Web Application Security
Back to list
CAT Version 1 Released - Web App Testing Tool
Aug 04 2011 12:45AM
Context IS - Disclosure (disclosure contextis co uk)
Context App Tool (CAT) Version 1 has been released.
CAT is a tool for manual web application penetration testing and includes the following features:
- Request Repeater ? Used for repeating a single request
- Proxy ? Classic Inline proxy
- Fuzzer ? Allows for batch of tests to be sent to a server for brute forcing, parameter fuzzing, forced browsing etc.
- Log ? View a list of requests to sort, search repeat etc. Allows for a sequence of requests to be repeated and modified.
- Authentication Checker ? Two synchronised proxies which can be used to check authentication and authorisation controls.
- SSL Checker ? Request a specific page with various SSL ciphers and versions.
- Notepad ? A text/RTF editor which can be used as a scratch pad for conversions etc.
- Web Browser ? An integrated web browser with proxy pre-configured based on the Internet Explorer's rendering engine.
- Addons ? Freely accessible API/SDK to extend CAT with additional functionality.
Some highlights of CAT:
- CAT uses Internet Explorer's rendering engine for accurate HTML representation
- It offers integrated SQL Injection and XSS Detection
- Advanced Authentication and Authorisation using Synchronised Browsing
- Silverlight WCF Support
- Faster performance due to HTTP connection caching
- SSL Version and Cipher checker using OpenSSL
- Greater flexibility for importing/exporting logs and saving projects
- Tabbed Interface allowing for multiple tools at once e.g. multiple repeaters and different logs
- The ability to repeat and modify a sequence of requests (particularly useful in SSO testing)
- Ability to extend CAT using Addons with publicly available documentation and sample code
- MONO Support for Linux and OSX (Currently in Beta).
- Scriptable fuzz cases.
- It is totally free!
This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
[ reply ]
Copyright 2010, SecurityFocus