SPI recently released a comprehensive web app pen testing toolkit. It
includes the following:
• Cookie Cruncher - Analyzes strength of cookies to avoid session
hijacking
• Encoders/Decoders - Translate different encryption standards
• HTTP Editor - Create and edit HTTP requests
• Regex Tester - Test regular expressions
• SOAP Editor - Automatically generate Web services SOAP requests
as well as manually edit
• SPI Fuzzer - HTTP fuzzing or modification of input variables to
identify buffer overflows
• SPI Proxy - Stand-alone, self-contained proxy server that you can
configure and run on your desktop to monitor traffic for debugging and
penetration assessments; view every request and server response while
browsing a site
• SQL Injector - Automated SQL injection attacks against Web site
to test susceptibility to exploits
• WebBrute - Brute force tool to test strength of usernames and
passwords used in login forms or authentication pages
• WebDiscovery - Discovery tool to identify which Web servers and
Web applications are behind which ports
Darren Bounds, CISSP
443D 628D 0AC7 CACF 6085
C0E0 B2FC 534B 3D9E 69AF
--
Intrusense - Securing Business As Usual
On Sep 14, 2004, at 6:49 PM, Andrew Bagrin wrote:
Does anyone know of an application tester similar to AppDetective
thats not as hard on the pocket book?
I need to pentest a web app and am looking for some tools
Thanks,
--
Andrew Bagrin
andrew@bagrin.com
-----------------------------------------------------------------------
-------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one
interaction
with one of our expert instructors. Check out our Advanced Hacking
course,
learn to write exploits and attack security infrastructure. Attend a
course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-----------------------------------------------------------------------
--------
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
