We are very excited to announce the preview release of Scout. SecApps Scout gives you a 360° visibility of all your external system assets such as domains, IP addresses, ports, services, and web applications. With Scout, you can build up and continuously manage your systems asset catalog without the need to provision many specialist tools, configure support infrastructure, aggregate reports and keep everyone informed via the right communication channel.
SecApps Scout was specifically designed to help you stay ahead of cybercriminals by automatically identifying the weakest links in your public infrastructure with builtin support for automatic change detection and auxiliary tools for filtering, sorting, categorizing and testing the Scout results.
Your scouts will also keep you and your team up to-to-date with automatic summary emails and slack messages sent from your scouts upon completion. It has never been easier to get a personal 24/7 security monitoring infrastructure ready to operate at any scale under any conditions.
JSON Path Encoder
The Encoder tools from the Online Suite now supports JSONPath evaluations. This will help you extract values directly from the chain of transformations, saving time and additional effort. With JSONPath we can perform a wide-range of JSON manipulations which are particularly useful when dealing with JWT tokens, AWS pre-signed URL and forms and more.
Cohesion version 1.1.1 now comes with built-in hotkey support when running with TTY support. The hotkeys will allow you to introspect the scanner and all other tools while running. It is also possible to dump snapshot reports without interception of the current scanning process.
Most of the tools are now able to export results as a serialized BSON stream (the default serialization format). Unlike the CSV and JSON, this export forms is capable of efficiently describing all captured information in great details - including the untampered binary data for the requests and responses. Furthermore, the exported format can be read and processed via cohesion command line tools, which makes it great for scripting.
List of Security Checks
The cohesion command-line toolkit now comes with several built-in commands to help you understand the list of supported vulnerability checks, severity levels and attack methods.
Updated Fuzz Lists
We have updated all the fuzzer lists across all applications. This means that now you can use the latest lists from DirBuster, DNSPop, FuzzDB, SecLists and many more. Try the latest lists at https://fuzzer.secapps.com.
We aim to make the best of bread web application security testing toolkit on the market and the screenshot bellow is a proof that we are on the right track. As you can see HTTPView (https://httpview.secapps.com) will take huge amounts of data (over 100K requests) and provide you with the necessary tools to explore, sort and filter the transactions log without stutter.
Although HTTPView is well known and widely used today, it occurred to us that it was never announced on Product Hunt. So we decided to correct this. Click here to upvote.
All online tools now come with dedicated service workers to help with caching and when you need to work offline - yes now you can use the tool even when you are completely disconnected.