From Sandcat Browser

AddOns: Extensions


QuickInject Toolkit

Author: Syhunt

QuickInject is an extensive toolkit for manual web application security assessment. QuickInject allows to tailor injection requests that you can send or load using Sandcat, and can be used for performing a number of different operations, such as URL and POST Data Manipulation, Filter Evasion, as well as Referer and User-Agent Spoofing, and HTTP Header Manipulation. In addition to the capability to build requests, QuickInject can also be used to execute JavaScript in a loaded page. The first release of QuickInject is focused on File Inclusion, XSS and SQL Injection and comes with the following options:

Version: 1.0 (Included with Sandcat) / License: Freeware

Pen-Tester Tools

Author: Syhunt
This extension pack includes:


Source Editor

JavaScript Runner

Lua Runner

Ruby Console

Task in Progress


Fuzzer Launcher

Fuzzer in Progress

Fuzzer Results

Version: 2.0 (Included with Sandcat) / License: Freeware

Syhunt Code Extension Pack

Author: Syhunt

Syhunt Code is a static code analysis tool that scans web applications for several kinds of vulnerabilities, including Cross-Site Scripting (XSS) and SQL Injection. It also identifies key areas of the code, such as key HTML tags, AJAX / JavaScript, entry points and interesting keywords, which can help accelerate a code review.

More details about it can be found here. This is a tool that can be used to harden government and education websites and open source web applications against web application security attacks.


SQL Injection Detection

XSS Detection

Secure Code

Preferences Screen

Version: 5.0 / License: Enterprise (must be ordered at Syhunt)

Under Development

Syhunt Dynamic Extension Pack

Author: Syhunt
Coming soon.

Tor Extension for Sandcat

Author: Syhunt
Coming soon.

Retrieved from
Page last modified on May 20, 2014, at 05:53 PM