BBQSQL is a SQL injection framework specifically
designed to be hyper fast, database agnostic, easy to setup, and easy to
modify. The tool is extremely effective at exploiting a particular type
of SQL injection flaw known as blind/semi-blind SQL injection. When doing
application security assessments we often uncover SQL vulnerabilities that are
difficult to exploit.
While current tools have an enormous amount of capability, when you can’t seem to get them to work you are out of luck. We frequently end up writing custom scripts to help aid in the tricky data extraction, but a lot of time is invested in developing, testing and debugging these scripts.
BBQSQL helps automate the process of exploiting tricky blind SQL injection. We developed a very easy UI to help you setup all the requirements for your particular vulnerability and provide real time configuration checking to make sure your data looks right. On top of being easy to use, it was designed using the event driven concurrency provided by Python’s gevent. This allows BBQSQL to run much faster than existing single/multithreaded applications.
Download: https://github.com
While current tools have an enormous amount of capability, when you can’t seem to get them to work you are out of luck. We frequently end up writing custom scripts to help aid in the tricky data extraction, but a lot of time is invested in developing, testing and debugging these scripts.
BBQSQL helps automate the process of exploiting tricky blind SQL injection. We developed a very easy UI to help you setup all the requirements for your particular vulnerability and provide real time configuration checking to make sure your data looks right. On top of being easy to use, it was designed using the event driven concurrency provided by Python’s gevent. This allows BBQSQL to run much faster than existing single/multithreaded applications.
Download: https://github.com
Blazer is a custom AMF messages
generator with fuzzing capabilities, developed as Burp Suite
plugin. It is designed and implemented to make AMF testing easy, and yet allows
researchers to control fully the entire security testing process. Using Blazer,
testing AMF-based applications is easier and more robust. As it is highly
integrated in a well-known testing suite, web security practitioners can start
to use the tool with minimal setup in few seconds.
Features
- Automatic Java objects generation from method signatures via Java reflection and "best-fit" heuristics
- Fuzzing capabilities, with customizable data pools and attack vectors
- Ability to start, pause, restore and stop testing
- Easy-to-use internal methods to construct custom AMF messages
- Embedded BeanShell for manual testing
- Highly integrated in Burp Suite
- Support for Java server-side remoting technologies
Download : http://code.google.com
Video demo usage : http://vimeo.com
Features
- Automatic Java objects generation from method signatures via Java reflection and "best-fit" heuristics
- Fuzzing capabilities, with customizable data pools and attack vectors
- Ability to start, pause, restore and stop testing
- Easy-to-use internal methods to construct custom AMF messages
- Embedded BeanShell for manual testing
- Highly integrated in Burp Suite
- Support for Java server-side remoting technologies
Download : http://code.google.com
Video demo usage : http://vimeo.com
Updates: AccessChk v5.1, Autoruns v.11.33, Coreinfo v3.05, Whois v1.1
AccessChk v5.1: This update to AccessChk, a command-line utility that shows the security settings and effective access on many object types, including registry keys and files, now reports Windows 8 claims and capabilities, shows the token of processes running as local system, lists security descriptor flags, and checks for remote interactive logon rights.
Autoruns v11.33: This fixes a bug that caused the run as administrator elevation to fail if Autoruns was started from a path with spaces.
Coreinfo v3.05: Coreinfo, a tool that shows CPU features, cache sizes, and topology, now correctly shows hyperthreading support on AMD multicore systems and lists processor features on Windows XP.
Whois v1.1: Whois is a command-line utility that looks up domain name registration information. This release fixes a bug that could cause an infinite loop and a command-line option, -v, that prints verbose information about domain registration referrals.
HTExploit - HiperText access Exploit
HTExploit Bypassing .htaccess Restrictions
HTExploit is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks:
- SQL Injection.
- Local File Inclusion
- Remote File Inclusion
- more...
Download: http://www.mkit.com.ar
BlackHat Slides: https://media.blackhat.com
HTExploit is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks:
- SQL Injection.
- Local File Inclusion
- Remote File Inclusion
- more...
Download: http://www.mkit.com.ar
BlackHat Slides: https://media.blackhat.com
Owasp Xelenium - XSS Scanner
Xelenium is a security testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses the open source functional test automation tool 'Selenium' as its engine and has been built using Java swing.
Xelenium has been designed considering that it should obtain very few inputs from users in the process of discovering the bugs.
