Penetration Testing mailing list archives
Online "Passive" Info Gathering Tools
From: <appsec () technicalinfo net>
Date: Fri, 17 Oct 2003 23:40:42 +0100
Hey there, I have been working to bring together a number of links/forms together to make it simpler to carryout "passive" information gathering phases during an assessment. While there is a vast number of online tools - I have gatherd togther some of my favourites - but I can't appear to find one specific online tool that would be quite useful in alot of cases... specially in the precursor to web application assessments. Does anyone know of, or have, a link to a site that does the following: 1. given an website running HTTPS - can display (and perferably analyse) the SSL certificate in a nice way. 2. connect to website running HTTPS - and chck what versions and encryption levels the server handles (e.g. SSL v.2, SSL v.3, TLS, 40 bit, 56 bit....) 3. (or more flexibly) given a DNS name and specific port - identify the version of SSL/certificate. While there are a number of tools that can do this (such as Nessus) - are there any sites around that provide this level of SSL/HTTPS analysis. Perferably, the hosting site should be reliable and be around for more than a couple of months (trustworthy would be nice too). :-) For those interested, the current collection of tools (and their righful owners links) can be found at: http://www.technicalinfo.net/tools/index.html Cheers, Gunter --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_pen-test_031015 ----------------------------------------------------------------------------
Current thread:
- Online "Passive" Info Gathering Tools appsec (Oct 20)
- Re: Online "Passive" Info Gathering Tools Chris Reining (Oct 20)