WATOBO v0.9.10 Released

WATOBO v0.9.10 Released

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.

Features

  • WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
  • WATOBO can perform vulnerability checks out of the box.
  • WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
  • WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
  • WATOBO is written in (FX)Ruby and enables you to easiely define your own checks
  • WATOBO is free software ( licensed under the GNU General Public License Version 2)

Changelog

  • [Module] Time-based SQL injection module
  • [Module] Rated XSS which gives a more accurate exploitability result
  • [GUI] ConversationTable: values in column Parameters are url-decoded
  • [Plugin] WebCrawler – based on Mechanize
  • [GUI] Manual Request Editor: URL is displayed in the window title
  • [GUI] Menubar items are disabled if no project is defined
  • [CORE] Create SSL certificates for each target on-the-fly, now you only have to trust the internal CA once
  • [Interceptor] Rewrite/Inject Feature to Interceptor
  • [CORE] added .yml file extension for chats, findings, logs, …
  • [Plugin] SQLmap – easy to use sqlmap interface
  • [Interceptor] Transparent Proxy Feature – only available on Linux (depends on netfilter_queue)
  • [CatalogScanner] added predefined database paths
  • [CORE] general unzipping and un-chunking of server responses
  • CA Directory is now created in WATOBO working directory ‘.watobo’
  • Fixed Crash on opening client-certificate dialog
  • Improved Socket communication
  • ConversationTable: GET and POST parameters are shown in the parameters coloumn
  • TreeView-Pane: Show full conversation list when Findings tab is selected
  • Fixed a bug in parsing post parameters
  • QuickScan: double scanning each module
  • the disclaimer.chk file now is written to .watobo
  • some minor bugs

Download

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community