Smart Testers List of Testing Tools

• Lightshot- with a single click we can easily drag a screenshot and save it. We always take screenshot and spend time in print screen and save on paint but with this tools it can our time and easily take screenshot of required area only.
• Speed Tracer:- Identification of the components which can be optimized on the page level to improve the loading time of the page.It gives the complete information of each file used in page with their loading time and can decrease the loading time by optimization of the page.
• Build Reactor:- Connectivity of Jenkins with Google chrome directly, we don't need to check the mails or Jenkins URL for checking the build status or any activity regarding CI this tool automatically give the status after any activity on Jenkins .
• User Agent Switcher:- With a single click we can set any browser for testing on different browsers in single browser.
• Check my links/ Link Cheker:- Links can be verified automatically on a page with the help of this tool.All the dead links can be find out without clicking each link manually.
• IE Tab:- In Google chrome , IE browser can be operated with all IE versions.
• Windows Resizer:- In single click we can Resize our window in any resolution for e.g. All smart phone screens and many others resolutions.
• URL Info:-Display the URL in several lines, so you can quickly check parameters and values.
• JavaScript Errors Notifier:Notifies JavaScript errors by icon in address bar or notification popup(optional) we don't need to check the JS error by ctrl+shift+J. We can easily notify the JS error and also open or clear the errors.
• Image Properties Context Menu: A simple context menu extension to show the properties of an image , just right click on any image and clicking on Menu we can get all the properties of the image.
• IP Address and Domain Information: The Ultimate online investigation tool! See detailed information about every IP Address, Domain Name and Provider by clicking the Icon on tool bar. No need to check any IP addres from google.
• Page Load Time: Display page load time in toolbar without any effort. we don't need to use any other page load time tool or no need to go in Firebug->Network-> measure the load time of page.
  
  
   
  Security / Penetration Testing Tools
  Test your sites and web applications and perform a security assessment/audit of your work with these handy tools:
  

  • Tamper Data : Use it to view and modify HTTP/HTTPS headers and post parameters, to trace and time http response/requests. You can security test web applications by modifying POST parameters.
  • HackBar: This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code.
  • XSS Me: XSS-Me is used to test for reflected Cross-Site Scripting. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack. The tool does not do port scanning, packet sniffing, password hacking or firewall attacks.
  • SQL Inject Me: SQL Inject Me is used to test for SQL Injection vulnerabilities. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. The tool sends database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.
  • Groundspeed
  • Groundspeed allows input validation testing from the top-down, starting at the web application interface level instead from the HTTP protocol. Some of the practical uses of groundspeed include changing hidden fields, select drop down lists and other fields into text fields, removing size and length limitations on input fields and modifying JavaScript event handlers to bypass client side validation without actually removing it.

  This is the free-community edition of the powerful Netsparker which still comes with a bunch of features and also false-positive-free. 1The application can detect SQL Injection + cross-site scripting issues. Once a scan is complete, it displays the solutions besides the issues and enables you to see the browser view and HTTP request/response.

  Websecurify is a very easy-to-use and open source tool which automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies. It can create simple reports (that can be exported into multiple formats) once ran. The tool is also multilingual and extensible with the add-on support.

  Wapiti is an open source and web-based tool that scans the web pages of the deployed web applications, looking for scripts and forms where it can inject data. It is built with Python and can detect:

  
  

  The free edition performs restricted-yet-still-powerful set of web security assessment checks compared to the paid versions of the application.

  It can check up to 100 web pages at once including web server and cross-site scripting checks.
   

  Scrawlr is a free software for scanning SQL injection vulnerabilities on your web applications. It is developed by HP Web Security Research Group in coordination with Microsoft Security Response Center.

  It is a plugin for Fiddler (the awesome HTTP debugging proxy) and works as a passive-analysis tool for HTTP-based web applications. Watcher runs silently in the background and interact with the web-application to apply 30+ tests (where new ones can be added) while you browse. It will identify issues like cross-domain form POSTs, dangerous context-switching between HTTP and HTTPS, etc.

  x5s is again a plugin for Fiddler just like Watcher which is designed to find encoding and character transformation issues that can lead to XSS vulnerability. It simply tests user-controlled input using special characters like <, >, ', and reviews how the output encodes the special characters.

  WebScarab is actually a proxy to sniff the HTTP(s) traffic and manipulate it. However, it comes with features like "parameter fuzzer (for testing XSS and SQL injection vulnerabilities), or "CRLF injection (HTTP response splitting)" and more.

  This is the free and limited-featured version of a paid/pro product. It performs a check on any website and identifies cross site scripting (XSS) vulnerabilities. And, if you are looking to improve yourself in the area of web application security and need to play with an application legally, there is DVWA (damn vulnerable web app.) which is there for just this purpose.

  
  Mind-Mapping / Flow-Charts / Work-flow / UI Prototype Designing Tools

  • Netsparker Community Edition (Windows)
  • Websecurify (Windows, Linux, Mac OS X)
  • Wapiti (Windows, Linux, Mac OS X)
  • File handling errors (Local and remote include/require, fopen, readfile…)
  • Database, XSS, LDAP and CRLF injections (HTTP response splitting, session fixation…)
  • Command execution detection (eval(), system(), passtru()…)
  • N-Stalker Free Version (Windows)
  • Scrawlr (Windows)
  • Watcher (Windows)
  • x5s (Windows)
  • WebScarab (Windows, Linux, Mac OS X)
  • Acunetix Free Version (Windows)
  • Draw.io: draw.io is a free online diagram drawing application for workflow, BPM, org charts, UML, ER, network diagrams. This can also be connected on Google Drive. It works directly on your browser.
  • Giffy: Professional-quality flowcharts, org charts, UML diagrams, network diagrams, wireframes, technical drawings and more. Gliffy works directly in your browser!
  • xMind: XMind is an open source project, which means it's free to download and free to use forever. XMind Plus/Pro with more professional features are also available. Millions of people use XMind to clarify thinking, manage complex information, run brainstorming and get work organized.

About the Author

Amit Agnihotri, Agile coacher, Scrum Master and Test Manager, located in India, view his LinkedIn profile.