WATOBO
WATOBO is a semi-automated web application scanner designed for efficient security audits. It operates as a local web proxy to facilitate detailed testing.
Description
WATOBO enables security professionals to perform highly efficient semi-automated web application security audits. As a local web proxy, it intercepts and analyzes web traffic, allowing for targeted vulnerability detection and testing.
The tool is particularly useful for professionals conducting in-depth assessments of web applications, providing a balance between automation and manual control. It loads various configuration files and modules to support different scanning policies and scopes.
WATOBO integrates with Ruby-based dependencies and supports loading of active modules for specific vulnerability checks, though some modules may show initialization warnings during startup.
How It Works
WATOBO functions as a local web proxy, intercepting HTTP traffic between the client and target web application. It loads configuration files from /usr/share/watobo/config/ for datastore, forwarding proxy, general settings, GUI, interceptor, OTT cache, scan policy, scanner, scope, and SID cache. The tool uses FXRuby for its interface and attempts to load active modules for vulnerability detection, such as RoR and SAP modules, though some may encounter initialization issues.
Installation
sudo apt install watoboExamples
watobo -hwatobosudo apt install watobowatobo --helpwatobo -?watobo --version