WebFight v1.0 Beta - Automated Passive Web Analysis

Skip to first unread message

Magno Logan

Oct 21, 2011, 10:16:50 PM10/21/11
to Python Security
Source: http://www.vulnerabilitydatabase.com/2011/10/webfight-v1-0-beta-automated-web-passive-analysis/

I was on AppSec Latam 2011, and Wagner Elias released a tool named
WebFight. This tool uses a log parser of Burp and perform a series of

All requests and parameters to fuzz and data validation tests;
Show all files and javascriopt perform syntax analysis;
Show all flash files, disassembled and grep potential vulnerabilities;
Analyze all headers and do a fingerprint;
Validate security headers (CSP; HSTS, X-Frame-Options)
Create the CSRF PoC for all requests;
And much more … Make your module …
PDF: OWASP AppSec Latam 2011 Talk (Portuguese) -
Download WebFight v1.0 Beta - http://code.google.com/p/webfight/

Thank you Wagner Elias, from Conviso Security Labs.


Magno Logan
OWASP Paraiba Chapter Leader
Reply all
Reply to author
0 new messages