IronWASP (Iron Web application Advanced Security testing Platform)
IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it.
Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.
Features
Automated Scanning
- Full & Semi Automated Scans
- Scan Customization Option
- High Scan Precision: Scan 1 Parameter of 1 Request for 1 Active Plugin
Scripting shell
- Python & Ruby Support
- Simple & Powerful API
- Full Access to Logs
JavaScript Static Analysis
- DOM XSS Checking
- Editable Source & Sink Lists
Active and Passive Plugins
- Python & Ruby Support
- Easy to Create and Modify
- Active Plugins Leave Scan Trace
Format Plugin
- Python & Ruby Support
- Convert Object -> XML & XML -> Object
- Scan & Fuzz Any POST Body
- Format (JSON, XML, Java Serialized Object, etc.)
Sessiong Plugin
- Python & Ruby Support
- Customize Scans for Target Site
- Can Handle Logins, CSRF-Tokens, CAPTCHAs, Multi-step forms, etc.
Logging
- HTTP Traffic & Findings Logged
- Logs are Saved in Project Folder
- Can Reload Project from Logs
Manual Testing
- Request Crafter
- Intercepting Proxy
- Reflections Highlighted
Download IronWASP
NOTE: Requires .NET 2.0
More information: here
Save Post as PDF
