I'm working through an eval of the scanner right now. It looks like some thought has gone into how it finds files and extension. (There's a README-FIRST in the /dictionaries directory that explains this in details). However, I noticed some artifacts in my logs that point to some interesting beta-goodness behavior. For example:
GET /xmlrpc.php?tar.gz.cpp HTTP/1.1
So, it looks like the scanner found the xmlrpc.php but then started getting confused when it came to arguments versus file extensions.
I'm still testing and hopefully will have time to compare it to WebInspect and AppScan for those interested.
GET /xmlrpc.php?tar.gz.cpp HTTP/1.1
So, it looks like the scanner found the xmlrpc.php but then started getting confused when it came to arguments versus file extensions.
I'm still testing and hopefully will have time to compare it to WebInspect and AppScan for those interested.