Deutsche Version (DE_DE)
English version (EN_US)
PenTestToolset in Detail
The Web Security Toolset is a powerful set of tools that can be used to audit any web application. The main intent of developing this toolkit was to provide the network security administrators with a comprehensive set of Web Application Security Tools.
It currently consists of thirteen tools:
Tools detailed:
Web Fuzzer
The Web Fuzzer is a powerful tool that attempts to discover security vulnerabilities by sending random input to a web application. If the program contains a vulnerability that can lead to an exception, crash or server error (in the case of web apps), it can be determined that a vulnerability has been discovered. Fuzzers are often termed Fault Injectors for this reason, they generate faults and send them to an application. Generally fuzzers are good at finding buffer overflow, DoS, SQL Injection, XSS, and Format String bugs.
Injection Browser
The Injection Browser is a tool to aid in testing for Cross-Site Scripting while using the integrated browsing tool. You just need to surf your web application and the Injection Browser will send several attacks strings to every found form.
MD5 Searcher
The MD5 Searcher is a search interface for several online MD5 hash databases. Usually most of the used passwords or usernames which are encrypted with MD5, were already reverse engineered and stored on several online databases. Figure out how weak your encrypted username or password might be or if it has been already reverse engineered.
Authentication Tester
The Authentication Tester is used for a dictionary attack against your web application. The Authentication Tester is compatible to basic and form-based authentication. At this stage we support more then 100*3000 password combinations. Figure out how weak your username or password might be.
Database Extractor
The Database Extractor is a very powerful automated database data extraction tool where you can make manual tests to test further a website for SQL injections. The tool is also be able to enumerate databases, tables, dump data and also read specific files on the file system of the web
server if a SQL injection is found.
Webserver Information Catcher
The Webserver Information Catcher will display the response header of the server and the web server software. Therefore in can be used to enumerate webserver information.
HTTP Proxy / Sniffer
The HTTP Proxy / Sniffer acts as a proxy and allows you to capture, examine and modify HTTP traffic between an HTTP client and a web server. You can also enable, add or edit traps to trap traffic before it is sent to the web server or back to the web client.
Custom Request
The Custom Request Tool allows you to create custom HTTP requests and debug HTTP requests and responses. The tool is compatible to basic and cookie based authentication.
String Encoder
The String Encoder Tool is a tool that performs en- and decoding of text and url's. It simply takes the input as a byte array or as a text and transforms it to another format, which can be also a byte array or a text. The Encoder Tool is shipped with an implementation of some common encoding algorithms like MD5, Percentage, UTF8 Percentage, Ampercent, Escape etc..
Regular Expression Tester
Regular Expression Tester offers developers functions for testing their regular expressions. The tool includes options like case sensitive, global and multiline search, color highlighting of found expressions and of special characters, a replacement function incl. back references, auto-closing of brackets, testing while writing and saving and managing of expressions.
Subdomain Scanner
The Subdomain Scanner allows fast and easy identification of active Sub domains in a DNS zone using various techniques and guessing of common
sub domain names. The Subdomain Scanner can be configured to use the target’s DNS server, or one specified by the user for flexibility
Webserver Finder
The Webserver Finder is a port scanner that allows you to locate open web server ports (port 80, 443) within a given range of IP addresses. If a web server is found to be running, the scanner will also display the response header of the server and the web server software. The port numbers to scan for are configurable.
Port Scanner
The Port Scanner is a simple and easy to use TCP security port scanner to analyze complete IP-ranges and any hosts with all of the different services started on them.
