Sandcat combines Syhunt's state-of-the-art, multi-process scanning technologies with the incredibly fast Lua language and Chromium to perform remote web application security scans. While spidering a web site and hunting vulnerabilities, Sandcat emulates a modern, HTML 5-aware web browser, making sure every web application gets fully tested.
Sandcat is focused on finding security flaws in web applications.
Black-Box Testing - Assess the web application security through remote scanning. Supports any web server platform.
White-Box Testing - By automating the process of reviewing the web application's code, Sandcat's code scanning functionality can make the life of QA testers easier, helping them quickly find and eliminate security vulnerabilities from web applications. Supports ASP, ASP.NET, PHP & JSP.
Concurrency/Scan Queue Support - Multiple security scans can be queued and the number of threads can be adjusted.
Deep Crawling - Runs security tests against web pages discovered by crawling a single URL or a set of URLs provided by the user.
Advanced Injection - Maps the entire web site structure (all links, forms, XHR requests and other entry points) and tries to find custom, unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests (mostly GET and POST). Tests for SQL Injection, XSS, File Inclusion and many other web application vulnerability classes.
Reporting - generates a report containing information about the vulnerabilities. After examining the application's response to the attacks, if the target URL is found vulnerable, it gets added to the report. Sandcat's reports also contain charts, statistics and compliance information. Syhunt offers a set of report templates tailored for different audiences.
Local or Remote Storage - Scan results are saved locally (on the disk) or remotely (in the Sandcat web server). Results can be converted at any time to HTML or multiple other available formats.
In addition to its GUI (Graphical User Interface) functionalities, Sandcat offers an easy to use command-line interface.
The Pro version of Sandcat includes all the standard features plus:
Graphical User Interface
Sandcat Browser -- A pen-test oriented multi-tabbed web browser with extensions support.
Full SandcatCS -- Full version of the Sandcat Console application and complementary utilities such as SesmanCS
Session Resume Support -- Ability to stop and later resume a scan session. It works for all scan methods and target options.
Full Vulnerability Info -- Full vulnerability information and references - CVE, NVD, CWE, Bugtraq &a