Penetration Testing mailing list archives
Re: [PEN-TEST] "Type of webserver"-scanner
From: "Riley, Steven (Security)" <steven.riley () WCOM CO UK>
Date: Wed, 13 Dec 2000 09:13:52 -0000
Whisker is a really good freeware tool that scans for all the cgi-type exploits and it has some nice anti-ids features. I like to use netcat to identify the server and then run whisker to test for any exploits. You can get it at wiretrip.net. I've also used Grinder by Rhino9 in the past which will scan a IP range looking for a particular directory and make a server guess. You can download it at: http://www.technotronic.com/rhino9/software/grinder.htm Steve -----Original Message----- From: Waters, Simon [mailto:Simon () WRETCHED DEMON CO UK] Sent: 12 December 2000 19:37 To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] "Type of webserver"-scanner YAPS is a small shareware port scanner. Not overly sophisticated but produced fairly readable reports with http server amongst other info retrieved. If you already an nmap/perl wizard it isn't for you - who knows your managers could probably run YAPS themselves 8-) Any suggestions for good value (free?) tools testing for common webserver vuln? -- This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
Current thread:
- [PEN-TEST] "Type of webserver"-scanner Waters, Simon (Dec 13)
- <Possible follow-ups>
- Re: [PEN-TEST] "Type of webserver"-scanner Riley, Steven (Security) (Dec 14)
- Re: [PEN-TEST] "Type of webserver"-scanner Ken Cutler (Dec 16)
- Re: [PEN-TEST] "Type of webserver"-scanner c0ncept (Dec 16)