[ad]<\/p>\n
Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.<\/p>\n
You may remember back in March 2008 we published about Webshag 1.00 being released<\/a>. Now Webshag 1.10 has been released! This new version provides several feature enhancements as well as some bug-fixes.<\/p>\n Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).<\/p>\n It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames (in addition to common list-based fuzzing).<\/p>\n Webshag URL scanner and file fuzzer are aimed at reducing the number of false positives and thus producing cleaner result sets. For this purpose, webshag implements a web page fingerprinting mechanism resistant to content changes. This fingerprinting mechanism is then used in a false positive removal algorithm specially aimed at dealing with “soft 404” server responses. <\/p>\n Requirements<\/strong><\/p>\n To be fully functional, Webshag requires the following elements:<\/p>\n Just like the previous version, Webshag 1.10 is freely available (GPL license) for Linux and Windows platforms.<\/p>\n You can download Webshag 1.10 here:<\/p>\n Linux – ws110.tar.gz<\/a> <\/p>\n\n
\nWindows – ws110.zip<\/a>
\nWindows (installer) – ws110_win32installer.zip<\/a>
\nUser Manual (EN) – ws110_manual.pdf<\/a><\/p>\n