reddit hackernews mail facebook facebook linkedin


A tool for automated security scanning of web applications.

Some features:
- unified GUI
- command line mode
- support for AMF
- saving and loading scan configurations
- proxy-only mode
- search engine recon test module
- automatic file-not-found profiles
- HTML form baseline module
- proxy request intercepts
- test for cross-site tracing
- parses robots.txt, requests all discovered paths, and reports disallowed paths
- lists all HTML and/or JavaScript comments