News — ecsypno

Hello all, There is a new release of Codename SCNR, v1.7.0, and it includes some really spectacular updates. Let's dive in. The Introspector The Introspector is middleware that you use in your web application in order to provide immense context to identified issues: Execution flow Which parts of the web application code were executed. File paths Source code Methods/functions Data flow Which parts of the web application the audit payloads traversed through. File paths Source code Methods functions Arguments at the time. Source code for those methods. Backtrace. Hunting down issues just became easier than ever. In addition, armed with...

Hello all, I'd like to introduce to you the upcoming addition to Ecsypno's product line: Codename RKN Codename RKN is an automated WebApp I/O behavioral analysis (for reconnaissance and threat modelling) tool -- i.e. a penetration tester's best friend.It is your manual webapp pentest assistant, allowing you to keep track of a Web application's attack surface as well as your progress traversing through it. Core functionality Server-stack identification. Identify amount and types (link, form, cookie etc.) of inputs. Identify input characteristics, ex.: Data sinks -- Data lands in: HTML – reflected HTTP response headers – reflected JS runtime Whether or...