Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Web Application Tester

from [brennan stewart] Network Security [Permanent Link]
Subject: Re: Web Application Tester
Date: Thu, 16 Sep 2004 02:20:06 -0400 
His list looks similar to mine.

firefox + switchproxy, livehttpheaders, googlebar, others = ^^

dave aitel's spike proxy, OWASP webscarab, Paros

nikto (btw, you could easily get the URLs from different web scanners
and put them directly into the file nikto uses, not sure if ppl have
done that before or not)

nmap (Mr smart admin, why do you have telnet open on your web
application server?, no i am not kidding ^^ )

Brutus, thc-hydra

recursive wget. 

dinis cruz's tools for a .net environment, i don't know of automated
tools for the others, might have to use checklists.

OSVDB for vulns

Depending on the app design itself, a good amount of CSS/SQL injection. 
I like to submit lots of different variants simultaneously, far beyond
the du jour <script>...

I'm also partial to the OWASP guide.

Do you have a defined scope yet?

I ask because webapps normally consist of:
http server, application server, application itself, rdbms, host os for
each, plus all the serving network infrastructure
(routers/switches/firewalls/etc)

So that would require a code audit, configuration checks of everything,
and an architecture review since some CCIEs think a spf firewall
protects the web server ^^ 
 
-b

On Wed, 2004-09-15 at 03:09, Anders Thulin wrote:

Andrew Bagrin wrote:


Does anyone know of an application tester similar to AppDetective
thats not as hard on the pocket book?
I need to pentest a web app and am looking for some tools


   Haven't tried AppDetective for Web Applications myself, so I'm
not sure of just what capabilities you're looking for. Nothing
magic I hope. Take a look at:

   * Nikto (http://www.cirt.net/code/nikto.shtml)
     Freeware
     Useful for single-shot exercies, less useful for mass deployment.
     Looks mainly at the server and the server set-up, not the web-site
     itself.

   * Xenu's Link Sleuth (http://home.snafu.de/tilman/xenulink.html)
     Freeware
     Intended for finding broken links, but also helps enumerate all
     reachable pages on a site, given a starting point (and in some
     cases an account/password).

   * wget (http://www.gnu.org/software/wget/wget.html)
     Freeware -- typically part of free Unixes, including Cygwin
     Useful for getting a 'copy' of the web site: search for keywords,
     comments, etc.

   A SSL-proxy is sometimes useful, as is some kind of brute-force
login tool (THC-Hydra is well known - http://thc.org/)

   And, in general, the book Scambray & Shema: 'Hacking Exposed:
Web Applications' is one of the best places to start preparing for
this kind of exercise.

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Strange response from network, David Coppa
Next by Date:  Re: Strange response from network, shashrai
Previous by Thread:  Re: Web Application Tester, cbc
Next by Thread:  Re: Web Application Tester, Danux
Indexes:  [Date] [Thread] [Top] [All Lists]