webslayer


Web application bruteforcer

WebSlayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and an easy and powerful results analyzer.

You can perform attacks like:

  • Predictable resource locator, recursion supported (Discovery)

  • Login forms brute force

  • Session brute force

  • Parameter brute force

  • Parameter fuzzing and injection (XSS, SQL)

  • Basic and Ntml authentication brute forcing

Features:

  • Recursion
  • Encodings: 15 encodings supported
  • Authentication: supports Ntml and Basic
  • Multiple payloads: you can use 2 payloads in different parts
  • Proxy support (authentication supported)
  • For predictable resource location it has: Recursion, common extensions, non standard code detection
  • Multiple filters for improving the performance and for producing cleaner results
  • Live filters
  • Multithreads
  • Session saving
  • Integrated browser (webKit)
  • Time delay between requests
  • Attack balancing across multiple proxies

  • Predefined dictionaries for predictable resource location, based on known servers (Thanks to Dark Raver, www.open-labs.org)

This site will be used to host the project files, and for issues management.

Official OWASP: site