WATOBO – The Web Application Security Auditing Toolbox

The New Acunetix V12 Engine


WATOBO – The Web Application Security Auditing Toolbox – is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits.

It is capable of passive as well as active scanning and this latest is its real value added. It enables to automatize the discovery of common vulnerabilities (XSS, LFI, SQL injections etc) in web applications.

WATOBO - The Web Application Security Auditing Toolbox

WATOBO works like a local proxy, similar to ZAP, Paros or Burp Suite but in Ruby, when the rest are pretty much in JAVA.

Features

  • WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
  • WATOB can act as an transparent proxy
  • WATOBO has anti-CSRF features
  • WATOBO can perform vulnerability checks out of the box.
  • WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
  • WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
  • WATOBO is written in (FX)Ruby and enables you to easiely define your own checks
  • WATOBO is free software ( licensed under the GNU General Public License Version 2)

Scanning/Active Checks


During a scan all selected active modules will be used to test the one or more chats (chat = request/response pair). The total amount of resulting requests is hard to predict because in most cases it depends on the number of parameters and the module itself. Here’s the list of the currently available active checks:

  • Server-Status page
  • Directory Walker
  • FileExtensions
  • HTTP Methods
  • Lotus Domino DB Enumeration
  • .NET Custom Error
  • .NET Files
  • Local File Inclusion
  • Crossdomain Policy
  • Basic JBoss enumeration
  • SAP ITS: Default Commands
  • SAP ITS: Default Services
  • SAP ITS: Service Parameters
  • SAP ITS: XSS
  • Siebel Applications
  • Error-based SQL-Injection
  • Time-based SQL Injection
  • Boolean SQL-Injection
  • Numerical SQL-Injection
  • XML-XXE
  • NextGeneration Cross Site Scripting Checks
  • Simple Cross Site Scripting Checks

You can download WATOBO 0.9.20 gem here:

watobo-0.9.20.gem

Or read more here.

Posted in: Hacking Tools, Web Hacking

, , , , , ,


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


Comments are closed.