mailing list archives
Re: Web Application Tester
From: brennan stewart <brennan () ideahamster org>
Date: Thu, 16 Sep 2004 02:20:06 -0400
His list looks similar to mine.
firefox + switchproxy, livehttpheaders, googlebar, others = ^^
dave aitel's spike proxy, OWASP webscarab, Paros
nikto (btw, you could easily get the URLs from different web scanners
and put them directly into the file nikto uses, not sure if ppl have
done that before or not)
nmap (Mr smart admin, why do you have telnet open on your web
application server?, no i am not kidding ^^ )
dinis cruz's tools for a .net environment, i don't know of automated
tools for the others, might have to use checklists.
OSVDB for vulns
Depending on the app design itself, a good amount of CSS/SQL injection.
I like to submit lots of different variants simultaneously, far beyond
the du jour <script>...
I'm also partial to the OWASP guide.
Do you have a defined scope yet?
I ask because webapps normally consist of:
http server, application server, application itself, rdbms, host os for
each, plus all the serving network infrastructure
So that would require a code audit, configuration checks of everything,
and an architecture review since some CCIEs think a spf firewall
protects the web server ^^
On Wed, 2004-09-15 at 03:09, Anders Thulin wrote:
Andrew Bagrin wrote:
Does anyone know of an application tester similar to AppDetective
thats not as hard on the pocket book?
I need to pentest a web app and am looking for some tools
Haven't tried AppDetective for Web Applications myself, so I'm
not sure of just what capabilities you're looking for. Nothing
magic I hope. Take a look at:
* Nikto (http://www.cirt.net/code/nikto.shtml)
Useful for single-shot exercies, less useful for mass deployment.
Looks mainly at the server and the server set-up, not the web-site
* Xenu's Link Sleuth (http://home.snafu.de/tilman/xenulink.html)
Intended for finding broken links, but also helps enumerate all
reachable pages on a site, given a starting point (and in some
cases an account/password).
* wget (http://www.gnu.org/software/wget/wget.html)
Freeware -- typically part of free Unixes, including Cygwin
Useful for getting a 'copy' of the web site: search for keywords,
A SSL-proxy is sometimes useful, as is some kind of brute-force
login tool (THC-Hydra is well known - http://thc.org/)
And, in general, the book Scambray & Shema: 'Hacking Exposed:
Web Applications' is one of the best places to start preparing for
this kind of exercise.
Description: This is a digitally signed message part