软件介绍
WebCruiser Web Vulnerability Scanner是一个小巧但功能不凡的Web应用漏洞扫描器,能够对整个网站进行漏洞扫描,并能够对发现的漏洞(SQL注入,跨站脚本)进行验证;它也可以单独进行漏洞验证。
运行平台:Windows with .Net FrameWork 2.0或以上。
功能特性
网站爬虫(目录及文件); 漏洞扫描(SQL注入,跨站脚本); 漏洞验证(SQL注入,跨站脚本); SQL Server明文/字段回显/盲注; MySQL字段回显/盲注; Oracle字段回显/盲注; DB2字段回显/盲注; Access字段回显/盲注; 管理入口查找; GET/Post/Cookie 注入; 搜索型注入延时; 自动从自带浏览器获取Cookie进行认证; 自动判断数据库类型; 自动获取关键词; 多线程; 高级:代理、敏感词替换/过滤; 报告;
更新日志
WebCruiser v3.4.0更新: 可能导致信息泄露的备份文件扫描
WebCruiser v3.5.0更新: 新增支持PostgreSQL和SQLite数据库。
软件截图
软件其他
软件截图一
软件截图二
注册成功的图:
爬虫:
SQL注入:
WebCruiser - Web Vulnerability Scanner, an effective and powerful web penetration testing tool that will aid you in auditing your website! It has a Vulnerability Scanner and a series of security tools. WebCruiser can support scanning website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, an XPath injection tool, and a Cross Site Scripting tool! Key Features: * Crawler(Site Directories and Files); * Vulnerability Scanner: SQL Injection, Cross Site Scripting, XPath Injection etc.; * SQL Injection Scanner; * SQL Injection Tool: GET/Post/Cookie Injection POC(Proof of Concept); * SQL Injection for SQL Server: PlainText/Union/Blind Injection; * SQL Injection for MySQL: PlainText/Union/Blind Injection; * SQL Injection for Oracle: PlainText/Union/Blind/CrossSite Injection; * SQL Injection for DB2: Union/Blind Injection; * SQL Injection for Access: Union/Blind Injection; * Post Data Resend Tool; * Cross Site Scripting Scanner and POC; * XPath Injection Scanner and POC; * Auto Get Cookie From Web Browser For Authentication; * Report Output.