IronWASP - An Open Source Web Security Testing Platform

IronWASP - An Open Source Web Security Testing Platform

IronWASP is an open source GUI based web application security testing framework. It is designed to be highly customizable, you can even create your own custom security scanners using this platform.

IronWASP Snapshot

Note: It requires .NET 2.0 SP2.


  • Powerful and effective scanning engine
  • Supports recording Login sequence
  • Reporting in both HTML and RTF formats
  • Checks for over 25 different kinds of well-known web vulnerabilities
  • False Positives detection support
  • False Negatives detection support
  • Industry leading built-in scripting engine that supports Python and Ruby
  • Extensible via plugins or modules in Python, Ruby, C# or VB.NET
  • Comes bundled with a growing number of Modules built by researchers in the security community:
    • WiHawk - WiFi Router Vulnerability Scanner.
    • XmlChor - Automatic XPATH Injection Exploitation Tool.
    • IronSAP - SAP Security Scanner.
    • SSL Security Checker - Scanner to discover vulnerabilities in SSL installations.
    • OWASP Skanda - Automatic SSRF exploitation tool.
    • CSRF PoC Generator - Tool for automatically generating exploits for CSRF vulnerabilities.
    • HAWAS - Tool for automatically detecting and decoding encoded strings and hashes in websites.

IronWASP makes use of the following excellent Free/Open Source libraries:
  • FiddleCore
  • IronPython
  • IronRuby
  • Jint
  • System.Data.SQLite
  • Html Agility Pack
  • ICSharpCode.TextEditor
  • Json.NET
  • Diffplex
  • Be.HexEditor
  • DotNetZip
  • jsbeautifylib
  • Diff.cs


  • Performing Vulnerability Scans with IronWASP:

  • Recording a Login Sequence to use in Vulnerability Scanning:

  • Automatically Testing for CSRF Vulnerabilities using IronWASP:

  • Automatically Testing for Broken Authentication with IronWASP:

  • Automatically Testing for Hidden Parameters using IronWASP:

  • Automatically Testing for Privilege Escalation Vulnerabilities using IronWASP:

  • Hunting for DOM based Cross-site Scripting Vulnerabilities with IronWASP:

  • Using IronWASP's built-in pre-configured browser to automatically intercept HTTP and HTTPS traffic:

  • Using WiHawk - WiFi Router Vulnerability Scanner:

  • Using XmlChor - XPATH Injection Exploitation Tool:

No comments

Powered by Blogger.