CSRFSCanner is a tool designed to identify the forms potentially vulnerable to CSRF/XSRF on a website.

　　This detection is made on forms that are only accessible by logged-in users (cookies are needed to find these forms).

　　The methodology used to identify these forms is the 4-pass reverse diff analysis.

　　Then， in order to determine if a form may be vulnerable， the tool analyzes hidden and password fields to find an anti-CSRF token.

　　http：//www.vulnit.com/en/doc/CSRFScanner.tar.gz

　　http：//www.vulnit.com/en/doc/4-pass-reverse-diff-analysis.pdf

　　http：//packetstormsecurity.sebug.net/files/download/107442/CSRFScanner.tar.gz