Jsky - a free Web Application Scanner

A new free Web application Scanner is out, from the same author of Pangolin (a good SQL Injection tool). The scanner looks pretty solid and complete for an alpha version; the list of checks is the following:

  • SQL Injection
  • XSS
  • Unsecure object using
  • Local path disclosure
  • Unsecure directory permissions
  • Server vulnerabilities like buffer overflow and configure error
  • Possible sensitive directories and files scan
  • Backup files scan
  • Source code disclosure
  • Command Execute
  • File Include
  • Web backdoor
  • Sensitive information
  • And so much more......
It also claims  that also exploits the vulnerabilities, but i didn't try that option yet.

Here is a screenshot of the tool in action:

You can download it from here


2 comentarios:

Kinunt said...

The link to JSky in your blog points to a RAR file. When uncompressed AVG detects an IRC/Trojan, is it a false alarm or is it infected?

Kinunt said...

The RAR file that is pointed by a link in your blog to the JSky scanner seems to be infected by a IRC/Trojan detected by AVG, is it right or is it a false alarm?