WEB2.0 Detective is a small package of scripts for web application analysis.

It includes:

the module for finding the parameters, that the application handles.

the module for detection web-server software, testing for several configuration, dead code and information disclosure vulnerabilities

the script for grabbing the dictionary for Arguments Finder module

the sample dictionary, made by args_grabber.php

the module for searching (temporary) file copies, left, for example, by various text editors

Currently, there're tests for typical Apache, NginX, Microsoft-IIS, PHP, ASP.NET, Ruby on Rails issues or vulnerabilities.

One of the main advantages of this tool is a small number of requests sent to the server.
BTW, system requirements: Python 3.
You can find more information in docs.html in the release.

DOWNLOAD: .rar | .zip

Last update: 17.12.2012

Example. Suppose you have a php-script:

<?
if( rand( 0, 1 ) == 0 ) echo 'ads';
if( $_SERVER[ 'HTTP_X_REQUESTED_WITH' ] == 'XMLHttpRequest' ) echo $_GET[ 'page' ];
echo htmlspecialchars( $_GET[ 'a' ] ); 1

And this is how the WEB2.0 Detective observes such a script:
beched@linuxoid:/var/www/CODING/web20/src$ python3.2 argsfind.py --url http://localhost/tester.php --cut ads --ajax 1 ========== Starting module Arguments Finder... ========== AJAX mode on... 825 items loaded from the base Detecting the default page length and HTTP-code... Starting dichotomy... ========== .Got 414 error... Too big base, splitting... .*SMTH*.*SMTH*.*SMTH*..*SMTH*..*SMTH*.*SMTH*..*SMTH*.*SMTH*..*SMTH*.*SMTH*.....*SMTH*.*SMTH*.*SMTH*..*SMTH*.*SMTH*..*SMTH*.*SMTH*.*SMTH*...... ========== Number of requests made: 36. Found parameters: page,a

Now launching Software Detector with the revealed args:

beched@linuxoid:/var/www/CODING/web20/src$ python3.2 softdetect.py --url http://localhost/tester.php --cut ads --ajax 1 --args page,a ========== Starting module Software Detector... ========== AJAX mode on... Response code: 200 Detected server: Apache/2.2.14 (Ubuntu) Powered by: PHP/5.3.2-1ubuntu4.14 Headers influencing Caching: Accept-Encoding ========== Checking for sitemap.xml... Got 404 error... Checking for robots.txt... Got 404 error... ========== Testing for specific Apache issues Trying to get real application name via invalid request... Got 413 error... Found real path: /tester.php Checking for server status application... Got 404 error... Testing for common PHP-(Fast)CGI+NginX|IIS|Apache|LightHTTPD|(.*?) configuration vulnerability... Got 404 error... Got 400 error... Not vulnerable ========== Testing for specific PHP issues... Testing for CVE-2012-1823... Not vulnerable Trying to get a max_execution_time error by sending a file with long name... It can take time, wait... Found server application path: /var/www/tester.php ========== 11 requests made

As you can see, a lot of interesting information has been found.
Now let's search sources of some script.

python fuzzbackup.py --url http://localhost/test.php ========== Starting module Backup Fuzzer... ========== Checking for generic backups... Got 404 error... Got 404 error... Got 404 error... Checking for Vim swap files... Got 404 error... Got 404 error... Got 404 error... Checking for Vim, Gedit temporary file... Got 404 error... Checking for Windows or MacOS copies of the file... Got 404 error... Got 404 error... Checking for Emacs temporary file... Possibly found at http://localhost/%23test.php%23 Checking for GNU Nano temporary files... Got 404 error... Got 404 error... ========== 12 requests made