WATOBO – THE WEB APPLICATION TOOLBOX

by do son · Published · Updated

WATABO is a security tool for testing web applications. It is intended to enable security professionals to perform efficient (semi-automated) web application security audits.

Most important features:

  • WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
  • WATOB can act as a transparent proxy (requires nfqueue)
  • WATOBO can perform vulnerability checks out of the box
  • WATOBO can perform checks on functions which are protected by Anti-CSRF-/One-Time-Tokens
  • WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
  • WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
  • WATOBO is written in (FX)Ruby and enables you to easily define your own checks
  • WATOBO runs on Windows, Linux, MacOS … every OS supporting (FX)Ruby
  • WATOBO is free software ( licensed under the GNU General Public License Version 2)
  • It’s by siberas 😉

Installation

Installation on Windows

If you already have a running ruby installation, you can install watobo via 'gem'

c:\> gem install watobo 

This might take some time ... 



To start watobo enter

c:\> watobo_gui 



Installation on Kali Linux



apt-get install watobo

More info and tutorial, please visit here.

Tags: watoboweb pentestwebapp pentest