SandCat The Web Scanner v4.2 released with new Enhancements
This Article is (c) VulnerabilityDatabase.com. [divider /]
Sandcat combines Syhunt’s state-of-the-art, multi-process scanning technologies with the incredibly fast Lua language to perform remote web application security scans. While spidering a web site and hunting vulnerabilities, Sandcat emulates a modern, HTML 5-aware web browser, making sure every web application gets fully tested.
Sandcat is focused on finding security flaws in web applications.
- Black-Box Testing – Assess the web application security through remote scanning. Supports any web server platform.
- White-Box Testing – By automating the process of reviewing the web application’s code, Sandcat’s code scanning functionality can make the life of QA testers easier, helping them quickly find and eliminate security vulnerabilities from web applications. Supports ASP, ASP.NET, PHP & JSP.
- Concurrency/Scan Queue Support – Multiple security scans can be queued and the number of threads can be adjusted.
- Deep Crawling – Runs security tests against web pages discovered by crawling a single URL or a set of URLs provided by the user.
- Advanced Injection – Maps the entire web site structure (all links, forms, XHR requests and other entry points) and tries to find custom, unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests (mostly GET and POST). Tests for SQL Injection, XSS, File Inclusion and many other web application vulnerability classes.
- Reporting – generates a report containing information about the vulnerabilities. After examining the application’s response to the attacks, if the target URL is found vulnerable, it gets added to the report. Sandcat’s reports also contain charts, statistics and compliance information. Syhunt offers a set of report templates tailored for different audiences.
- Local or Remote Storage – Scan results are saved locally (on the disk) or remotely (in the Sandcat web server). Results can be converted at any time to HTML or multiple other available formats.
- In addition to its GUI (Graphical User Interface) functionalities, Sandcat offers an easy to use command-line interface.
Syhunt unveils new enhancements to Sandcat 4
We are proud to announce that Sandcat 4.2 is finally out and it contains a powerful set of enhancements. The user interface we unveil today comes with a built-in pen-test oriented web browser, new configuration screens, a more flexible extension system, among other enhancements that make Sandcat both more user friendly to all users and comprehensive when it comes to helping security professionals perform manual tests. Please find all major improvements below.
What’s New in Sandcat Pro (4.2)
- Built-in web browser – Sandcat’s browser comes with a set of features that is particularly useful for pen-testers and code reviewers, such as CatSense™ (which offers instant page analysis information), gray box analysis, request editing/replay capabilities, manual crawling, spider cache integration, and uses Google’s Chromium, the same engine that powers the Chrome browser, to display web pages.
- New UI extensions system – We expanded the use of the Lua language in Sandcat 4.2. Sandcat’s new user interface extensions are mainly HTML and Lua-based, making it very easy to build user extensions.
- New SQL Injection checks and other checks – The 4.2 database includes a set of Blind SQL Injection checks covering several types of databases. Since the 4.0 release last year we added to Sandcat 2488 new checks for vulnerabilities affecting known web applications, and several checks for SQL Injection (Error-Based & Blind), XSS, File Manipulation, File Inclusion, HTTP Response Splitting (HRS) and Command Execution vulnerabilities aimed at custom web applications.
- Design and usability enhancements – Sandcat 4.2 includes new, redesigned configuration screens, reorganized toolbars, and a new and more intuitive way to start scans (see screenshots here).