| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 04 Aug 2011 10:35:17 -0400
From: Valdis.Kletnieks@...edu
To: Context IS - Disclosure <disclosure@...textis.co.uk>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
"webappsec@...urityfocus.com" <webappsec@...urityfocus.com>,
"owasp-all@...ts.owasp.org" <owasp-all@...ts.owasp.org>,
"websecurity@...appsec.org" <websecurity@...appsec.org>
Subject: Re: CAT Version 1 Released - Web App Testing Tool
On Thu, 04 Aug 2011 01:45:16 BST, Context IS - Disclosure said:
> CAT is a tool for manual web application penetration testing and includes t he following features:
Sounds at least potentially interesting. A few questions:
> - CAT uses Internet Explorer's rendering engine for accurate HTML representation
Is this optional/switchable? Might be nice to *not* use the actual IE render
engine if you're working on serving up a client-side exploit via XSS - that would
be shooting yourself in the foot then. ;)
> - MONO Support for Linux and OSX (Currently in Beta).
What render engine does it use for Linux/OSX? Or is this referring to using
MONO to talk from a Windows test box to a Linux/OSX target?
> - It is totally free!
What license?
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists