- Automated SQL Injection Detection
- Web Site Crawling (guaranteed not to crawl sites other than the one being tested)
- Login form brute forcing
- Automated overflow detection
- Automated directory traversal detection
Not all web applications are built in the same ways, and hence, many must be analyzed individually. SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it’s completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on. SPIKE Proxy is available for Linux and Windows.
Note: that SPIKE Proxy requires a working install of Python and pyOpenSSL on Linux. This is included in the Windows distribution.
SPIKE is a fairly mature tool having been around since about 2003, we at Darknet use Spike Proxy along with the Burp Suite for web application security analysis.
You can download SPIKE here:
Download for Linux Download for Windows
Limited information can be found here:
Immunity Free Software