News — javascript

Hello all and happy holidays! As a gift that will keep on giving, we at Ecsypno wanted to brighten your every-day worklife from here on out!   Nothing makes or breaks a manual pentest like proper, thorough reconnaissance notes, agreed? However, going over every characteristic of a web application by hand and taking notes is a hell of a tedious process, and I can't imagine everyone's favorite.   Well, fret no longer! Codename RKN to the rescue.   Codename RKN, in essence, performs an inside out analysis of a web application based on its inputs/outputs and presents that data in...

Hello all, I would like to introduce to you the new addition to Ecsypno's product line: Codename RKN Codename RKN is the first comprehensive WebApp attack surface mapper. It can help save countless hours from your daily duties by providing amazing insight into a web application's behavior and inner workings. It utilizes DAST and client-side IAST techniques to monitor everything about a black-box and presents its I/O characteristics in an approachable form. Codename RKN digs deep and will let you know how to prepare your penetration test approach for each web application based on how it processes its inputs and...

Hello all, I'd like to introduce to you the upcoming addition to Ecsypno's product line: Codename RKN Codename RKN is an automated WebApp I/O behavioral analysis (for reconnaissance and threat modelling) tool -- i.e. a penetration tester's best friend.It is your manual webapp pentest assistant, allowing you to keep track of a Web application's attack surface as well as your progress traversing through it. Core functionality Server-stack identification. Identify amount and types (link, form, cookie etc.) of inputs. Identify input characteristics, ex.: Data sinks -- Data lands in: HTML – reflected HTTP response headers – reflected JS runtime Whether or...