Penetration Testing mailing list archives
Re: Paros alternative
From: gat0r <gat0r () toughguy net>
Date: Fri, 13 Apr 2007 18:36:48 -0600
Try proxmon http://www.isecpartners.com/proxmon.html It works with webscarb On 4/13/07 6:45 AM, "Serg B." <sergicles () gmail com> wrote:
I don't know of any "pen-test" tool that does an alternative to what you have already mentioned (within the Open Source realm any way) however you may want to look at Selenium (http://www.openqa.org/selenium/). This is a JS web application testing tool, essentially it is just a harness that you feed small JS test scripts and the rest is taken care for you. Therefore, if you know what you are doing and don't mind coding a little Selenium is worth a try. On 12/04/07, Paul Sebastian Ziegler <psz () observed de> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi all, I stumbled across Paros quite a while ago. It has been really nice to work with, providing an easy "click and run" interface. However there are some limitations to it that are becoming more and more obvious. 1) It has not been updated for half a year. (Ok, this is probably the least significant problem.) 2) Java is great for platform independence and stuff - but its just slow. You don't even have to scan across an intranet to find this out. Even if you scan through a custom 2000/200 kbps line the limiting factor will be your processor and not your bandwidth. (2Ghz Pentium M - results may vary) 3) It lacks deep configurations. Of course you can set all your basic stuff, but you have no access to the routines called afterwards unless you hack up the source yourself. Now again this is normal for a click and run tool. 4) The logs it creates are _huge_. 2GB and more are not seldom at all. This sometimes raises startup and resume times to 30+ minutes. 5) some more. This is not a flame. I actually like Paros. Just wanted to sketch what troubled my mind. This is why I started searching for alternatives. Now - as you might expect - asking google for "paros alternatives" mostly turns up Greek villages. That's not really what I'm after. I found a few good programs but they all lack some key features. For example: I) WebScarab (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) Really nice for packet-manipulation and manual fuzzing of webapps. However it lacks standardized tests and automation. II) Nikto (http://www.cirt.net/code/nikto.shtml) Mostly pattern matching without strong generic tests for XSS, CRLF or SQL-Injection III) Burpsuite (http://portswigger.net/suite/) Another really nice tool. Here you get all the options. However automation is missing up until now. So this is my question: Does anybody (know|use|develop) a (tool|script|app) that carries out partially or completely automated tests on webapplications, runs on linux or bsd, is open source and copes with some of the points given above? If so, please let me know. Thanks in advance Many Greetings Paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHWfyaHrXRd80sY8RCojjAJ0Qen53VyzyCATvWfqNYKYKT7lZ8QCfbIfd GAACIut+KZRoAQ2vBZtGoz0= =8zee -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Paros alternative Paul Sebastian Ziegler (Apr 13)
- Re: Paros alternative Jerome Athias (Apr 13)
- Re: Paros alternative Serg B. (Apr 13)
- Re: Paros alternative gat0r (Apr 13)
- Re: Paros alternative Benny Tsai (Apr 13)
- Re: Paros alternative Frederic Charpentier (Apr 13)
- Re: Paros alternative killy (Apr 14)
- <Possible follow-ups>
- Re: Paros alternative krymson (Apr 13)