CAT – Web Application Security Test & Assessment Tool


CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available both commercially and open source, but CAT provides a richer feature set and greater performance, combined with a more intuitive user interface.

There are a number of differences between CAT and currently available web proxies. They include:

  • CAT uses Internet Explorer’s rendering engine for accurate HTML representation
  • It supports many different types of text conversions including: URL, Base64, Hex, Unicode, HTML/XML, SQL and JavaScript no quotes
  • It offers integrated SQL Injection and XSS Detection
  • Synchronised Proxies for Authentication and Authorisation checking
  • Faster performance due to HTTP connection caching
  • SSL Version and Cipher checker using OpenSSL
  • Greater flexibility for importing/exporting logs and saving projects
  • Tabbed Interface allows for multiple tools at once e.g. multiple repeaters & different logs
  • The ability to repeat and modify a sequence of requests (particularly useful in SSO testing)
  • It’s free!

Do bear in mind that this is a free tool, but it is NOT Open Source. Also take a good look at the EULA before using it (especially Section 6).

You can download CAT Beta 4 here:

CAT_Beta_4.msi

Or read more here. (Thanks to reader Simon for the heads-up on this.)

Posted in: Hacking Tools, Secure Coding, Web Hacking

, , , , ,


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


One Response to CAT – Web Application Security Test & Assessment Tool

  1. NaodTEKLIE March 27, 2011 at 2:39 pm #

    it cooll truse me