Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Web Application Tester
From: brennan stewart <brennan () ideahamster org>
Date: Thu, 16 Sep 2004 02:20:06 -0400

His list looks similar to mine.

firefox + switchproxy, livehttpheaders, googlebar, others = ^^

dave aitel's spike proxy, OWASP webscarab, Paros

nikto (btw, you could easily get the URLs from different web scanners
and put them directly into the file nikto uses, not sure if ppl have
done that before or not)

nmap (Mr smart admin, why do you have telnet open on your web
application server?, no i am not kidding ^^ )

Brutus, thc-hydra

recursive wget. 

dinis cruz's tools for a .net environment, i don't know of automated
tools for the others, might have to use checklists.

OSVDB for vulns

Depending on the app design itself, a good amount of CSS/SQL injection. 
I like to submit lots of different variants simultaneously, far beyond
the du jour <script>...

I'm also partial to the OWASP guide.

Do you have a defined scope yet?

I ask because webapps normally consist of:
http server, application server, application itself, rdbms, host os for
each, plus all the serving network infrastructure

So that would require a code audit, configuration checks of everything,
and an architecture review since some CCIEs think a spf firewall
protects the web server ^^ 

On Wed, 2004-09-15 at 03:09, Anders Thulin wrote:
Andrew Bagrin wrote:

Does anyone know of an application tester similar to AppDetective
thats not as hard on the pocket book?
I need to pentest a web app and am looking for some tools

   Haven't tried AppDetective for Web Applications myself, so I'm
not sure of just what capabilities you're looking for. Nothing
magic I hope. Take a look at:

   * Nikto (http://www.cirt.net/code/nikto.shtml)
     Useful for single-shot exercies, less useful for mass deployment.
     Looks mainly at the server and the server set-up, not the web-site

   * Xenu's Link Sleuth (http://home.snafu.de/tilman/xenulink.html)
     Intended for finding broken links, but also helps enumerate all
     reachable pages on a site, given a starting point (and in some
     cases an account/password).

   * wget (http://www.gnu.org/software/wget/wget.html)
     Freeware -- typically part of free Unixes, including Cygwin
     Useful for getting a 'copy' of the web site: search for keywords,
     comments, etc.

   A SSL-proxy is sometimes useful, as is some kind of brute-force
login tool (THC-Hydra is well known - http://thc.org/)

   And, in general, the book Scambray & Shema: 'Hacking Exposed:
Web Applications' is one of the best places to start preparing for
this kind of exercise.

Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]