IronWASP: Web Application penetration testing tools – Penetration Testing in Linux

IronWASP — excellent web application advanced security testing platform. It is an open source for testing Web application vulnerabilities. This tool is very simple to use, but if you have python or ruby programming knowledge, you can create custom scanning plugin for IronWASP.
Another big advantage of this tool is that it uses a variety of external libraries, to make it more powerful, including what external libraries:
+ FiddleCore
+ IronPython
+ IronRuby
+ Jint
+ System.Data.SQLite
+ Html Agility Pack
+ ICSharpCode.TextEditor
+ Json.NET
+ Diffplex
+ jsbeautifylib
+ Diff.cs
You can download IronWASP here.

After the download is installed, open the folder IronWASP application, the folder also comes with a demo application, the tool can be used to have a preliminary understanding. Open IronWASP folder DemoAPP, began to set the port, after set up, click “Start server” button, and how the local host IP in the browser: port number, you can view the demo application in the browser.

The tool has two different scan modes. This tool has a valid crawlers, after that it scan all link on target for detecting vulnerability.

Click “start scan” button, the tool will begin to crawl the site, and targeted sites to find loopholes. Once detected, Vulnerability, depending on the impact, divided into high, medium and low grade

Another feature of this tool is that you can disable or start the plug Scan Settings tab, and disable or enable the right-click on the plug-in can be enabled and disabled

The tool also has a feature that it has a python and ruby shell scripting language support, users can write their own fuzz testing tools, Create a custom scan request, the log analysis. In this tool, there are two types of plug-ins, one is passive, the other one is referred to you as plug-ins. Usually this plug passive tool for analysis and modification, in order to find loopholes, such as scanning for sql injection and cross-site scripting vulnerability. Also has its own plug-in session, according to the types of sites we scan to use because the site will always be some changes, these changes are not automatically Scanner Capture, penetration testers can test positive by other plug-ins can be manually edited.

Javascript static analysis

JavaScript Static analysis can be used to find DOM-based XSS. The tool also has other tools, such as an encoder/decoder.

The post IronWASP: Web Application penetration testing tools appeared first on Penetration Testing in Linux.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s