WATOBO - Web Application Security Auditing Toolbox
WATOBO is a security tool that allows you to perform highly efficient semi-automated web application security audits.
Features:
- It has Session Management capabilities; You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
- It can act as a transparent proxy (requires nfqueue).
- It can perform vulnerability checks out of the box.
- It can perform checks on functions which are protected by Anti-CSRF-/One-Time-Tokens.
- It supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
- It has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
- It is written in (FX)Ruby and enables you to easily define your own checks.
- It runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby.
- It is free (licensed under the GNU General Public License Version 2).
HOW TO INSTALL WATOBO ON WINDOWS
If you already have a running ruby installation, you can install watobo via 'gem'.
c:\> gem install watobo
This might take some time ...
To start watobo enter
c:\> watobo_gui
Here is the video on how to install WATOBO on Windows:
HOW TO INSTALL WATOBO ON KALI LINUX
WATOBO is included in the official Kali Linux repo. You can install it by
apt-get install watobo
Note: If you run into trouble with the package shipped with your linux distribution, please check for alternative deb-packages at SourceForge.
