|
|
Home : Framework Tools |
|
Framework Tools - Websleuth |
WebSleuth is an early Alpha release of what will be the first tool of the black-box testing toolkit,
and is built to help a user manually understand various
security issues of his / her system. It is not intended to
replace or compete with commercial tools, and there is
certainly no shiny red-button automating attacks. However it
is an investigative learning tool that with some patience and
knowledge, helps you to find and learn about issues you may
have in your web applications. It is written to allow people to code plug-ins for specific issues and this release has a form validation plug-in as a demonstration.
We currently have plug-ins for SQL Injection being developed by Chip Andrews from SQLSecurity.com, and Session ID prediction being developed by Dave Endler from iDefense.com
WebSleuth allows you to edit HTTP and HTML requests on the fly
in real-time.
The first releases implements many features including the
ability to test for:
Parameter Manipulation
Cookies
Form Fields
URL Query Strings
HTTP Headers (referrer etc)
Informational
Comments
Meta Tags
Input Validation
Cross Site Scripting
Client-Side Validation
|
WebSleuth Screenshot
Download
WebSleuth v1.10 Alpha:
Installer Package (1.9mb)
websleuth_installer.zip
*Download the Installer Package if you are installing for the first time or do not have
the Visual Basic DLLs.
WebSleuth v1.10 Alpha
.exe and source file (94k)
websleuth.zip
*Download the .exe if you are updating from a previous release.
|
WebSleuth is open source and is subject to the OWASP Software
license. It was written in Visual Basic to take advantage of
the MS Internet Explorer object avoiding the need for a reverse
proxy. The lead developer is David Zimmer who can be contacted at
dizzie@owasp.org.
As with any open source projects, we welcome your ideas, input
and improvements. Suggestions for features or to participate in
developing the tool, please email owasp@owasp.org
and dzzie@owasp.org.
If you are interested in sponsoring the further development of
this open source project, please contact owasp@owasp.org
|
|
|
|
|
|
|
|