Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server). It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames (in addition to common list-based fuzzing).
Comments