Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Zero-configuration, automated, random testing tools for web-apps?

In short, I'm looking for a tool to perform an automated, zero-configuration, full-frontal assault on a web application.

I'm thinking this would logically be a browser-extension that both crawls links on a given domain/path, AND randomly inputs data into forms and submits them. Specifically, form input would randomly include various data types, special characters, excessive data, various character encodings, and null values. Multithreading is a necessity (perhaps one plugin simply utilizing multiple Firefox tabs).

The tool does NOT (and should not) need to make any assertions about the results, or verify any application behavior. Instead, the persistence layer (DB records, etc) and applications logs would be used to evaluate the results of this "testing effort."

This would be a tool to complement existing testing tools (Selenium, QuickTestPro) and methodologies that may not have 100% coverage.

Any suggestions for existing or in-development tools? If not, I am eager to start an open-source project.

CLARIFICATION: I am specifically not looking for a penetration testing tool.

UPDATE: I have founded an open source project to satisfy this question. See comments below.

like image 519
Dolph Avatar asked Jan 22 '10 18:01

Dolph


1 Answers

I used the trial of Acunetix for a while. It seemed reasonably effective, although it took longer than I thought it ought to and it's certainly not open source.

I forgot what the thing was called, and this list at SoftwareQATest is where I found it again. That list may be useful to you. The list of testing tools at OWASP looks similarly handy.

like image 59
keturn Avatar answered Jan 01 '23 20:01

keturn