross-site scripting by right-clicking and
choosing "XSS-Me".

Web Service Exploit-Me - Enter a valid WSDL location and try fuzzing
various parameters in a simple-to-use HTML interface in Firefox using
Web Service Exploit-Me. The interface will also allow for you to
attempt SQL-Injection and XSS through web services.

XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS) vulnerabilities.

SQL Inject-Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.