Injection controller

By default, engines will attack all injection points (QueryString, Post, Header [User-Agent, Referer], Cookie, Url and UrlRewrite).

Injection Controller comes with a rich set of configuration options so that you can add even much more complex rules easily. Such as;

  • Attack only QueryString parameters for SQL Injection checks.
  • Attack only QueryString and Post parameters for HTML Injection checks.
  • Attack only QueryString parameter named "path" for Local File Inclusion checks.
  • Attack only QueryString parameter named "url" for Open Redirection checks.
  • Attack only Post parameter named "cmd" for Command Injection checks.

Injection controller

Attack can be restricted to a certain set of injection points freely.

Multi scan session

Unlike the other web application security scanners, Beagle can manage more than one scan session at the same time in one instance of the application.

You can switch between sessions with one click.

Multi scan session

No need to open multiple instances of the application.

Dashboard

Dashboard is very light but the intuitive interface gives you the information about scan session as much as possible. You can see

  • When it is created.
  • When it is started after creation.
  • If it is idle at that time and how long.
  • How many issues found.
  • How many pages crawled.
  • HTTP request rate per second.
  • Vulnerabilities by severity.

Dashboard

Intuitive interface gives you much information about the scan session.

Exploitation

Currently supports exploitation of the following vulnerabilities:

  • SQL Injection
  • Code Evaluation
  • Command Injection
  • Local File Inclusion

Exploitation

When it is marked as confirmed and applicable you can exploit the vulnerability.