Detect Critical Vulnerabilities

Ammonite detects critical vulnerabilities. These include padding oracle vulnerabilities, verbose and blind SQL injection, boolean SQL injection, reflected and persistent cross-site scripting, ID enumeration, verbose and blind OS command injection, local file inclusion, buffer overflows, and format string vulnerabilities. Ammonite can also discover unpublished content.

Ultimate Control

Choose between manual and automatic modes of testing. Specify URL patterns that should be tested in automatic mode. Specify limits on request timeouts, maximum requests per second, number of testing threads and number of retries. Log every request and response generated by Ammonite. Skip testing of identical requests and sessions with media responses in automatic mode. Opt for breadth first vulnerability search for quick penetration of web applications.

Pause, resume and cancel individual test cases. Pause and resume all test cases.

Fuzz Multiple Request Formats

Ammonite understands how to stuff faults into XML, JSON, URL Encoded, and Multi-Part POST bodies.

Test All Request Sections

Ammonite can test all the sections of an HTTP request, including: cookies, headers, URL path elements (RESTful apps), query string, and request body.

Passive Checks

Ammonite includes passive checks that scan responses for credit card numbers, hidden form fields, HTTP/500 errors and verbose error messages.

Export Requests as Python

Export requests from the session list to urllib2 python code for easy exploit / PoC creation and all your scripting needs.

Filter Vulnerabilities

Search vulnerabilities along multiple dimensions with SQL, including: URL, title, parameter and risk rating.

Generate HTML Report

Combine SQL filters with individual selections to report on only those vulnerbailities you are interested in.

Generate a professional HTML report that includes a detailed issue description, risk rating, reproduction steps, remediation instructions, sample requests and responses.

Easy Licensing

Any number of licenses can be purchased. Licenses are valid for 365 days from the time of order processing. After installation, the product is activated with a license file. A single license can be activated on up to three machines. Free upgrades are provided throughout the license period.


Thirty day free trial, no purchase required.