Sometimes it so happens that the tools that you most frequently use are the ones that you forget writing about. Same is the case with the Syhunt SandCat. We use SandCat on almost a daily basis. It is an amazing tool to work with.
SandCat has two versions – free & pro. Both these versions are programmed with the Open Web Application Security Project (OWASP) and the SANS Institute vulnerabilities in mind. You can also scan for the latest buzz word in the security market: WebDav with this tool. Basically, SandCat is a remote web application security assessment scanner. You can scan for almost all web application flaws. Sandcat remotely injects data in the web applications and analyzes the application response. This helps it to determine if the application code is vulnerable to specific attacks such as SQL Injection, XSS, and many other web application vulnerability flaws.
The free version is pretty fast and fairly accurate. With the professional version, you can expect a Session Resume Support, a Full Vulnerability Info, a Report Generator and Autoupdates. Whats more? SandCat is Web 2.0 compatible! It’s fast engine interacts with a truly unique, up-to-date and extremely extensive database of checks and uses sophisticated techniques such as the newly introduced filter evasion and false positive reduction to give you near perfect results. You can also run SandCat under Linux with WINE.
As of now, the SandCat will scan for these fault injections:
* Buffer Overflow
* Cookie Manipulation
* Command Execution
* CRLF Injection
* Cross Frame Scripting
* Cross-Site Scripting (XSS)
* Default Account
* Directory Listing
* Directory Traversal
* File Inclusion
* Information Disclosure
* LDAP Injection
* MX Injection
* Password Disclosure
* Path Disclosure
* PHP Code Injection
* Server-Specific Vulnerabilities: IIS / iPlanet / Others
* Source Code Disclosure
* SQL Injection
* XPath Injection
* Miscellaneous
It also performs the following Application Checks:
* Backup Files
* Common Exposures: Dangerous Methods, Default Content, Internal IP Address Disclosure
* Common Files and Folders
* Common Vulnerable Scripts: ASP, ASP .Net, PHP, JSP, Perl
* Email Form Hijacking
* Old/Backup Files: Common Backup Folders, Common Backup Files
* Outdated Server Software
* Path Disclosure
* Source Code Disclosure
* Suspicious HTML Comments
* Unencrypted Login
* Web-Based Backdoors
* Compliance: OWASP Top 10, PHP Top 5
* Fault Injection: Parameter Tampering, Form Field Manipulation
It can also perform these Server Checks:
* CGI, CGI-Bin & CGI-Local Folders
* CGI-Sys
* Common Files and Folders
* Common Server Vulnerabilities: Cisco IOS, ColdFusion, Domino, IIS, NCSA, FrontPage, FrontPage CGI
* Common Vulnerable Scripts: ASP, ASP .Net, PHP, JSP, Perl
* Compliance: SANS Top Twenty
* Database Disclosure
* Denial-of-Service
* IDS Testing
* Old/Backup Files: Common Backup Folders & Files
* Outdated Server Software
* Web-Based Backdoors
* WinCGI
Enough of me rambling! Download this awesome tool here! The latest version is released on 05.13.2009. It runs on Windows XP, 2003, 2008, Vista and 7.
Searches leading to this post:SandCat pro 3 9 download
You must log in to post a comment.