Penetration Testing mailing list archives
Re: Automatic web application security profiling
From: Volker Tanger <vtlists () wyae de>
Date: Wed, 9 Sep 2009 11:00:55 +0200
Hi! Am Sat, 5 Sep 2009 18:52:01 +0530 schrieb D Adusumalli <asndpp () gmail com>:
Open source web proxies BURP, WebScarab have spidering ability. On Thu, Jul 16, 2009 at 7:12 AM, John Beck<jbeck59 () hotmail com> wrote:I am about to start an application layer security assessment of a webapplication and I am searching for a quick method of identifying "most" of the inputs of a JSP/tomcat web application (remotely, without source code access).
Burp, WebScarab et al. don't summarize form usage - if you have a search form on each page, every single page will be listed as form. :-/ Thus I wrote the "Thekla" spider for exactly this purpose http://www.wyae.de/software/thekla/ It consolidates all forms and their resulting action CGI interface as well as parameter-laden URLs into neat text/CSV files. I fyou use it, comments and suggestions are welcome. Bye Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists () wyae de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Automatic web application security profiling D Adusumalli (Sep 08)
- Re: Automatic web application security profiling Volker Tanger (Sep 09)
- Message not available
- Re: Automatic web application security profiling Meenal Mukadam (Sep 14)
- Message not available
- Re: Automatic web application security profiling Anthony Cicalla (Sep 14)
- Re: Automatic web application security profiling Volker Tanger (Sep 09)