This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP/Training/OWASP Webslayer Project"
From OWASP
Cmartorella (talk | contribs) |
Cmartorella (talk | contribs) |
||
| Line 1: | Line 1: | ||
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude> | {{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude> | ||
| Module_designation = [[Category:OWASP Webslayer Project|OWASP Webslayer Project]] | | Module_designation = [[Category:OWASP Webslayer Project|OWASP Webslayer Project]] | ||
| − | | Module_Overview_Goal = | + | | Module_Overview_Goal = |
WebSlayer is a tool designed for bruteforcing Web Applications, it can be used for finding not linked resources (directories, servlets, scripts, etc), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. | WebSlayer is a tool designed for bruteforcing Web Applications, it can be used for finding not linked resources (directories, servlets, scripts, etc), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. | ||
The tools have a payload generator and a easy and powerful results analyzer. | The tools have a payload generator and a easy and powerful results analyzer. | ||
| − | |||
| | ||
| + | |||
Some features are: | Some features are: | ||
| + | |||
* Encodings: 15 encodings supported | * Encodings: 15 encodings supported | ||
* All parameters attack: the tool will inject the payload in every parameter (Headers, Get, Post) | * All parameters attack: the tool will inject the payload in every parameter (Headers, Get, Post) | ||
| Line 19: | Line 20: | ||
* Integrated web browser: a full fledge webkit browser is included to analyze the results | * Integrated web browser: a full fledge webkit browser is included to analyze the results | ||
* Predefined dictionaries for predictable resource location, based on known servers (Thanks to Dark Raver, www.open-labs.org) | * Predefined dictionaries for predictable resource location, based on known servers (Thanks to Dark Raver, www.open-labs.org) | ||
| − | * Payload Generator (custom payload generator) | + | * Payload Generator (custom payload generator) |
| Content = | | Content = | ||
| Line 41: | Line 42: | ||
[http://code.google.com/p/webslayer/downloads/list Webslayer] | [http://code.google.com/p/webslayer/downloads/list Webslayer] | ||
| − | |||
}} | }} | ||
Revision as of 15:40, 7 December 2010
| MODULE | |
| ' | |
| Overview & Goal | |
| WebSlayer is a tool designed for bruteforcing Web Applications, it can be used for finding not linked resources (directories, servlets, scripts, etc), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc.
The tools have a payload generator and a easy and powerful results analyzer.
Some features are:
| |
| Contents | Materials |
| The training will show how to use the tool and will cover the following topics:
-Interface overview -Basic Payloads overview -Basic directory discovery setup -Advance directory and file discovery -Login form brute force attack -Basic authentication attack -Custom payload generation -Advanced uses
|
The training is a hands on course, so it is recommended to bring your own laptop.
The latest version of Webslayer can be downloaded from: |
