PWEB SUITE – Perl based web app penetration test tools

pWeb Suite (formerly known as pCrack Suite) is a set of Perl based penetration testing tools for web application vulnerability testing. This tool is brought to you by Douglas Berdeaux a.k.a Trevelyn who is the founder of WeakNet Laboratories and the developer of WEAKERTH4N Linux, a penetration testing distro aimed for wireless penetration testing and web pentesting. At first, pWeb Suite is only available for WEAKERTH4N Linux but then he decided to release it to the public for other pentesting distros, this happened when I sent him a message that I would like to try out the tools he just made for web pentesting which was featured in the SOLDIERX HDB. pWeb Suite version 1.0 can be downloaded at Google Code.


What’s inside?

Web Application Vuln Finding:
-HelLFiRE –  LFI Automation Tool
-LogInject0r – Code Injection Tool for Web Server Logs (LFi Attack)


-SMSI (SimplyMySQLi) – Simple Mysql Injector

-StrEncode – XSS String Encoding Tool

Mathematics / Hashes / Passwords:
Online Resources:

FileScope – Server Files Recon Tool

Wordlist Utilities:

The suite also includes a vulnerable code for Local File Inclusion =)



Next up, I will doing some tutorials for pWeb Suite. It will be available soon =)

Credit: Jay Turla is a Filipino security researcher, programming student, infosec enthusiast, open source advocate, and the blog manager of PenTest Laboratory. He is interested in Linux, OpenVMS, penetration testing and vulnerability assessment. He is one of the core team members of The ProjectX Blog and one of the bloggers and goons of ROOTCON (Philippine Hackers Conference).You can follow his tweets

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s