RE: Vuln scan tool for web
From: David Nester (david_at_icrew.org)
Date: 07/17/03
- Previous message: Ty Bodell: "Re: Know such a web's server tool?"
- In reply to: MARTIN M. Bénoni: "RE: Vuln scan tool for web"
- Next in thread: Chad Schieken: "RE: Vuln scan tool for web"
- Reply: Chad Schieken: "RE: Vuln scan tool for web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <pen-test@securityfocus.com> Date: Thu, 17 Jul 2003 11:39:06 -0500
Good morning!
Here are some additional tools that might be focused towards web
environments.
Scanline
http://www.foundstone.com/
Spike
http://www.atstake.com/
Stunnel
http://www.stunnel.org/
Netcat
http://www.atstake.com
SQLAT
http://www.cqure.net/
openssl
http://www.openssl.org/
nikto.pl
http://www.mirrors.wiretapped.net/security/vulnerability-assessment/nikto/
URLScan
http://www.microsoft.com/
WebInspect
http://www.spidynamics.com/
MD5
http://www.fourmilab.ch/md5/
KerbCrack
http://www.ntsecurity.nu
anwrap.pl
http://modelm.org/anwrap/
Whisker and libWhisker
http://sourceforge.net/projects/whisker/
Hydra
http://www.thc.org/
Nessus and Webmirror.nasl
http://www.nessus.org/
Ethereal
http://www.ethereal.com/
Wget
http://www.gnu.org/software/wget/wget.html
DSniff
http://www.monkey.org/~dsong/dsniff
Curl
http://curl.haxx.se
Brutus
http://www.hoobie.net/brutus/
Achilles
http://www.digizen-security.com/downloads.html
Webproxy
http://www.atstake.com/webproxy/
Spike
http://www.immunitysec.com/
Hope these links are of use!
David
-----Original Message-----
From: MARTIN M. Bénoni [mailto:benoni_martin@hotmail.com]
Sent: Thursday, July 17, 2003 6:28 AM
To: steve@incunabula.be
Cc: pen-test@securityfocus.com; domingos@microlink.com.br
Subject: RE: Vuln scan tool for web
Hi!
You have two other tools that can scan for web vulnerabilities:
- babelweb http://www.hsc.fr/ressources/outils/babelweb/
- whiskern http://sourceforge.net/projects/whisker/
For some accurate vuln. scans, you can try cgiscan.s, phfscan.c, ..., so
some more specific tools.
>From: "De Doncker, Steve" <steve@incunabula.be>
>To: "Domingos Costa"
><domingos@microlink.com.br>,<pen-test@securityfocus.com>
>Subject: RE: Vuln scan tool for web
>Date: Tue, 15 Jul 2003 19:40:39 +0200
>
>Domingos Costa <mailto:domingos@microlink.com.br> scribbled on Tuesday,
>July
>15, 2003 19:00 PM:
>
> > I'm looking for a web tool that allow a user connected to my lan scan
> > his own computer for vulnerabilities. It's something similar to
> > ShieldsUP! at grc.com, but i wanna put it inside my lan, at a web
> > server and the user can just click on to start probbing his ports. Do
> > you know some tool?? I'm working with linux slackware.
>
>http://sourceforge.net/projects/phpsecurity/
>http://www.inprotect.com/
>
>These are basically web frontends for tools like nmap and firewalk, or if
>you know something about sockets in PHP you could write your own "port
>scanner" application very much like this one
>(http://www.hackerzhell.co.uk/portscan.php).
>
>
>Regards,
>
>Steve
>http://incunabula.be/~steve
>
>
>
>---------------------------------------------------------------------------
>Your network Firewall and IDS products do not prevent Web application
>exploits - the most common form of online attack - resulting in Web
>defacement, data theft, sabotage and fraud.
>
>KaVaDo is the first and only company that provides a complete and an
>integrated suite of Web application security products, allowing you to
>assess your entire environment, automatically set positive security
>policies and maintain it without compromising business performance.
>
>For more information on KaVaDo and to download a FREE white paper on Web
>applications - security policy automation, please visit:
>http://www.kavado.com/ad.htm
>---------------------------------------------------------------------------
-
>
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
---------------------------------------------------------------------------
Your network Firewall and IDS products do not prevent Web application
exploits - the most common form of online attack - resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to
assess your entire environment, automatically set positive security
policies and maintain it without compromising business performance.
For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Your network Firewall and IDS products do not prevent Web application
exploits - the most common form of online attack - resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to
assess your entire environment, automatically set positive security
policies and maintain it without compromising business performance.
For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------
- Previous message: Ty Bodell: "Re: Know such a web's server tool?"
- In reply to: MARTIN M. Bénoni: "RE: Vuln scan tool for web"
- Next in thread: Chad Schieken: "RE: Vuln scan tool for web"
- Reply: Chad Schieken: "RE: Vuln scan tool for web"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
