Oedipus is an open source web application security analysis and testing suite developed by Penetration Testers for Penetration Testers. It is capable of parsing different types of log files off-line and identifying several security vulnerabilities. Using the analyzed information, Oedipus can then dynamically test web sites for application and web server vulnerabilities.
Oedipus can be broken down into 4 main components:
Analyzer – Capable of parsing several different types of log files, such as Burp, Paros, etc, identifying potential security vulnerabilities using pattern matching – An Oedipus input file is also produced.
Scanner – Parsers the Oedipus or IEnterceptor file, feeding each request to a dynamically loaded predefined security plug-in on the fly.
Reporter – Using the results from the Analyzer and the Scanner, Oedipus produces several well formatted reports designed for the Penetration Tester. The Scanner report can be interactively used to verify the results of the potential vulnerabilities discovered.
Tools – Using the above identified security vulnerabilities, a number of tools will be provided to analyze and potentially exploit the vulnerability.