RE: Web Vulnerability Scanner

-----Original Message-----
From: Debasis Mohanty [mailto:mail@hackingspirits.com] 
Sent: Monday, October 16, 2006 12:05 AM
To: 'pen-test@securityfocus.com'
Subject: RE: Web Vulnerability Scanner


Tareq, 

AFAIK unlike commercial products there exist no *single* free or open source
web scanner which look for all possible web app weakness. You may have to
collate various free/OSS tools to ensure you cover all attack vectors.
However, here is a quick list which will cover most part of the audit -- 

1. Input Validations/Sessions Replay/Request Constructers/Request Tampering
        - any mitm proxy (like paros, fiddler, webscarab, burp etc .. )

2. SQL Injections 
        - SQL Power Injector, BobCat, Absinth (if u want to get a shell via
sql injection) etc..

3. XSS 
        - Paros can find both XSS and sql injection aswell

4. Authentication Testing / brute forcing
        - I have my own customize script. Not aware of any free/oss one

5. Crawler / Spider
        - Paros has a spider and can do spidering for ssl enabled sites
aswell 
        - Intellitamper
        - Black Widow
        - HTTP Track

6. Fuzzer 
        - I use my own but there are really some good ones available free 
        - Spike (the best among all)
        - You can customize fiddler scripts to do fuzzing

7. Sniffer
        - Ethereal
        - Ettercap

8. Other tools includes -- 
        - Sessions / Tokens testers (WebScarab has a nice session tester)
        - Cookie editors (search in google)
        - Password crackers (search in google)
        - Default files and directory checks (Nstealth, nikito etc)
        - Encoder / Decoder Tools (Base64, URL Enc/dec etc - search in
google)
        - SSL Strength audit - there is tool by Foundstone
        

... like this there are more. Most of the commercial tools available today
are collections of all these above list of tools and some more tweaked ones
but you can always get an alternative free/OSS for it. -- This is my
personal opinion


Note: the list in not in order, I've noted as they came into mind ;) 

Hope that helps... 
-d

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Tareq AlKhatib
Sent: Wednesday, October 11, 2006 10:07 PM
To: pen-test@securityfocus.com
Subject: Web Vulnerability Scanner

Hey all,

I have been asked to look for a good web vulnerability scanner. I
already have Nikto and Nessus (free version) in my toolkit. Can anyone
recommend a good web scanner?

Yours truly,
 
Tareq M. AlKhatib

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------