OWASP/Training/OWASP Webslayer Project

Revision as of 08:21, 23 November 2010 by Sandra Paiva (talk | contribs) (Created page with '{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude> | Module_designation = OWASP Webslayer Project | M…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Overview & Goal
WebSlayer is a tool designed for bruteforcing Web Applications, it can be used for finding not linked resources (directories, servlets, scripts, etc), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc.

The tools have a payload generator and a easy and powerful results analyzer.

Contents Materials

Some features are:

  • Encodings: 15 encodings supported
  • All parameters attack: the tool will inject the payload in every parameter (Headers, Get, Post)
  • Authentication: Webslayer supports Ntml and Basic authentication, also you can brute force the authentication
  • Multiple payloads: you can use 2 paylods in different parts
  • Proxy support (authentication supported)
  • Live filters: You can change the filters as the attack is taking place
  • Multiple threads: You can set how many threads to use in the attack
  • Session import/export: Allows you to save the session and to continue working with the results
  • Integrated web browser: a full fledge webkit browser is included to analyze the results
  • Predefined dictionaries for predictable resource location, based on known servers (Thanks to Dark Raver, www.open-labs.org)
  • Payload Generator (custom payload generator)