WASAT v1.0 beta (Web Authentication Security Analysis Tool) is a Win32 =
application designed for the assessment of the security of these two =
authentication mechanisms, namely Basic Authentication and Forms-Based =
Authentication.

WASAT is able to mount dictionary and brute force attacks of varying =
complexity against the target Web site. Password files can be easily =
configured to perform exhaustive searches. In order to improve speed, =
some useful techniques have been implemented: use of HEAD verb when =
possible, user-configured number of sockets running in parallel, =
comparison of content length instead of content string, etc.

This tool is intended for Web site administrators, to aid them in the =
task of evaluating the security of their applications. Assisted by this =
tool, they will be able to detect poor passwords, to stress-test the =
login application when hundreds or thousands of users are trying to =
authenticate simultaneously, to verify the correct operation of blocking =
mechanisms after a number of failed login attempts, and to improve and =
tune their protection mechanisms to detect brute force attacks aimed at =
cracking valid user credentials.

DOWNLOAD

The program can be downloaded from the following URL: =
http://www.instisec.com/publico/descargas/

See the help file included in the package for instructions on how to use =
the program.

FEEDBACK

This is a beta version. Bug reports, comments and suggestions are =
welcome at gonzaloinstisec.com.

Gonzalo Alvarez

Instituto para la Seguridad en Internet

C/ Rafael Bergamin, 20 Bajo-2 Local 2
28043 Madrid
Spain

Tel: (34) 91 415 58 47
Fax: (34) 91 510 05 57
Correo-e: gonzaloinstisec.com
WWW: www.instisec.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]