sQuo Posted February 10, 2012 Share Posted February 10, 2012 This is the hidden content, please Sign In or Sign Up WebSlayer is a tool designed for bruteforcing Web Applications, it can be used for finding not linked resources (directories, servlets, scripts, etc), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and a easy and powerful results analyzer. The tool works with "payloads", and you must define where the payload must be inserted in the request. Once the payload is inserted the tool will generate all the request and then perform the attack. The results of the attacks will have a lot of information useful for the tester to sort the responses and make decisions. It was created to facilitate the task in Web Applications assessments, it's a tool by pentesters for pentesters ;) It's possible to perform attacks like: Predictable resource locator: it can find directories and scripts based on well known dictionaries, recursion supported Login forms brute force Session brute force Parameter brute force Parameter Injection (XSS, SQL, etc) Basic and Ntml Bruteforcing Some features are: Encodings: 15 encodings supported All parameters attack: the tool will inject the payload in every parameter Authentication: supports Ntml and Basic Multiple payloads: you can use 2 paylods in different parts Proxy support (authentication supported) For predictable resource location it has: Recursion, common extensions, non standard code detection Multiple filters for improving the performance and for producing cleaner results Live filters Threads Session export Integrated browser (webKit) Predefined dictionaries for predictable resource location, based on known servers (Thanks to Dark Raver, This is the hidden content, please Sign In or Sign Up ) How does it works? The tool is based on payloads, you choose where you want to bruteforce just by replacing the part of the URL or the POST by the keyword FUZZ. Features The power of Webslayer resides in the way you can work with the results, for every attack you will have all the responses, and for each ;request you will have: Html results Source code Headers And you will be able to filter an sort the results by: Return code Length Words Lines MD5 Regular expressions Also you can filter response with common errors in it (errors that we define), Webslayer will maintain all the attacks in the session so you can work with them, compare, check later, etc. This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Download ' First Beta version: This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Vlover Posted November 27, 2012 Share Posted November 27, 2012 Re: WebSlayer - The Web Bruteforcer nice software, and very helpful. Link to comment Share on other sites More sharing options...
Recommended Posts