[WebSurgery] Web application security testing suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools (Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting Filters, List Generator, External Proxy).

Main Tools

Crawler

• High Performance Multi-Threading and Completely Parameterized Crawler
• Extracts Links from HTML / CSS / JavaScript / AJAX / XHR
• Hidden Structure Identification with Embedded Bruteforcer
• Parameterized Timing Settings (Timeout, Threading, Max Data Size, Retries)
• Parameterized Limit Rules (Case Sensitive, Process Above / Below, Dir Depth, Max Same File / Script Parameters / Form Action File)
• Parameterized Extra Rules (Fetch Indexes / Sitemaps, Submit Forms, Custom Headers)
• Supports Advanced Filters with Scripting & Regular Expressions (Process, Exclude, Page Not Found, Search Filters)

Bruteforcer

• High Performance Multi-Threading Bruteforcer for Hidden Structure (Files / Directories)
• Parameterized Timing Settings (Timeout, Threading, Max Data Size, Retries)
• Parameterized Rules (Base Dir, Bruteforce Dirs / Files, Recursive, File Extension, Custom Headers)
• Parameterized Advanced Rules (Send GET / HEAD, Follow Redirects, Process Cookies)
• Supports Advanced Filters with Scripting & Regular Expressions (Page Not Found, Search Filters)
• Supports List Generator with Advanced Rules

Fuzzer

• High Performance Multi-Threading Fuzzer Generates Requests based on Initial Request Template
• Exploitation for (Blind) SQL Injections, Cross Site Scripting (XSS), Denial of Service (DOS), Bruteforce for Username / Password Authentication Login Forms
• Identification of Improper Input Handling and Firewall / Filtering Rules
• Parameterized Timing Settings (Timeout, Threading, Max Data Size, Retries)
• Parameterized Advanced Rules (Follow Redirects, Process Cookies)
• Supports Advanced Filters with Scripting & Regular Expressions (Stop / Reset Level, Search Filters)
• Supports List Generator with Advanced Rules
• Supports Multiple Lists with Different Levels

Proxy

• Proxy Server to Analyze, Intercept and Manipulate Traffic
• Parameterized Listening Interface IP Address & Port Number
• Supports Advanced Filters with Scripting & Regular Expressions (Process, Intercept, Match-Replace, Search Filters)

Editor

• Advanced ASCII / HEX Editor to Manipulate Individual Requests
• Parameterized Timing Settings (Timeout, Max Data Size, Retries)
• Automatically Fix Request (Content-Length, New Lines at End)

Extra Tools

Scripting Filters

• Advanced Scripting Filters to Filter Specific Requests / Responses
• Main Variables (url, proto, hostport, host, port, pathquery, path, query, file, ext)
• Request Variables (size, hsize, dsize, data, hdata, ddata, method, hasparams, isform)
• Response Variables (size, hsize, dsize, data, hdata, ddata, status, hasform)
• Operators =, !=, ~, !~, >=, <=, >, <
• Conjunctions &, |
• Supports Reverse Filters and Parenthesis

List Generator

• List Generator for Different List Types (File, Charset, Numbers, Dates, IP Addresses, Custom)
• Parameterized Rules (Prefix, Suffix, Case, Reverse, Fixed-Length, Match-Replace)
• Parameterized Crypto / Hash Rules (URL, URL All, HTML, BASE-64, ASCII, HEX, MD5, SHA-512)

External Proxy

• External Proxy Redirects Traffic to Another Proxy
• Supports Non-Authenticated Proxies (HTTP, SOCKS4, SOCKS5)
• Supports Authenticated Proxies (HTTP Basic, SOCKS5 Username/Password)
• Supports DNS Lookups at Proxy Side

          

Download WebSurgery