Wednesday, July 19, 2006

Springenwerk Security Scanner

This is a free XSS scanner available on web. With a few enhancements, this could make a quick scan of your applications possible. This type of scanner is useful for manual pen-testers when they have to try out loads of injection variations. Such a task is tedious to do manually and on each field in the application. This tool generates a report in a nice format.

Following are the features listed on the tool's home page.
  • Finds the most common XSS vulnerabilites
  • Extracts forms and input elements from given webpages and checks them for vulnerabilites
  • Follows the form action targets (1 level)
  • Can check custom HTTP GET and POST data arguments
  • Can use Springenwerk, Firefox or IE in the requests' user agent string
  • Optionally generates an HTML report file with exploits to demonstrate the vulnerabilites
  • Comes with an easy to use GUI
  • Platform independent, written in Python
  • No installation and no super user privileges necessary
  • FREE!

No comments: