Gain back your time.
Core functionality
- Server-stack identification.
- Identify amount and types (link, form, cookie etc.) of inputs.
- Identify input/output characteristics.
- Data sinks (HTTP, HTML, DOM, JS)
- Active and inactive server-side inputs.
- Active and inactive client-side inputs.
- Parallel webapp scans.
- Multi-role scans.
- More to come...
Unrestricted functionality
Unrestricted functionality leading to cost-effectiveness:
- Unrestricted target domains
- Unrestricted scans (parallel too)
- Unrestricted pages
- Unrestricted scan time
No need to pay the more you scan, the more you scan the more you secure and the less you waste.
With Ecsypno's cost-effective approach, you are encouraged to make full use of your hardware at no additional cost.
Start as many parallel scans as your machines can handle and scan for as long as you need, all that you need!
Flexible deployment
- CLI scanner utilities, for terminal availability.
- WebUI, for ease of use.
Bleeding edge technology
By being backed-up by Google Chrome, Codename RKN is on the bleeding edge of support for modern web applications.
- JavaScript/DOM/HTML5/AJAX.
- Tracing of data and execution flows of DOM and JavaScript environments.
- Extra tracing optimizations for common JavaScript frameworks.
Web applications are no longer black-boxes with its client-side IAST/DAST hybrid approach.
Intelligent
On-the-fly adaptation to each web application, down to the single input.
Analysis of each resource individually, which in turn allows for tailoring each request to the technologies being used, as well as the behavioral characteristics of each individual input vector.
High performance
Highly detailed, well-structured report
JSON report, including an abundance of context for easy reproduction and verification of identified I/O entries.
Articles
Script your DOM XSS exploitation workflow
Hello all, I wanted to share some Codename SCNR scripting kung-fu with you. This is something you can use post-scan,...
The Arachni Chronicles
A story of curiosity, experimentation, development, million euro deal, fraudsters, abandonment and revitalization. From the inception of the F/OSS Arachni...
Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications
Some very interesting technology was presented a few days ago in the following articles: Following the data: Taint-tracing in the...