Current version helps the user in identifying the Cross Site Scripting (XSS) threats present in the web application. In the subsequent versions, Xelenium will be enhanced such that it could identify the other leading threats.
Download: http://sourceforge.net/projects/xeleniumsecurit/
Metasploit v.4.4 Released
Metasploit 4.4 has had 101 modules added since Metasploit 4.3: 68 exploits, 22 auxiliary modules, 9 post modules, 1 payload, and 1 encoder.Metasploit Pro now features enhanced vulnerability verification, extended anti-virus evasion techniques for compromised hosts, and an array of back-end performance enhancements.
Notable new modules that have been added since Metasploit
4.3 include include modules for auditing CCTV systems, Windows PowerShell post
modules, fuzzed Citrix opcode exploits, a MySQL authentication bypass, a
Microsoft XML Core Services exploit, a Windows Group Policy Preference
password-gathering post module, a F5 BIG-IP known public key authenticator, and
many, many more.
In addition, Metasploit's Meterpreter has also seen
significant improvements with this release, with a new encrypted Java
Meterpreter, extended sniffing capabilities, and VC 2010 compatibility for
Windows Meterpreter.
Release Notes https://community.rapid7.com
Download: http://www.metasploit.com
The 2012 Web Application Scanner Benchmark has been Published!
Feeling your morning boredom reach its peak? need some juicy
stuff to spice things up?
Will a contest suffice?
How would you like to see a comparison that covers the vast majority of aspects of numerous web application scanners, and furthermore, even contains a price vs. feature comparison for all the products?
Well, it might just be your lucky day, since the 2012 benchmark was just published, and currently covers the following subjects:
· Price & Feature Comparison (New!)
· Scanner Versatility Score (New!)n
· Path Traversal/LFI Detection Accuracy (New! - 824 test cases!)m
· Remote File Inclusion Detection Accuracy (New! - 114 test cases!)
· SQL Injection Detection Accuracy - Updated
· Cross Site Scripting Detection Accuracy - Updated
· Audit Feature Comparison - Updated
· WIVET score for scanners with crawling features (New!)
· Scanner Adapatability, Authentication, and a variaty of other comparisons
· New Products!
· A step by step guide for how to select the best scanner for each task.
The benchmark can be accessed through the following address:
http://sectooladdict.blogspot.co.il
The benchmark statistics can be viewed in greater detail in sectoolmarket:
http://sectoolmarket.com
Will a contest suffice?
How would you like to see a comparison that covers the vast majority of aspects of numerous web application scanners, and furthermore, even contains a price vs. feature comparison for all the products?
Well, it might just be your lucky day, since the 2012 benchmark was just published, and currently covers the following subjects:
· Price & Feature Comparison (New!)
· Scanner Versatility Score (New!)n
· Path Traversal/LFI Detection Accuracy (New! - 824 test cases!)m
· Remote File Inclusion Detection Accuracy (New! - 114 test cases!)
· SQL Injection Detection Accuracy - Updated
· Cross Site Scripting Detection Accuracy - Updated
· Audit Feature Comparison - Updated
· WIVET score for scanners with crawling features (New!)
· Scanner Adapatability, Authentication, and a variaty of other comparisons
· New Products!
· A step by step guide for how to select the best scanner for each task.
The benchmark can be accessed through the following address:
http://sectooladdict.blogspot.co.il
The benchmark statistics can be viewed in greater detail in sectoolmarket:
http://sectoolmarket.com
WS-Attacker v.1.1 Released
A Modular Framework for Web Services Penetration Testing
WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.
Added XML Signature Wrapping Plugin:
- Technique for automatically attacking XML Signature protected Web Services
- Just set the endpoint and follow the instructions on the Plugin Config screen
Framework Changes:
- Options Window is now Scrollable
- Some minor changes.
Download: http://sourceforge.net
WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.
Added XML Signature Wrapping Plugin:
- Technique for automatically attacking XML Signature protected Web Services
- Just set the endpoint and follow the instructions on the Plugin Config screen
Framework Changes:
- Options Window is now Scrollable
- Some minor changes.
Download: http://sourceforge.net
Microsoft Updates: Autoruns v11.32, Process Explorer v15.21,
Process Monitor v3.02, PSKill v1.15 and RAMMap v1.2
Autoruns v11.32: This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected.
Process Explorer v15.21: This update fixes a bug related to the autostart functionality introduced in v15.2, a tooltip display bug, and a bug that prevented display of kernel stacks.
