Netsparker Final Beta (v0.9.9.9935) - Web App Security Scanner
Netsparker, web application security scanner can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology itâ€™s built on, just like an actual attacker.
It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.
Version Final Beta v0.9.9.9935
- New name, new design!
- New Test Module: Detect and analyse for crossdomain.xml issues
- New Test Module: Apache server-status and server-info detection
- Text parser finds relative links again, which has been closed in previous beta due to performance reasons
- Better case sensitivity support, during the crawling and attacking. You need to explicitly enable it from "Advanced Settings"
- New Test Module: Detect Apache Altarnate/Multiviews
- Custom 404 support. Now, Netsparker can detect custom 404 pages and act accordingly
- Better HTTP Request / Response GUI. Got splitter, better search and some other cool stuff
- New Test Module: Find backup files
- Improved Test Module: New and better attacks added to command injection for *nix and Windows based systems
- Better error handling. Now you can add details to error reports as well as your e-mail address so we can get back to you about the issue (of course, only if you want)
- New Test Module: Check for TRACE/TRACK methods
- GUI support customisation in many ways and remembers all of them
- Some bugs in the redirected pages fixed
- Some false positives in Boolean SQL Injection fixed
- Text parser slightly improved, some minor bugs fixed
- Memory usage and overall performance of the application significantly improved.
- Improved Test Engine: SQL Injection, Boolean SQL Injection and Blind SQL Injection tests improved to increase the coverage
- Some rare XSS False-positives fixed.
- Figures in the dashboard fixed. It’s still not totally accurate -due to runtime optimisation- but pretty close to what’s going to happen
- Disconnect and better error handling added to SQL Injection exploitation. Some bugs fixed in the listener as well
- New Test Module: Sitemap.xml analysis
Tool submitted by Ferruh Mavituna (Project Leader)