VERY IMPORTANT

Researchers discovered an automated scanning tool called Swiss Army Suite (S.A.S) used for vulnerability scans on web services and websites. The tool generates unusual SQL injection patterns that could potentially bypass web application firewalls. Analysis revealed that the tool is shared in underground forums and offers features like Dork-based checker, generator, and SQL vulnerability scanner. The researchers replicated the tool's behavior in a controlled environment and analyzed its traffic patterns. Telemetry data showed that the main use of this tool primarily came from the U.S., Romania, U.K., and U.A.E. The study emphasizes the importance of differentiating between automated scans and actual attacks, as well as identifying capabilities of both commercial and underground tools.