Acunetix web security tool, is a web utility security software, now turning in guide Pen trying out gear for free of charge. Penetration testers can make use of an HTTP Editor to alter or craft HTTP requests and examine responses; intercept and modify HTTP visitors at the fly the use of the included HTTP Sniffer; fuzz take a look at HTTP requests the use of the HTTP Fuzzer and check Blind sq. Injection vulnerabilities further the usage of the Blind sq. Injector, among others.
Features
HTTP Editor: lets in you to create, analyze and edit patron HTTP requests; as well as inspect server responses. It also includes an encoding and decoding tool to encode/decode text and URL’s to MD5 hashes, UTF-7 and different formats.
HTTP Sniffer: A proxy that permits you to investigate HTTP requests and responses, and edit those even as they’re in transit. The HTTP sniffer can also be used to manually move slowly a website, and use the manual crawl to seed an Acunetix test.
HTTP Fuzzer: A device which allows you to mechanically ship a huge wide variety of HTTP requests which includes invalid, unexpected and random facts to a internet site, to check input validation and dealing with of invalid data with the aid of the net software.
Blind square Injector: an automated database records exfiltration tool. By using the use of Blind square injection vulnerabilities observed when scanning a internet site, it’s far feasible to demonstrate the critical effect a Blind sq. injection vulnerability will have at the website. Used to enumerate databases, tables, fields and dump records from the inclined net software.
Subdomain Scanner: Scans a pinnacle-level domain to find out subdomains configured in its hierarchy, by means of using the target area’s DNS server, or another DNS server specified by the consumer. While scanning, this device will also automatically pick out and tell the person if the area being scanned is using some type of wildcard characters, which include *.domain.com.
Target Finder: An IP variety / port scanner which may be used to discover walking web servers on a given IP or within a distinct variety of IPs. The list of ports on which the net servers are listening also can be configured. The default ports the scanner will scan are port eighty for HTTP and port 443 for SSL.
Authentication Tester: Used to test the energy of both usernames and passwords within HTTP and net bureaucracy authentication environments through a dictionary attack.