The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming.
By reducing this burden we hope pen testers will have more time to:
- See the big picture and think out of the box,
- Find, verify and combine vulnerabilities efficiently,
- Have time to Investigate complex vulnerabilities like business logic, architectural flaws, virtual hosting sessions, etc.
- Perform more tactical/targeted fuzzing on seemingly risky areas
- Demonstrate true impact despite the short time-frames we are typically given to test.
This tool is however not a silver bullet and will only be as good as the person using it. Understanding and experience will be required to correctly interpret the tool output and decide what to investigate further in order to demonstrate the impact.