WebReaver is a testing toolkit that allows detecting different types of vulnerabilities in a web-based application. In this respect, the tool can find such problems as SQL injection, command injection, cross-site scripting and expression injection, which are highly risky. Besides, it can alert you about other less serious issues, like information leakage and header problems.
The application has a modern beautiful interface. There are tabs that let you open the component tools separately. In this regard, Scanner opens by default and is intended for scanning the desired web application to find its vulnerabilities in a series of scenarios. It supports unlimited scans and runs over 60 generic tests. Another tool available is Fuzzer, which is used for similar purposes but utilizes brute-force and fuzz-testing techniques. Once the results are ready, you can get detailed reports of all the issues found. Unfortunately, the app does not seem to provide solutions or patches to fix the problems found.
WebReaver uses a powerful testing engine, called Sparta, to find vulnerabilities. It also uses a unique reporting system to avoid reporting inexistent issues. Still, there is a chance that false positives may occur.
All in all, WebReaver seems perfect for security consultants. Although a combination of manual and automated analyses is usually required, this tool can certainly facilitate your work by doing the automatic part. Fortunately, the app is free for non-commercial purposes. Yet, if you intended to use it for any profitable activity, you need to buy the Commercial license.
Comments