Penetration Testing mailing list archives
Re: Web Vulnerability Scanner
From: Erin Carroll <amoeba () amoebazone com>
Date: Thu, 12 Oct 2006 21:48:38 +0000 (UTC)
Tareq,There a many web-app scanners out there, both commercial and OSS. You probably want to pose this question on the webappsec@securityfocus mailing list but I let this post through to the list because list members are always proposing new tools or utilities that I can grab to play with.
Some of the more useful ones to me in pen-testing are Nikto, Suru, Wikto[1], or burpsuite on the OSS front and WebInspect or AppScan on the commercial tool end.
Depending on the codebase and specifics of the webapp you are testing there are a plethora of situation-specific tools out there; from .asp to SQL, to java etc.
[1] Yes, I know these 3 are pretty much similar and that Suru has superceded nikto but each of them has specific usage cases or things they do just a slight bit better than the others.
-- Erin Carroll Moderator - SecurityFocus pen-test listOn Thu, 12 Oct 2006, Tareq AlKhatib wrote:
Hey all, I have been asked to look for a good web vulnerability scanner. I already have Nikto and Nessus (free version) in my toolkit. Can anyone recommend a good web scanner? Yours truly, Tareq M. AlKhatib ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Web Vulnerability Scanner Tareq AlKhatib (Oct 12)
- Re: Web Vulnerability Scanner Erin Carroll (Oct 12)
- Re: Web Vulnerability Scanner Ozkan Aziz (Oct 12)
- Re: Web Vulnerability Scanner Alice Bryson <abryson () bytefocus com> (Oct 13)
- Re: Web Vulnerability Scanner Christine Kronberg (Oct 13)
- <Possible follow-ups>
- Re: Web Vulnerability Scanner nikhil (Oct 13)
- Re: Web Vulnerability Scanner p4ssion (Oct 16)
- RE: Web Vulnerability Scanner Debasis Mohanty (Oct 16)
- Re: RE: Web Vulnerability Scanner p4ssion (Oct 24)