[WEB SECURITY] [Full-disclosure] CAT Version 1 Released - Web App Testing Tool

Context IS - Disclosure disclosure at contextis.co.uk
Tue Aug 9 05:34:53 EDT 2011

Under native Windows, CAT will only use IE to render the HTML.  I can see your point as to why you might not want to use IE and I will look into adding in a Gecko rendering option for the next version.
Under Mono it uses the Mono provided WebBrowser control, which rendering engine is used depends on the operating system's configuration e.g. Gecko or WebKit.  For more details see:

The license can be see here:


From: Valdis.Kletnieks at vt.edu [Valdis.Kletnieks at vt.edu]
Sent: 04 August 2011 15:35
To: Context IS - Disclosure
Cc: full-disclosure at lists.grok.org.uk; webappsec at securityfocus.com; websecurity at webappsec.org; owasp-all at lists.owasp.org
Subject: Re: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool

On Thu, 04 Aug 2011 01:45:16 BST, Context IS - Disclosure said:
> CAT is a tool for manual web application penetration testing and includes t he following features:

Sounds at least potentially interesting.  A few questions:

> -          CAT uses Internet Explorer's rendering engine for accurate HTML representation

Is this optional/switchable?  Might be nice to *not* use the actual IE render
engine if you're working on serving up a client-side exploit via XSS - that would
be shooting yourself in the foot then. ;)

> -          MONO Support for Linux and OSX (Currently in Beta).

What render engine does it use for Linux/OSX? Or is this referring to using
MONO to talk from a Windows test box to a Linux/OSX target?

> -          It is totally free!

What license?

More information about the websecurity mailing list