Detailed Web Application Scanner Information - WATOBO

Logo	Scanner	Version		Vendor
	WATOBO	0.9.19		Andreas Schmidt

Tested Against WAVSEP Version:

1.5

Product Details:

Accurate Version	License / Technology	Last Update	Source Code Activity
0.9.19 (GA)	GPL2 Ruby 1.9.x	21-11-2013	21-11-2013 Source Code

General Features:

GUI	Config	Usage	Stability	Performance	Report	ScanLog	Pause	Session
	Very Simple	Very Simple	Unstable	Fast

Authentication, Control and Connection Features:

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

Coverage Features:

C
O
U
N
T

Manual
Crawl

URL
File

Html
Crawler

Ajax
Crawler

Flash
Crawler

Applet
Crawler

Silverlight
Crawler

WSDL
Crawler

REST
Crawler

Field
Autofill

Smart
Autofill

Anti
CSRF
Support

Viewstate
Support

CAPTCHA
Bypass

WAF
Bypass

Input Vector Support:

C
O
U
N
T

G
E
T

P
O
S
T

C
O
O
K
I
E

H
E
A
D
E
R

S
E
C
R
E
T

P
N
a
m
e

X
M
L

X
m
l
A
T
T

X
m
l
T
A
G

J
S
O
N

.
N
e
t
E
N
C

A
M
F

J
a
v
a
S
E
R

.
N
e
t
S
E
R

W
C
F

W
C
F
-
B
i
n

W
e
b
S
o
c
k

D
W
R

C
u
s
t
o
m

Audit Features:

C
O
U
N
T

S
Q
L
i

B
S
Q
L
i

S
S
J
S
i

R
X
S
S

P
X
S
S

D
X
S
S

J
S
O
N
h

L
F
I

R
F
I

C
M
D
E
x
e
c

U
P
L
O
A
D

R
E
D
I
R
E
C
T

C
R
L
F
i

L
D
A
P
i

X
P
A
P
H
i

M
X
i

S
S
I

F
O
R
M
A
T
i

C
O
D
E
i

X
M
L
i

E
L
i

B
U
F
F
E
R
o

I
N
T
E
G
E
R
o

C
O
D
E
D
i
s
c

B
A
C
K
U
P
f

P
A
D
D
I
N
G

A
U
T
H
b

P
R
I
V
e

X
X
E

S
E
S
S
I
O
N

F
I
X
A
T
I
O
N

C
S
R
F

A
D
o
S

Complimentary Audit Features:

WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features
				SQLmap Integration (exploitation), SSL Checker, FileFinder, CGIScanner (Catalog scanner), Fuzzer, Shell (Wshell), XML Parser (for manual testing), HexViewer, Supports Anti-CSRF-Tokens / Detect One-Time-Token, Login/Logout Detection & Scripts.

The SQL Injection Detection Accuracy of the Scanner:

Detection Accuracy

Chart

83.09% Detection Rate
60.00% False Positives

(113/136)
(6/10)

The Reflected XSS Detection Accuracy of the Scanner:

Detection Accuracy

Chart

75.76% Detection Rate
100.00% False Positives

(50/66)
(7/7)

The Path Traversal / Local File Inclusion Detection Accuracy of the Scanner:

Detection Accuracy

Chart

41.18% Detection Rate
0.00% False Positives

(336/816)
(0/8)

The WIVET Score of the Scanner:

WIVET Score

Chart

1.00% Detection Rate

Additional Audit Features:

Fuzzer, various SAP & JBoss tests (unique feature!), Source Code Disclosure (ASP Snippets, etc), Siebel Checks, .NET Checks for well-known files, Lotus domino DB enumeration, Unencrypted password transmissions, Session related issues, Web server hardening, Autocomplete (passive).

Additional Features:

SQLmap Integration (exploitation), SSL Checker, FileFinder, CGIScanner (Catalog scanner), Fuzzer, Shell (Wshell), XML Parser (for manual testing), HexViewer, Supports Anti-CSRF-Tokens / Detect One-Time-Token, Login/Logout Detection & Scripts.

Overview:

None