[WEB SECURITY] [Full-disclosure] CAT Version 1 Released - Web App Testing Tool

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Aug 4 10:35:17 EDT 2011


On Thu, 04 Aug 2011 01:45:16 BST, Context IS - Disclosure said:
> CAT is a tool for manual web application penetration testing and includes t he following features:

Sounds at least potentially interesting.  A few questions:

> -          CAT uses Internet Explorer's rendering engine for accurate HTML representation

Is this optional/switchable?  Might be nice to *not* use the actual IE render
engine if you're working on serving up a client-side exploit via XSS - that would
be shooting yourself in the foot then. ;)

> -          MONO Support for Linux and OSX (Currently in Beta).

What render engine does it use for Linux/OSX? Or is this referring to using
MONO to talk from a Windows test box to a Linux/OSX target?

> -          It is totally free!

What license?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110804/ffb7d00d/attachment.sig>


More information about the websecurity mailing list