WebFight v1.0 Beta - Automated Passive Web Analysis

32 views
Skip to first unread message

Magno Logan

unread,
Oct 21, 2011, 10:16:50 PM10/21/11
to Python Security
Source: http://www.vulnerabilitydatabase.com/2011/10/webfight-v1-0-beta-automated-web-passive-analysis/

I was on AppSec Latam 2011, and Wagner Elias released a tool named
WebFight. This tool uses a log parser of Burp and perform a series of
tests.

All requests and parameters to fuzz and data validation tests;
Show all files and javascriopt perform syntax analysis;
Show all flash files, disassembled and grep potential vulnerabilities;
Analyze all headers and do a fingerprint;
Validate security headers (CSP; HSTS, X-Frame-Options)
Create the CSRF PoC for all requests;
And much more … Make your module …
PDF: OWASP AppSec Latam 2011 Talk (Portuguese) -
https://code.google.com/p/webfight/downloads/detail?name=OWASP_AppSec_POA.pdf
Download WebFight v1.0 Beta - http://code.google.com/p/webfight/

Thank you Wagner Elias, from Conviso Security Labs.


Regards,

Magno Logan
OWASP Paraiba Chapter Leader
Reply all
Reply to author
Forward
0 new messages