Process Monitor v3.02: This release fixes an external logging issue that prevented certain registry paths from display correctly when run with App-V and fixes a bug in the save logic.
PsKill v1.15: This fixes a bug in the remote kill functionality introduced by the v1.14 update.
RAMMap v1.2:
This release to RAMMap, a utility that displays a detailed map of a system’s physical memory usage, now supports systems with more than 16GB of RAM, Windows 8, and includes keyboard navigation improvements.
Web Application Penetration testing with Google Chrome
Browser
Just found
some interesting and useful extensions that can help many of us when we are
doing an penetration test...
XSS Rays
Complete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects.
XSS Rays is a security tool to help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.
Google Hack Data Base
Google Hack Data Base - application to work with GHDB.
Google Hack Data Base - application to work with GHDB. Choose a category and click on the necessary query. To find description vulnerability, click "Search on www.exploit-db.com". Application provides possibility to search vulnerabilities on the specified site. Just click on the search button and enter the site name. This application allows a better understanding of the basis web security.
Websecurify Scanner
Websecurify is a powerful cross-platform web security testing technology designed from the ground up with simplicity in mind.
Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.Websecurify saves you time and money by automating a tiresome and very technical process used by experts to find scary security vulnerabilities.
HPP Finder
Detect potential HPP attack vectors.
HTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.
Form Fuzzer
HTML form fuzz tester.
This is a fuzz testing, utility created to assist in populating web forms with some random data.
Site Spider
Website Crawler
Use this extension to spider a website looking for dead links. One can restrict the spidering to a directory, a domain, or any other regular expression. The spider can also follow one link beyond this restriction, allowing one to find broken external links.
XSS ChEF
Chrome Extension Exploitation Framework
This is a Chrome Extension Exploitation Framework - think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation.
Updates: Autoruns v 11.3, LiveKd v 5.2 and Strings v 2.5
XSS Rays
Complete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects.
XSS Rays is a security tool to help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.
Google Hack Data Base
Google Hack Data Base - application to work with GHDB.
Google Hack Data Base - application to work with GHDB. Choose a category and click on the necessary query. To find description vulnerability, click "Search on www.exploit-db.com". Application provides possibility to search vulnerabilities on the specified site. Just click on the search button and enter the site name. This application allows a better understanding of the basis web security.
Websecurify Scanner
Websecurify is a powerful cross-platform web security testing technology designed from the ground up with simplicity in mind.
Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.Websecurify saves you time and money by automating a tiresome and very technical process used by experts to find scary security vulnerabilities.
HPP Finder
Detect potential HPP attack vectors.
HTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.
Form Fuzzer
HTML form fuzz tester.
This is a fuzz testing, utility created to assist in populating web forms with some random data.
Site Spider
Website Crawler
Use this extension to spider a website looking for dead links. One can restrict the spidering to a directory, a domain, or any other regular expression. The spider can also follow one link beyond this restriction, allowing one to find broken external links.
XSS ChEF
Chrome Extension Exploitation Framework
This is a Chrome Extension Exploitation Framework - think BeEF for Chrome extensions. Whenever you encounter a XSS vulnerability in Chrome extension, ChEF will ease the exploitation.
Updates: Autoruns v 11.3, LiveKd v 5.2 and Strings v 2.5
Autoruns v11.3: This update to Autoruns, a utility that shows the executables, drivers,
and DLLs configured to autostart, adds several new autostart locations, sets a
file association for its log file extension, reports the target of Rundll32 and
other host executables, and fixes several bugs.
LiveKd v5.2: LiveKd, a command-line utility for performing live read-only debugging of the local system and virtual machines, now includes an option that has it generate a fully-consistent kernel dump file of a running system.
LiveKd v5.2: LiveKd, a command-line utility for performing live read-only debugging of the local system and virtual machines, now includes an option that has it generate a fully-consistent kernel dump file of a running system.
Strings v2.5: Strings, a command-line utility that dumps a file’s printable UNICODE
and ASCII strings, adds an option to specify the starting offset in the file
from where it will scan for strings.
WebVulScan - Web Application Vulnerability Scanner
WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.
After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.
The vulnerabilities tested by WebVulScan are:
- Reflected Cross-Site Scripting
- Stored Cross-Site Scripting
- Standard SQL Injection
- Broken Authentication using SQL Injection
- Autocomplete Enabled on Password Fields
- Potentially Insecure Direct Object References
- Directory Listing Enabled
- HTTP Banner Disclosure
- SSL Certificate not Trusted
- Unvalidated Redirects
Features:
- Crawler: Crawls a website to identify and display all URLs belonging to the website.
