ZwelL继Pangolin之后推出的又一款功能强大的Web应用漏洞扫描工具——JSky。前段时间已经开始JSky beta的公测,不过我一直没有用过,最近使用了一下,感觉还不错。轻量级web应用扫描软件,比wvs、appscan和webinspect都要小多了。
下面是nosec上面发布的内容:http://www.nosec.org/web/jsky
Lastest updated : alpha 20080915
Version : 1.0.0 beta (2008.09.15)
What is JSky?
JSky is a windows-based GUI Web Application Vulnerability Scanner, which is totally FREE. ; )
What can JSky do?
Ok, I don’t wanna say anything again and again, it’s a vulnerability scanner, so it can scan these vulnerabilities:
- SQL Injection
- XSS
- Unsecure object using
- Local path disclosure
- Unsecure directory permissions
- Server vulnerabilities like buffer overflow and configure error
- Possible sensitive directories and files scan
- Backup files scan
- Source code disclosure
- Command Execute
- File Include
- Web backdoor
- Sensitive information
- And so much more……
And, there is another thing I wanna say: actually, JSky is not only a scanner, but also as a EXPLOIT. ; )
Why should I use JSky?
Look at these features and benefits, I think you will love it right away:
- Powerful web spider that multi-threaded scanner crawls hundreds of thousands of pages with ease, also supports extract links from JavaScript and flash.
- Advanced and in-depth SQL injection, you maybe had heard about Pangolin. Yes, I use its engine so it can detect these vulnerabilities exactly. Do not like others which using method of Pattern Matching. Databases include Oracle, MSSQL, Mysql, Informix, DB2, Access, Sqlite, Sybase, PostgreSQL and some others.
- Modularization design of vulnerability scanner, so everybody can code and share their module.
- XML-based vulnerability file, and integrated a Web vulnerability executive parser which means you can design a vulnerability just by editing the XML file, no need to code any program.
- It’s totally FREE.
Who should use JSky?
Well, I think these people who would like to use JSky including, without limitation:
- Penetration tester
- Website administrator
- Security technology enthusiast
- Even a Hacker?
Support JSky
If JSky is useful to you, it’ll be very nice of you to support it by giving me some advise or donatation. More information please check http://www.nosec.org/web/contributions
Download
Now, it is an alpha version, please waiting a few days, thank you 
You can download it from these following links:
http://down2.nosec.org/jsky.rar Thanks www.gipsky.com very much for download host.
http://down3.nosec.org/jsky.rar Thanks www.pcxcode.cn very much for download host.
ScreenShot
- Why there are so many contents that did not exist actually?
Maybe the target has defined custom 404 page. You can detect this situation at the “Other configuration” tab page in scan wizard, click the “Auto” button.
本文还暂无回复