Webfigh is a tool for manual analysis of web application security.
The tool performs a log parser of Burp (http://portswigger.net/burp/download.html), and performs a series of tests and show notes to an expert analyze:
- All requests and parameters to fuzz and data validation tests;
- Show all files and javascriopt perform syntax analysis;
- Show all flash files, disassembled and grep potential vulnerabilities;
- Analyze all headers and do a fingerprint;
- Validate security headers (CSP; HSTS, X-Frame-Options)
- Create the CSRF PoC for all requests;
- And much more ... Make your module ...
Watch Demo:
http://www.youtube.com/watch?v=-xXdoWilR6M&feature=player_embedded