Hardanger is an Open Source web application penetration testing tool led by security researchers from SecurityWire.
The project aims to bridge the gap between current open source web
application testing tools commonly used in a Linux environment and bring
the same level of tools to native Windows based platforms. Hardanger
aims to deliver a user friendly experience for semi-automated web
application penetration testing by building tools on top of the
excellent Fiddler2 web debugger.
The project deliverable is a Fiddler2 (http://www.fiddler2.com)
add-on dll written in C# that is easily installed using a .msi
installer and a standalone application is also be available for users
that do not want the integrated Fiddler2 experience. Hardanger has been
architected so it can be easily expanded to add other functionality. The
first version only includes a simple HTTP(S) GET and POST parameter
fuzzer but will has built a foundation where it is trivial to plug in
additional fuzzers and detection engines as well as other features. Once
server fuzzing is perfected and state of the art, this project will
continue to add new features such as a web browser fuzzer, brute force
tool, manual tampering, crawler, passive vulnerability detection, recon
tools, etc.
Current Features
- Native Windows feel via Windows Presentation Foundation
- Can run as a Fiddler2 add-on or standalone
- ClickOnce installer with automatic updates (standalone version)
- Context tab allowing inspection of full HTTP requests
- Server fuzzer tab to configure and launch the server fuzzer
- Basic random fuzzer generates random strings of UTF8 characters of random lengths
- Non HTTP 200 detection engine
- Results window keeping track of successful detections
- Ability to review requests/responses in the results details window
