SandCat is a security assessment tool for detecting holes and vulnerabilities
in websites and Web apps. Before scanning, it automatically detects the server
configuration and determines the set of tests to be performed on the specified
Web app. Other than scanning, it can do log analysis and security hardening of
Web servers. It also lets you perform specific scans for vulnerabilities such as
Blind SQL Injection, Cross-Site Scripting, Directory Traversal, SANS Top 20,
OSWASP Top 10 vulnerabilities. Once the scan ends, SandCat mails the results
instantly.
|
When we tried the software on an online Web app, it performed quite well; it
managed to detect 56 vulnerabilities and also identified some potentially
vulnerable scripts running on the Web app. The catch here is that it runs only
on Windows.
You can get a realtime view of all vulnerabilities being detected, checks being performed, and time left for scan to end |
After the scan, you can view the reports, where you have details of threats detected from their exact location |
From the 'Advanced ' menu, you can see the actual request sent by SandCat and the actual response received |