From aldeid
Jump to navigation Jump to search


Global view

By clicking on the plugin icon from the icons bar, you access the plugin dashboard:


At the time of this writing, two plugins are available:

  • Catalog-Scanner: Brute-forces directories/files discovery
  • SSL-Checker: Checks if certificate supports strong ciphers (>=128bits)


The Catalog-Scanner is a brute-forcer like Page in French Nikto, that automatizes the discovery of *hidden* files/directories.

It is based on two files:

  • db_tests: contains payloads for the discovery of files/directories. It's syntax is similar to Page in French Nikto db_tests file. See lesson 7 for more information on how to use it.
  • db_variables: contains eventual variables used in db_tests file (e.g. @php_extension php php4 php5).


During the SSL Handshake on a new TCP connection between a client and a server, the best supported ciphers is chosen among the list of elligible ciphers. For more information on that process, please refer to this document.

Watobo SSL-Checker plugin shows a list of elligible ciphers for a given SSL connection and checks them. Elligible ciphers appear with the flag true and a background color:

  • green for strong ciphers (>=128bits)
  • red for weak ciphers (<128bits)

See how to use in lesson 7.