- Scanner: Crawls a website and scans all URLs found for vulnerabilities.
- Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
- Register: Allows a user to register with the web application.
- Login: Allows a user to login to the web application.
- Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
- PDF Generation: Dynamically generates a detailed PDF report.
- Report Delivery: The PDF report is emailed to the user as an attachment.
Download: http://code.google.com
PS: installed and tested it on XAMPP,works fine :)
PS: installed and tested it on XAMPP,works fine :)
sqlcake v.1.1 Released
Automatic SQL injection and database information gathering
tool.
Automatic dump database & interactive sql shell tool dumps the current database structure including tables and columns and turns into an interactive mysql prompt with extra features
- sqlcake is an automatic SQL injection exploitation kit written in Ruby. It's designed for system administration and penetration testing.
- sqlcake offers a few useful functions to gather database information easily by sql injection usage.
- sqlcake also allows you to bypass magic quotes, dump tables and columns and gives you the possibility to run an interactive MySQL shell.
- sqlcake supports union stacked queries for real fast processing and blind injections with logarithmic techniques for saving time.
Download: http://sourceforge.net
Automatic dump database & interactive sql shell tool dumps the current database structure including tables and columns and turns into an interactive mysql prompt with extra features
- sqlcake is an automatic SQL injection exploitation kit written in Ruby. It's designed for system administration and penetration testing.
- sqlcake offers a few useful functions to gather database information easily by sql injection usage.
- sqlcake also allows you to bypass magic quotes, dump tables and columns and gives you the possibility to run an interactive MySQL shell.
- sqlcake supports union stacked queries for real fast processing and blind injections with logarithmic techniques for saving time.
Download: http://sourceforge.net
SQLSentinel v.0.1
OpenSource tool for sql injection security testing
SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and
SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.
Download: http://sourceforge.net
SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and
SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.
Download: http://sourceforge.net
Updates: NotMyFault, Process Monitor v3.01 and TestLimit v 5.2
NotMyFault: Notmyfault is a tool used in the Windows Internals books to show how
common device driver bugs affect a system. This update includes numerous
enhancements contributed by Dan Pearson, including new crash types, a revamped
user interface, and it reports of the amount of pool it has leaked.
Process Monitor v3.01: This update to Process Monitor, a real-time file, registry, process and network monitor, adds decoding of several new Windows 8 file system control codes, including offload read and write, and now obtains image version information for 32-bit DLLs when run on 64-bit Windows.
TestLimit v5.2: Testlimit, a demonstration tool used in the Windows Internals books to illustrate resource usage concepts, has minor enhancements including filling memory that it allocates with an identifiable string.
source: http://blogs.technet.com
Process Monitor v3.01: This update to Process Monitor, a real-time file, registry, process and network monitor, adds decoding of several new Windows 8 file system control codes, including offload read and write, and now obtains image version information for 32-bit DLLs when run on 64-bit Windows.
TestLimit v5.2: Testlimit, a demonstration tool used in the Windows Internals books to illustrate resource usage concepts, has minor enhancements including filling memory that it allocates with an identifiable string.
source: http://blogs.technet.com
RAFT - Response Analysis and Further Testing Tool
RAFT is a testing tool for the identification of
vulnerabilities in web applications.RAFT is a suite of tools that utilize
common shared elements to make testing and analysis easier.The tool provides visibility
in to areas that other tools do not such as various client side storage.
RAFT is written in Python and PyQT. This is done so that the application can be multiplatform.
Requires Python 2.6.5 and above. Python 3 is not supported.
RAFT is written in Python and PyQT. This is done so that the application can be multiplatform.
Requires Python 2.6.5 and above. Python 3 is not supported.
lxml
PyQT
QScintilla
Download
and more info: http://code.google.com/p/raft
Blackbox DOM-based XSS Scanner
Introduction:
Ra.2 - Blackbox DOM-based XSS Scanner is our approach towards finding a solution to the problem of detecting DOM-based Cross-Site Scripting vulnerabilities in Web-Application automatically, effectively and fast. Ra.2 is basically a lighweight Mozilla Firefox Add-on that uses a very simple yet effective and unique approach to detect most DOM-based XSS vulnerabilities, if not all.
