Introduction

Beagle is a black box web application security scanner.

Currently identified issues:

  • SQL Injection (error based, time delays, boolean)
  • Cross-site Scripting (XSS)
  • File Inclusion
  • URL Redirection to Untrusted Site (aka open redirect)
  • Command Injection (normal, blind)
  • Code Evaluation (PHP, ASP, Perl, Node.js, Apache Struts)
  • File Upload
  • XML External Entity (XXE)
  • HTML Injection (e.g, frame injection, external script injection, base tag hijacking, form hijacking)
  • Header Injection
  • Backup Files
  • Source Code Disclosure
  • Directory Listing
  • Error Messages
  • Predictable Resource Locations
  • Unexpected Redirect Response
  • Version Disclosure
  • Email Disclosure
  • Internal IP Address
  • Internal Path

Key Features

  • Plugin based
    • Pluggable modules allow application to extend its behaviour
  • Multi scan session
    • More than one scan session can be handled in one instance of the application. It does not need separate instances to manage them.
  • Scripting support
    • Attack payloads can be generated while assessing manual tests.
  • Easier URL Rewrite detection ( no threshold, no configuration )
  • Manual browsing feature.
    • If you want to scan a website while you are browsing, you will most probably like this feature. Because you don’t need a browser installed in local machine or proxy configuration, Beagle includes an embedded browser to perform such scans. For example; you can use this feature to test only a page without crawling the whole website.