{"id":3057,"date":"2015-06-30T19:46:53","date_gmt":"2015-06-30T11:46:53","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3057"},"modified":"2015-09-09T19:36:35","modified_gmt":"2015-09-09T11:36:35","slug":"watobo-the-web-application-security-auditing-toolbox","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/06\/watobo-the-web-application-security-auditing-toolbox\/","title":{"rendered":"WATOBO &#8211; The Web Application Security Auditing Toolbox"},"content":{"rendered":"<p>WATOBO &#8211; The Web Application Security Auditing Toolbox &#8211; is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits.<\/p>\n<p>It is capable of passive as well as active scanning and this latest is its real value added. It enables to automatize the discovery of common vulnerabilities (XSS, LFI, SQL injections etc) in web applications.<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/farm4.staticflickr.com\/3856\/18671156144_aa8c2ab8e1.jpg\" alt=\"WATOBO - The Web Application Security Auditing Toolbox\" \/><\/p>\n<p>WATOBO works like a local proxy, similar to <a href=\"https:\/\/www.darknet.org.uk\/2011\/06\/zed-attack-proxy-zaproxy-v1-3-0-released-integrated-penetration-testing-tool\/\">ZAP<\/a>, <a href=\"https:\/\/www.darknet.org.uk\/2006\/04\/paros-proxy-3211-released-mitm-http-and-https-proxy\/\">Paros<\/a> or <a href=\"https:\/\/www.darknet.org.uk\/2011\/06\/burp-suite-free-edition-v1-4-web-application-security-testing-tool\/\">Burp Suite<\/a> but in Ruby, when the rest are pretty much in JAVA.<\/p>\n<h3>Features<\/h3>\n<ul>\n<li>WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don\u2019t have to login manually each time you get logged out.<\/li>\n<li>WATOB can act as an transparent proxy<\/li>\n<li>WATOBO has anti-CSRF features<\/li>\n<li>WATOBO can perform vulnerability checks out of the box.<\/li>\n<li>WATOBO supports Inline De-\/Encoding, so you don\u2019t have to copy strings to a transcoder and back again. Just do it inside the request\/response window with a simple mouse click.<\/li>\n<li>WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.<\/li>\n<li>WATOBO is written in (FX)Ruby and enables you to easiely define your own checks<\/li>\n<li>WATOBO is free software ( licensed under the GNU General Public License Version 2)<\/li>\n<\/ul>\n<h3>Scanning\/Active Checks<\/h3>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<p>During a scan all selected active modules will be used to test the one or more chats (chat = request\/response pair). The total amount of resulting requests is hard to predict because in most cases it depends on the number of parameters and the module itself. Here\u2019s the list of the currently available active checks:<\/p>\n<ul>\n<li>Server-Status page<\/li>\n<li>Directory Walker<\/li>\n<li>FileExtensions<\/li>\n<li>HTTP Methods<\/li>\n<li>Lotus Domino DB Enumeration<\/li>\n<li>.NET Custom Error<\/li>\n<li>.NET Files<\/li>\n<li>Local File Inclusion<\/li>\n<li>Crossdomain Policy<\/li>\n<li>Basic JBoss enumeration<\/li>\n<li>SAP ITS: Default Commands<\/li>\n<li>SAP ITS: Default Services<\/li>\n<li>SAP ITS: Service Parameters<\/li>\n<li>SAP ITS: XSS<\/li>\n<li>Siebel Applications<\/li>\n<li>Error-based SQL-Injection<\/li>\n<li>Time-based SQL Injection<\/li>\n<li>Boolean SQL-Injection<\/li>\n<li>Numerical SQL-Injection<\/li>\n<li>XML-XXE<\/li>\n<li>NextGeneration Cross Site Scripting Checks<\/li>\n<li>Simple Cross Site Scripting Checks<\/li>\n<\/ul>\n<p>You can download WATOBO 0.9.20 gem here:<\/p>\n<p><a href=\"http:\/\/downloads.sourceforge.net\/project\/watobo\/watobo-0.9.20.gem\">watobo-0.9.20.gem<\/a><\/p>\n<p>Or read more <a href=\"http:\/\/sourceforge.net\/projects\/watobo\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WATOBO &#8211; The Web Application Security Auditing Toolbox &#8211; is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. It is capable of passive as well as active scanning and this latest is its real value added. It enables to automatize the discovery of common vulnerabilities (XSS, LFI, SQL [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"WATOBO - The Web Application Security Auditing Toolbox - enables security professionals to perform highly efficient web application security audits.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9,15],"tags":[2864,1602,3423,5548,396,1582,376],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3057"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=3057"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3057\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=3057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=3057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=3057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}