Being a browser-add on it is a session-aware tool which can scan a web-application that requires authentication. Ra.2 uses custom collected list of XSS vectors which has been heavily modified to be compatible with its scanning technology. The add-on also implements basic browser intrumentation to simulate a human interaction to trigger some hard to detect DOM-based XSS conditions.
Download: http://code.google.com
Ra.2 - Blackbox DOM-based XSS Scanner is our approach towards finding a solution to the problem of detecting DOM-based Cross-Site Scripting vulnerabilities in Web-Application automatically, effectively and fast. Ra.2 is basically a lighweight Mozilla Firefox Add-on that uses a very simple yet effective and unique approach to detect most DOM-based XSS vulnerabilities, if not all.
Being a browser-add on it is a session-aware tool which can scan a web-application that requires authentication. Ra.2 uses custom collected list of XSS vectors which has been heavily modified to be compatible with its scanning technology. The add-on also implements basic browser intrumentation to simulate a human interaction to trigger some hard to detect DOM-based XSS conditions.
Download: http://code.google.com
Enema v.1.6 SQL Injection Tool Released
Enema is not autohacking software. This is dynamic tool for
people, who knows what to do.Not supported old database versions (e. g. mysql
4.x). Development targeted to modern versions.
- Features:
1.
Multi-platform.
2.
User-friendly
graphical interface.
3.
Multithreaded.
4.
Dump.
5.
Customise
your queries
6.
Plugins
to automate attacks
- Supported for today:
1.
POST,
GET, Cookies
2.
MSSQL
>=2000 and MySQL>=5.0
- Injection methods supported:
1.
Error
based injection.
2.
Union
based injection (using subquery).
3.
Blind
Time-based MSSQL(waitfor), MySQL(sleep)
Download: http://code.google.com
Video Demo: http://code.google.com/p/enema/wiki/Video
OWASP iGoat v1.2 Released
iGoat is a learning tool for iOS developers
(iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar
conceptual flow to it.
As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.
The lessons are laid out in the following steps:
1 - Brief introduction to the problem.
2 - Verify the problem by exploiting it.
3 - Brief description of available remediations to the problem.
4 - Fix the problem by correcting and rebuilding the iGoat program.
Step 4 is optional, but highly recommended for all iOS developers.
Download: http://code.google.com
As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.
The lessons are laid out in the following steps:
1 - Brief introduction to the problem.
2 - Verify the problem by exploiting it.
3 - Brief description of available remediations to the problem.
4 - Fix the problem by correcting and rebuilding the iGoat program.
Step 4 is optional, but highly recommended for all iOS developers.
Download: http://code.google.com
Ultimate Obsolete File Detection - An OWASP ZAP Plugin for Advanced Resource Detection
During a
penetration test, testers often need to combine dictionary attacks (via
tools such as Dirbuster), crawling tools (in order to get the list of
application files) and obsolete file detection features (such as scanner
plug-ins) in order to efficiently detect obsolete & hidden files... resulting
a time consuming process which isn't as comprehensive as it should be.
That's the
issue that ZAP UOFD plug-in attempts to resolve (don't try and pronounce it,
for your own good).
OWASP ZAP proxy can serve as a great framework
for hidden file detection, since learns the structure of the application entry
points (as long as it used during the penetration test), and since Dirbuster is
already built inside... and now the missing component is available as well - a
great obsolete/hidden file detection plug-in.The first out of three OWASP ZAP
plug-ins which will be released by Hacktics
this year (Ernst & Young ASC) -This plug-in uses ZAP's built-in Dirbuster engine to locate obsolete/hidden files, while relying on
Dirbuster's improved entry point identification features.The plug-in is
imported as an active scan plugin, and supports the following obsolete / hidden
file detection methods:
- Customizable extensions - a predefined list of customizable
extensions which are tested on each file in ZAP's URL tree (both append to the original extension and replace the original extension).
- Prefixes & Suffixes - append customizable prefixes & suffixes to the
filename (prior to the extension), including incremental digits and customizable
strings.
- Intelligent structure detection - an intelligent numeric structure detection & increment pattern, used to locate
hidden files with incremental names.
- Test method unification - after performing each test
individually, the plugin-in combines the methods and performs the different
tests on the potential URLs generated by the different tests (for example,
adding an incremental suffix to a potential obsolete extension).
-Configuration - a customizable list of extension
to ignore, timeout support and other restrictions.
Download: http://code.google.com/p/zap-extensions
No comments:
Post a Comment