Web application pentesting is a crucial component in the offensive cybersecurity area, whose aim is to safeguard web applications and web services as the majority of the web applications are mounted in publicly accessible web environments. This method requires that the cybersecurity experts pretend and act as real attackers to identify all the errors and vulnerabilities in web applications with the objective of preventing and reducing damages. As this process may be quite complex and the amount of information pentesters need may be big, being able to automate it will help them to easily discover the vulnerabilities given. This project is the direct continuation of the previous initiative called PThelper: An open source tool to support the Penetration Testing process. This continuation is focused on expanding PThelper with the functionality to detect and later report web vulnerabilities in order to address emerging threats and strengthen the ability of the organizations to protect their web applications against potential cyber-attacks.

翻译：Web应用渗透测试是攻击性网络安全领域的关键组成部分，其目标在于保护Web应用程序和Web服务，因为大多数Web应用程序都部署在公开可访问的网络环境中。该方法要求网络安全专家模拟真实攻击者的行为，以识别Web应用程序中的所有错误和漏洞，旨在预防和减少损害。由于此过程可能相当复杂，且渗透测试人员所需的信息量可能很大，实现自动化将有助于他们轻松发现既存漏洞。本项目是先前名为"PTHelper：支持渗透测试过程的开源工具"计划的直接延续。本次延续的重点是扩展PTHelper的功能，使其能够检测并随后报告Web漏洞，以应对新兴威胁，并增强组织保护其Web应用程序免受潜在网络攻击的能力。