Re: spider web scanner



Skipfish has been my preferred web vulnerability scanner as of late.
It's free, does the spidering for you, and will do some brute forcing to
find hidden directories with easily guessed names.

Just make sure you either run it against a test server or throttle it.
Most people find that skipfish with default settings also works nicely
as a DDoS tool against most web servers which aren't high-performance or
sitting behind load balancers. ;)

On 12/17/2010 2:13 AM, modversion wrote:
hi list:
Anybody could suggest a web scanner with the following functions:
1.It could import many domain and subdomain for scan.
2.Acting as a spider could find subdomain and directory.
3.support customs url check which can work with spidered result

thanks in advanced!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Automatic web application security profiling
    ... paros or burp would be your best guess for spidering the site looking ... proxy through something running rat proxy to pick up any vulns ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Export results of spidering from WebScarab or Paros
    ... I would suggest a go for the Burp instead (Burp Proxy) ... How can I export the results of spidering from WebScarab or Paros? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)