Codesake::Dusk - the end of web applications security issues
dusk is a dynamic analysis tool for websites to spot security issues. It borns from a bunch of ruby code snippets I wrote to automate my daily job, so I gather them together in the hope you'll find them useful too.
YADAST?
Security market is full of both commercial than opensource dynamic testing tools helping people to automate some steps in a web application penetration test. dusk is something useful for me and that I want to share with you in case you eventually find it useful too.
Features
| Test | Description | Release time |
|---|---|---|
| robots.txt parsing | ||
| url discovery with bruteforce | ||
| ssl connection evaluation | ||
| login form bruteforce | ||
| XSS discovery | ||
| cookie testing | ||
| http verb evaluation | ||
| site crawling | ||
| detect old and backup files | ||
| CMS fingerprint | ||
| information gathering using search engines |
Installation
Add this line to your application's Gemfile:
gem 'codesake-dusk'
And then execute:
$ bundle
Or install it yourself as:
$ gem install codesake-dusk
Usage
TODO: Write usage instructions here
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request