This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP Webslayer Project

From OWASP

Revision as of 21:04, 2 November 2008 by Cmartorella (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Click here to return to OWASP Projects page.
Click here to see (& edit, if wanted) the template.

PROJECT IDENTIFICATION
Project Name	OWASP Webslayer Project
Short Project Description	WebSlayer is a tool designed for brute forcing Web Applications, it can be used to discover not linked resources (directories, servlets, scripts, etc), brute force GET and POST parameters, brute force forms parameters (User/Password), fuzzing, etc. The tools has a powerful payload generator and a easy and flexible results analyzer.
Email Contacts	Project Leader Christian Martorella	Project Contributors Carlos del Ojo	Mailing List/Subscribe Mailing List/Use	First Reviewer Andres Andreu	Second Reviewer TBD	OWASP Board Member (if applicable) Name&Email

PROJECT IDENTIFICATION

Project Name

OWASP Webslayer Project

Short Project Description

WebSlayer is a tool designed for brute forcing Web Applications, it can be used to discover not linked resources (directories, servlets, scripts, etc), brute force GET and POST parameters, brute force forms parameters (User/Password), fuzzing, etc.

The tools has a powerful payload generator and a easy and flexible results analyzer.

Email Contacts

Project Leader
Christian Martorella

Project Contributors
Carlos del Ojo

Mailing List/Subscribe
Mailing List/Use

First Reviewer
Andres Andreu

Second Reviewer
TBD

OWASP Board Member
(if applicable)
Name&Email

PROJECT MAIN LINKS
- The tool's url

RELATED PROJECTS
If any, add link.

SPONSORS & GUIDELINES
Sponsor name, if applicable	Guidelines/Roadmap

ASSESSMENT AND REVIEW PROCESS
Review/Reviewer	Author's Self Evaluation (applicable for Alpha Quality & further)	First Reviewer (applicable for Alpha Quality & further)	Second Reviewer (applicable for Beta Quality & further)	OWASP Board Member (applicable just for Release Quality)
First Review	Objectives & Deliveries reached? Not yet (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See&Edit: First Review/SelfEvaluation (A)	Objectives & Deliveries reached? Not yet (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See&Edit: First Review/1st Reviewer (B)	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See&Edit: First Review/2nd Reviewer (C)	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Alpha Status - (To update) --------- See/Edit: First Review/Board Member (D)

1 Overview
2 Features
- 2.1 For Resource Location prediction, it supports:
3 Results analysis

Overview

WebSlayer is a tool designed for bruteforcing Web Applications, it can be used for finding not linked resources (directories, servlets, scripts, etc), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and a easy and powerful results analyzer.

It's possible to perform attacks like:

Predictable resource locator (File and directories discovery)
Login forms brute force
Session brute force
Parameters brute force
Parameter fuzzing and Injection (XSS, SQL, etc)
Basic and Ntml Bruteforcing

Features

Some features are:

Encodings: 15 encodings supported
All parameters attack: the tool will inject the payload in every parameter (Headers, Get, Post)
Authentication: Webslayer supports Ntml and Basic authentication, also you can brute force the authentication
Multiple payloads: you can use 2 paylods in different parts
Proxy support (authentication supported)
Live filters: You can change the filters as the attack is taking place
Multiple threads: You can set how many threads to use in the attack
Session import/export: Allows you to save the session and to continue working with the results
Integrated web browser: a full fledge webkit browser is included to analyze the results
Predefined dictionaries for predictable resource location, based on known servers (Thanks to Dark Raver, www.open-labs.org)
Payload Generator (custom payload generator)

For Resource Location prediction, it supports:

Recursion: When discovering directories, you can set how deep to go
Non standard code error checking: Webslayer will detect NoN Standard Code, to avoid presenting trash results
Extensions: You can add a list of extensions to try with a dictionary

Results analysis

The power of Webslayer resides in the way you can work with the results, for every attack you will have all the responses, and for each ; request you will have:

Html results
Source code
Headers
Web browser view (it will replay the request via the browser)

Multiple filters for improving the performance and for producing better results for the analyst

Return Code
Characters length
Words length
Lines length
MD5
Regular expression

Webslayer will maintain all the attacks in the session so you can work with them, compare, check later, etc.

Pages in category "OWASP Webslayer Project"

This category contains only the following page.

O

OWASP/Training/OWASP Webslayer Project

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Webslayer_Project&oldid=45552"

Category:

OWASP Project

Category:OWASP Webslayer Project

Overview

Features

For Resource Location prediction, it supports:

Results analysis

Pages in category "OWASP Webslayer Project"

O

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools