Adapt - Tool That Performs Automated Penetration Testing For Webapps
ADAPT is a tool that performs Automated Dynamic Application Penetration Testing for spider web applications. It is designed to growth accuracy, speed, too confidence inward penetration testing efforts. ADAPT automatically tests for multiple manufacture measure OWASP Top 10 vulnerabilities, too outputs categorized findings based on these potential vulnerabilities. ADAPT also uses the functionality from OWASP ZAP to perform automated active too passive scans, too auto-spidering. Due to the flexible nature of the ADAPT tool, all of theses features too tests tin endure enabled or disabled from the configuration file. For to a greater extent than information on tests too configuration, delight view the ADAPT wiki.
How it Works
ADAPT uses Python to practise an automated framework to utilization manufacture measure tools, such every bit OWASP ZAP too Nmap, to perform repeatable, well-designed procedures alongside anticipated results to practise an easly understandable written report listing vulnerabilities detected inside the spider web application.
Automated Tests:
* OTG-IDENT-004 – Account Enumeration * OTG-AUTHN-001 - Testing for Credentials Transported over an Encrypted Channel * OTG-AUTHN-002 – Default Credentials * OTG-AUTHN-003 - Testing for Weak lock out machinery * OTG-AUTHZ-001 – Directory Traversal * OTG-CONFIG-002 - Test Application Platform Configuration * OTG-CONFIG-006 – Test HTTP Methods * OTG-CRYPST-001 - Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection * OTG-CRYPST-002 - Testing for Padding Oracle * OTG-ERR-001 - Testing for Error Code * OTG-ERR-002 – Testing for Stack Traces * OTG-INFO-002 – Fingerprinting the Webserver * OTG-INPVAL-001 - Testing for Reflected Cross site scripting * OTG-INPVAL-002 - Testing for Stored Cross site scripting * OTG-INPVAL-003 – HTTP Verb Tampering * OTG-SESS-001 - Testing for Session Management Schema * OTG-SESS-002 – Cookie AttributesInstalling the Plugin
