[WEB SECURITY] Need a Opensource tool for application scanning

Andreas Schmidt webappsec at siberas.de
Fri Jun 7 09:56:06 EDT 2013


Hi,

you may also want to try WATOBO - THE Web Application Toolbox.

WATOBO is a security tool for web applications. It is intended to enable
security professionals to perform efficient (semi-automated) web
application security audits.

Most important features:
* WATOBO has Session Management capabilities! You can define login
scripts as well as logout signatures. So you don't have to login
manually each time you get logged out.
* WATOB can act as a transparent proxy (requires nfqueue)
* WATOBO can perform vulnerability checks out of the box
* WATOBO can perform checks on functions which are protected by
Anti-CSRF-/One-Time-Tokens
* WATOBO supports Inline De-/Encoding, so you don't have to copy strings
to a transcoder and back again. Just do it inside the request/response
window with a simple mouse click.
* WATOBO has smart filter functions, so you can find and navigate to the
most interesting parts of the application easily.
* WATOBO is written in (FX)Ruby and enables you to easily define your
own checks
* WATOBO runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby
* WATOBO is free software ( licensed under the GNU General Public
License Version 2)

Check out the online documentation and video tutorials at
http://watobo.sourceforge.net

regards,

andy (author of watobo ;)

Am 25.05.2013 00:13, schrieb Rohit Pitke:
> Additionally, you can use Ratproxy and skipfish.
> If you are concerned about individual vulnerabilities, I would suggest
> sqlmap (for SQL injection), XSSRay (for XSS), Nikto (Directory Access) 
>
> ------------------------------------------------------------------------
> *From:* Seba <seba at owasp.org>
> *To:* Muruganandam C <muruganandam.c at gmail.com>
> *Cc:* webappsec at securityfocus.com; pen-test at securityfocus.com; web
> security <websecurity at webappsec.org>
> *Sent:* Wednesday, May 22, 2013 11:48 PM
> *Subject:* Re: [WEB SECURITY] Need a Opensource tool for application
> scanning
>
> Hi Muruganandam,
>
> OWASP Zed Attack Proxy Project is the perfect tool for you.
> It has automated scanners as well as a set of tools that allow you to
> find security vulnerabilities manually. 
>
> more info & download
> on https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
>
> regards
>
> Seba
>
>
>
> On Thu, May 23, 2013 at 8:35 AM, Muruganandam C
> <muruganandam.c at gmail.com <mailto:muruganandam.c at gmail.com>> wrote:
>
>     Hi All,
>
>     could you please let me know about application vulnerability
>     scanning tool.
>
>     Thanks
>     Muruganandam
>
>     _______________________________________________
>     The Web Security Mailing List
>
>     WebSecurity RSS Feed
>     http://www.webappsec.org/rss/websecurity.rss
>
>     Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>     WASC on Twitter
>     http://twitter.com/wascupdates
>
>     websecurity at lists.webappsec.org
>     <mailto:websecurity at lists.webappsec.org>
>     http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org <mailto:websecurity at lists.webappsec.org>
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20130607/003b4bb3/attachment-0003.html>


More information about the websecurity mailing list