Security tool that enables security analysis and penetration testing, BlackSheep is a framework which focuses on augmenting manual pen-test by providing information to the tester. BlackSheep also keeps track of every testing steps employed by the pen-tester and facilitates the storage of the results and test cases.
- Application flow graph
- Precise client-side actions recording
- You can view stuff!
- Adding findings with a click
- Full blown web browser (built on top of WebKit)
- HTTP requests tampering (GET, POST, Cookie and Headers) by interception or request replay
- Findings collection based on custom data structure, easy creation of findings based on HTTP history.
- History of HTTP requests and responses
- Web application informations for pen-testers: Site structure (simple tree sitemap), Application Flow Map with heuristics and view of all information for each node, Source code/DOM view with search, WebKit Inspector available for all pages, Record of user interactions (clicks, keyboard, etc.) on each web pages (Test case tab)
- Partial support of URL rewriting rules
- Different transcoders available for charsets, encodings (URL encoding, Base64, etc.)
- Python 2.6, or 2.7
- PyQt4 (version 4.7.0 or higher)
- python-graph (version 1.7 or higher)
On OSX, you can get PyQt4 using macports:
sudo port install py27-pyqt4
python-graph can be fetch using easy_install:
The windows version of PyQt4 can be downloaded at riverbankcomputing, and for Ubuntu's using
To launch the GUI, you simply need to run
that should be it.