WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injection, Cross site scripting (XSS), Brute force for login forms, identification of firewall-filtered rules, DOS Attacks and WEB Proxy to analyze, intercept and manipulate the traffic between your browser and the target web application.
WEB Bruteforcer is a brute forcer for files and directories within the web application which helps to identify the hidden structure. It is also multi-threaded and completely parametrable for timing settings (Timeout, Threading, Max Data Size, Retries) and rules (Headers, Base Dir, Brute force Dirs/Files, Recursive, File’s Extension, Send GET/HEAD, Follow Redirects, Process Cookies and List generator configuration).
By default, it will brute force from root / base dir recursively for both files and directories. It sends both HEAD and GET requests when it needs it (HEAD to identify if the file/dir exists and then GET to retrieve the full response).
WEB Fuzzer is a more advanced tool to create a number of requests based on one initial request. Fuzzer has no limits and can be used to exploit known vulnerabilities such (blind) SQL Inections and more unsual ways such identifing improper input handling, firewall/filtering rules, DOS Attacks.
A simple WEB Editor to send individual requests. It also contains a HEX Editor for more advanced requests.
WEB Proxy is a proxy server running locally and will allow you to analyze, intercept and manipulate HTTP/HTTPS requests coming from your browser or other application which support proxies.
You can download WebSurgery here:
Or read more here.
- SamuraiWTF 3.x And Onwards – Web Testing Framework Linux LiveCD
- Watcher – Passive Web Application Vulnerability Scanner
- Pentoo – Gentoo Based Penetration Testing Linux LiveCD
- Burp Suite Free Edition v1.4 – Web Application Security Testing Tool
- Appie – Portable Android Security Testing Suite
- Paros Proxy 3.2.10 Released – MITM HTTP and HTTPS Proxy
Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,902,558 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,130,212 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 639,694 views