Hello all and happy holidays!
As a gift that will keep on giving, we at Ecsypno wanted to brighten your every-day worklife from here on out!
Nothing makes or breaks a manual pentest like proper, thorough reconnaissance notes, agreed?
However, going over every characteristic of a web application by hand and taking notes is a hell of a tedious process, and I can't imagine everyone's favorite.
Well, fret no longer! Codename RKN to the rescue.
Codename RKN, in essence, performs an inside out analysis of a web application based on its inputs/outputs and presents that data in a beautiful and context-full fashion.
You can even get a view into the runtime JavaScript environment in cases where there is JS activity for an input!
In addition, that data can be exported in JSON format, ready to be consumed by your next favorite tool.
Give it a shot and let it handle half the load of a manual pentest.
Cheers!
- Tasos L.