SandCat v3.9.3 available with support of Nessus NBE

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilitie

PNG - 4.9 kb

New in 3.9

  • Modern Browser Emulation - Improved support for HTML 5. The new version also expands the browser emulation feature set by adding new HTTP and SSL/TLS options, Socks support and additional authentication options.
  • Improved Defense Evasion - Added new filter evasion techniques (UTF8-Decode and others). Version 3.9 also includes additional WAF and IDS evasion techniques, targeting mod_security and PHP-IDS.
  • New Extensions - Improved Session Manager, User-Agent Changer, new Vulnerability Search screen.
  • And more - Support for the NBE (Nessus BackEnd) report format, ability to import/export string lists from/to files, added command-line support and scan scheduling capabilities to the newly introduced Session Launcher tool.

New Features

  • Filter Evasion - Sandcat’s fast engine interacts with a truly unique, up-to-date and extremely extensive database of checks and uses sophisticated techniques such as the newly introduced filter evasion and false positive reduction to give you stunning results. Sandcat’s database is the culmination of years of research by Syhunt and includes checks for a extremely wide array of different web application security threats.
  • Web security scanning the way you want it - Sandcat is highly customizable and extensible, its options screen contains several checkboxes and fields which controls Sandcat’s behavior. Additionally, almost any element of the tool can be molded to your liking - you can create and use your own scripts, exploits, GUI extensions and mods.
  • Web 2.0 compatible - Sandcat offers the degree of flexibility and versatility required to support any web environment, anywhere. It has been designed to intelligently handle complex, large web sites and automatically adapt to different web environments and technologies.
  • Sandcat + Sandcat for PHP - What could be better than combining blackbox testing and whitebox testing capabilities? Our newest tool, Sandcat for PHP, offers you the possibility to check the source code of your web applications for multiple classes of application vulnerabilities.

Complete Checks and scanning capabilities

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Vulnerability Scanner