Security News > 2023 > December > SessionProbe: Open-source multi-threaded pentesting tool

SessionProbe: Open-source multi-threaded pentesting tool
2023-12-05 06:00

SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications.

It takes a user's session token and checks for a list of URLs if access is possible, highlighting potential authorization issues.

SessionProbe features Test for authorization issues.

Sorts the URLs by response status code and extension, and provides the length.

"SessionProbe is directly usable with Burp Suite's"Copy URLs in this host" output.

"One idea I'm excited about is checking for outliers. This would be useful for massive apps with massive URLs, where manual review would be complex. Here, I wonder if a tool could already give you candidates for broken access control to review. I also want to implement a functionality to pass in a Swagger file and automatically check all URLs from there. This makes testing super easy and even allows people who don't use Burp to use the tool," Walter concluded.


News URL

https://www.helpnetsecurity.com/2023/12/05/sessionprobe-open-source-multi-threaded-pentesting-tool/