WATOBO- The Web Application Security Auditing Toolbox For XSS, LFI And SQL Injections.
It is intended to enable security professionals to perform efficient (semi-automated) web application security audits.
It is competent to the discovery of common vulnerabilities like (XSS, LFI, SQL injections etc) in web applications.
Most important features:
- WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
- WATOBO can act as a transparent proxy (requires nfqueue)
- WATOBO can perform vulnerability checks out of the box
- WATOBO can perform checks on functions which are protected by Anti-CSRF-/One-Time-Tokens
- WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
- WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
- WATOBO is written in (FX)Ruby and enables you to easily define your own checks
- WATOBO runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby
- WATOBO is free software ( licensed under the GNU General Public License Version 2)
Installation on Windowsc:\> gem install watobo
This might take some time ...
To start watobo enter
Installation on Kali LinuxWATOBO is included in the official Kali Linux repo. You can install it by
apt-get install watobo