[WEB SECURITY] Need a Opensource tool for application scanning

firebits mrpa.security at gmail.com
Fri Jun 7 15:21:28 EDT 2013


My fork skyfallsec

https://bitbucket.org/skyfallsec

Slides

http://www.slideshare.net/firebits/skyfall-b-sidesc00led5sp2013

@firebitsbr


2013/6/7 Andreas Schmidt <webappsec at siberas.de>

>  Hi,
>
> you may also want to try WATOBO - THE Web Application Toolbox.
>
> WATOBO is a security tool for web applications. It is intended to enable
> security professionals to perform efficient (semi-automated) web
> application security audits.
>
> Most important features:
> * WATOBO has Session Management capabilities! You can define login scripts
> as well as logout signatures. So you don’t have to login manually each time
> you get logged out.
> * WATOB can act as a transparent proxy (requires nfqueue)
> * WATOBO can perform vulnerability checks out of the box
> * WATOBO can perform checks on functions which are protected by
> Anti-CSRF-/One-Time-Tokens
> * WATOBO supports Inline De-/Encoding, so you don’t have to copy strings
> to a transcoder and back again. Just do it inside the request/response
> window with a simple mouse click.
> * WATOBO has smart filter functions, so you can find and navigate to the
> most interesting parts of the application easily.
> * WATOBO is written in (FX)Ruby and enables you to easily define your own
> checks
> * WATOBO runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby
> * WATOBO is free software ( licensed under the GNU General Public License
> Version 2)
>
> Check out the online documentation and video tutorials at
> http://watobo.sourceforge.net
>
> regards,
>
> andy (author of watobo ;)
>
> Am 25.05.2013 00:13, schrieb Rohit Pitke:
>
>  Additionally, you can use Ratproxy and skipfish.
> If you are concerned about individual vulnerabilities, I would suggest
> sqlmap (for SQL injection), XSSRay (for XSS), Nikto (Directory Access)
>
>   ------------------------------
>  *From:* Seba <seba at owasp.org> <seba at owasp.org>
> *To:* Muruganandam C <muruganandam.c at gmail.com> <muruganandam.c at gmail.com>
> *Cc:* webappsec at securityfocus.com; pen-test at securityfocus.com; web
> security <websecurity at webappsec.org> <websecurity at webappsec.org>
> *Sent:* Wednesday, May 22, 2013 11:48 PM
> *Subject:* Re: [WEB SECURITY] Need a Opensource tool for application
> scanning
>
>  Hi Muruganandam,
>
>  OWASP Zed Attack Proxy Project is the perfect tool for you.
> It has automated scanners as well as a set of tools that allow you to find
> security vulnerabilities manually.
>
>  more info & download on
> https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
>
>  regards
>
>  Seba
>
>
>
> On Thu, May 23, 2013 at 8:35 AM, Muruganandam C <muruganandam.c at gmail.com>wrote:
>
> Hi All,
>
> could you please let me know about application vulnerability scanning tool.
>
> Thanks
> Muruganandam
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feedhttp://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitterhttp://twitter.com/wascupdates
> websecurity at lists.webappsec.orghttp://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20130607/5484ef6a/attachment-0003.html>


More information about the websecurity mailing list