Home page logo


Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. For downloads and more information, visit the ratproxy homepage.

Popularity #96, new!
Rating ★★★★★ (1)
Latest release 1.58 beta
May 1, 2009
(6 years, 4 months ago)


★★★★★ Ariel Naves

My team used this for quite some time and compared to generic infrastructure VA tools like Nessus, and Foundstone we found the value in using a specialized Web VA tool. It found more and specific issues with precise recommendations to fix those. I recommend it based on my experience. I havent explored the IBM and HP counterparts yet...I understand that they are relatively costlier.

no rating Muhammad Osama

How can I integrate RATPROXY with SQUID or any other proxy server ?

Your comment

Along with your rating, you can use the comment form to post a review, tutorial, tips and tricks, or anything else others will find useful. If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).

  (will not be shown, will not be spammed)
  (web site, Twitter, Facebook, etc.)
(At least 50 characters. No markup is allowed. URLs will be made into links.)
 What is the standard TCP port number for the SSH service? (antispam)

Feed for updates.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]