软件介绍
WebCruiser Web Vulnerability Scanner是一个小巧但功能不凡的Web应用漏洞扫描器,能够对整个网站进行漏洞扫描,并能够对发现的漏洞(SQL注入,跨站脚本)进行验证;它也可以单独进行漏洞验证。
运行平台:Windows with .Net FrameWork 2.0或以上。
功能特性
网站爬虫(目录及文件);
漏洞扫描(SQL注入,跨站脚本);
漏洞验证(SQL注入,跨站脚本);
SQL Server明文/字段回显/盲注;
MySQL字段回显/盲注;
Oracle字段回显/盲注;
DB2字段回显/盲注;
Access字段回显/盲注;
管理入口查找;
GET/Post/Cookie 注入;
搜索型注入延时;
自动从自带浏览器获取Cookie进行认证;
自动判断数据库类型;
自动获取关键词;
多线程;
高级:代理、敏感词替换/过滤;
报告;
更新日志
WebCruiser v3.4.0更新:
可能导致信息泄露的备份文件扫描
WebCruiser v3.5.0更新:
新增支持PostgreSQL和SQLite数据库。
软件截图
软件其他
软件截图一
软件截图二
注册成功的图:
爬虫:
SQL注入:
WebCruiser - Web Vulnerability Scanner, an effective and powerful web penetration testing tool that will aid
you in auditing your website! It has a Vulnerability Scanner and a series of security tools.
WebCruiser can support scanning website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, an XPath injection tool, and a Cross Site Scripting tool!
Key Features:
* Crawler(Site Directories and Files);
* Vulnerability Scanner: SQL Injection, Cross Site Scripting, XPath Injection etc.;
* SQL Injection Scanner;
* SQL Injection Tool: GET/Post/Cookie Injection POC(Proof of Concept);
* SQL Injection for SQL Server: PlainText/Union/Blind Injection;
* SQL Injection for MySQL: PlainText/Union/Blind Injection;
* SQL Injection for Oracle: PlainText/Union/Blind/CrossSite Injection;
* SQL Injection for DB2: Union/Blind Injection;
* SQL Injection for Access: Union/Blind Injection;
* Post Data Resend Tool;
* Cross Site Scripting Scanner and POC;
* XPath Injection Scanner and POC;
* Auto Get Cookie From Web Browser For Authentication;
* Report Output.