Webfigh is a tool for manual analysis of web application security.

The tool performs a log parser of Burp (http://portswigger.net/burp/download.html), and performs a series of tests and show notes to an expert analyze:

1. All requests and parameters to fuzz and data validation tests;
2. Show all files and javascriopt perform syntax analysis;
3. Show all flash files, disassembled and grep potential vulnerabilities;
4. Analyze all headers and do a fingerprint;
5. Validate security headers (CSP; HSTS, X-Frame-Options)
6. Create the CSRF PoC for all requests;
7. And much more ... Make your module ...

Demo

Start

GettingStarted

By Conviso Security Labs - http://www.conviso.com.br