Along with the features provided by the Web Vulnerability Scanner, advanced tools are also offered for penetration testers to further automated testing, integration with external tools, as well as tools to aid in testing business-logic web applications.
Beyond Traditional Scanning
The integrated HTTP Editor is a useful tool to export HTTP requests from an automated crawl or scan, modify or craft HTTP requests and analyze the web server’s response. Intercept, log and modify HTTP traffic sent to and from a web application on the fly using Traps with support for regular expressions using the integrated HTTP Sniffer. Extend manual HTTP traffic inspection by using captured traffic to build a custom crawl structure that can be used as part of an automated scan.
Fuzz HTTP requests to test validation and handling of invalid or random data using a variety of built-in fuzzers. Filter fuzzed HTTP requests with HTTP Fuzzer filters with support for regular expressions.
Export Blind SQL Injection vulnerabilities from automated scans, and perform automated database data extractions using the Blind SQL Injector.
Import manual crawl data from the built-in HTTP Editor, third-party tools such as Telerik Fiddler, Portswigger BurpSuite, and HAR (HTTP Archive) files.