Web Application Exploiter (WAppEx) 2.0

Written By mediana saputra on Wednesday, 6 February 2013 | 23:51

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.

The Exploit Database contains the all the logic associated with trivial fingerprinting, exploitation techniques, and payloads that address a wide range of web application vulnerabilities with the emphasis being on high-risk and zero-day vulnerabilities.

Some of the vulnerabilities already bundled within the Exploit Database include Local File Disclosure (LFD), Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL Injection (SQLI), Remote OS Command Execution (RCE), and Server-side Code Injection (SCI). WAppEx can detect these vulnerabilities in a target, take full advantage of it, and through neatly designed payload codes get as much access to the exploited target as possible in as short a time as possible. Some of the payloads included within the database are various reverse shells, arbitrary code execution, command execution, arbitrary file upload…

Since all the attack logic rests in the form of scripts within the Exploit Database, it is easily extensible, flexible and updatable through community servers. Users, too, can add mature, sophisticated exploits and payloads in the same fashion. The database grows on a daily basis, and our dedicated team of research and development are working non-stop to maintain the richest, most up-to-date aggregate of exploits. The number of exploits is soon bound to surpass hundreds. Meanwhile, users can share their own created exploits and payloads with the community and contribute to this growing momentum.

The scripting language used to create new exploits and payloads is JavaScript with the addition of a few accessory objects and functions that automate daily penetration testing tasks and help integrate the script with the database. Using this feature, you can easily create and execute an exploit based on a newly discovered vulnerability.

WAppEx is also equipped with a penetration testing toolbox that makes an effective synergy with the Exploit Database and a crafty security expert. The provided tools include Manual Request, Exploit Editor, Dork Finder, Hidden File Checker… More tools, such as a crawler, a multi-purpose fuzzer… are to be added to the arsenal in the future releases of WAppEx.

Still, keep your eyes peeled as this is just the beginning of a new, powerful war machine in the pentest battleground.

The full list features is as below:
An exploit database covering a wide range of vulnerabilities.
A set of tools useful for penetration testing:
Manual Request
Dork Finder
Exploit Editor
Hidden File Checker
Neighbor Site Finder
Find Login Page
Online Hash Cracker
Execute multiple instances of one or more exploits simultaneously.
Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
Test a list of target URL’s against a number of selected exploits.
Allows you to create your own exploits and payloads and share them online.
A number of featured exploits (6) and payloads (39) bundled within the software exploit database:
Testing and exploiting of Local File Inclusion vulnerabilities
Testing and exploiting of Local File Disclosure vulnerabilities
Testing and exploiting of Remote File Inclusion vulnerabilities
Testing and exploiting of SQL Injection vulnerabilities
Testing and exploiting of Remote Command Execution Inclusion vulnerabilities
Testing and exploiting of Server-side Code Injection vulnerabilities

WAppEx 2.0, like its predecessor, has only been released a free trial. Click the download links below to download WAppEx 2.0, ITSecTeam End-User License Agreement, and the registration license file.


Download WAppEx End-User License Agreement
Download WAppEx 2.0
Download License File

Enter ITSecTeam as the license name during registration.

Share this article :

Post a Comment

Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger