WebSlayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and an easy and powerful results analyzer.

You can perform attacks like:

• Predictable resource locator, recursion supported (Discovery)

• Login forms brute force

• Session brute force

• Parameter brute force

• Parameter fuzzing and injection (XSS, SQL)

• Basic and Ntml authentication brute forcing

Features:

• Recursion
• Encodings: 15 encodings supported
• Authentication: supports Ntml and Basic
• Multiple payloads: you can use 2 payloads in different parts
• Proxy support (authentication supported)
• For predictable resource location it has: Recursion, common extensions, non standard code detection
• Multiple filters for improving the performance and for producing cleaner results
• Live filters
• Multithreads
• Session saving
• Integrated browser (webKit)
• Time delay between requests

• Attack balancing across multiple proxies

• Predefined dictionaries for predictable resource location, based on known servers (Thanks to Dark Raver, www.open-labs.org)

This site will be used to host the project files, and for issues management.

Official OWASP: site