Paolo Perego's avatar

You are behind a proxy. You can modify other data related to your profile by this link.

Paolo Perego's avatar

Paolo Perego


Member of the groups
Involved Projects and Packages

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.


Wfuzz has been created to facilitate the task in web applications assessments
and it is based on a simple concept: it replaces any reference to the FUZZ
keyword by the value of a given payload.

A payload in Wfuzz is a source of data.

This simple concept allows any input to be injected in any field of an HTTP
request, allowing to perform complex web security attacks in different web
application components such as: parameters, authentication, forms,
directories/files, headers, etc.

Wfuzz is more than a web content scanner:

* Wfuzz could help you to secure your web applications by finding and
exploiting web application vulnerabilities. Wfuzz’s web application
vulnerability scanner is supported by plugins.

* Wfuzz is a completely modular framework and makes it easy for even the newest
of Python developers to contribute. Building plugins is simple and takes
little more than a few minutes.

* Wfuzz exposes a simple language interface to the previous HTTP
requests/responses performed using Wfuzz or other tools, such as Burp. This
allows you to perform manual and semi-automatic tests with full context and
understanding of your actions, without relying on a web application scanner
underlying implementation.

It was created to facilitate the task in web applications assessments, it's a
tool by pentesters for pentesters ;)


WhatWeb fingerprints Web servers and Web applications. It can identify content
management systems (CMS), Web application frameworks, default pages for Web
servers, blogs, JavaScript libraries, and more.... Each time you visit a Web
site in your browser, the Web server leaks many hints about the software
delivering the Web page. WhatWeb recognizes these hints and reports what it
finds. WhatWeb has over 70 plugins. Plugins can identify systems with obvious
signs removed by looking for subtle clues. Plugins are flexible and can return
any datatype. For example, plugins can return version numbers, email addresses,
account IDs, and more


XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.


The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.


This projects provides new and updated packages for cryptography and privacy and their dependencies for maintained distribution versions of openSUSE and SLE.

Maintainer Bugowner

Zsh is a UNIX command interpreter (shell) that resembles the Korn shell
(ksh). It is not completely compatible. It includes many enhancements,
notably in the command-line editor, options for customizing its
behavior, file name globbing, features to make C-shell (csh) users feel
at home, and extra features drawn from tcsh (another `custom' shell).
Zsh is well known for its command line completion.

The Docker Bench for Security is a script that checks for dozens of common
best-practices around deploying Docker containers in production.

The tests are all automated, and are inspired by the CIS Docker 1.11.0 Benchmark.
( )

openSUSE Build Service is sponsored by