WATOBO- The Web Application Security Auditing Toolbox For XSS, LFI And SQL Injections.
It is intended to enable security professionals to perform efficient (semi-automated) web application security audits.
It is competent to the discovery of common vulnerabilities like (XSS, LFI, SQL injections etc) in web applications.
Most important features:
WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
WATOBO can act as a transparent proxy (requires nfqueue)
WATOBO can perform vulnerability checks out of the box
WATOBO can perform checks on functions which are protected by Anti-CSRF-/One-Time-Tokens
WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
WATOBO is written in (FX)Ruby and enables you to easily define your own checks
WATOBO runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby
WATOBO is free software ( licensed under the GNU General Public License Version 2)
Installation on Windows
c:\> gem install watoboThis might take some time ...
To start watobo enter
Installation on Kali Linux
WATOBO is included in the official Kali Linux repo. You can install it byapt-get install watobo