RE: Snort IIS Signature Tester for Windowz

["Hicks, John" <JHicks () JUSTICE GC CA>]

Cool idea, though i'm not sure why ... both Whisker and Nikto (based on lib
whisker) are very well supported and include a wealth of attack strings for
almost every O/S, and are mostly regarded as the defacto standard for web
server testing.

whisker: http://www.wiretrip.net/rfp/p/doc.asp/i7/d21.htm
nikto: http://www.cirt.net/code/nikto.shtml

As for the problem with some signatures ... have you tried using netcat to
connect to the server insteaad of wget?


just some thoughts,

John

-----Original Message-----
From: Scot Scot [mailto:scotw () hotmail com]
Sent: Thursday, July 11, 2002 12:40 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort IIS Signature Tester for Windowz


Alrighty folks, a little testing tool that runs on the windows platform to
share here. Its just something I threw together real quick.

You will need to re-name httpattack to httpattack.bat. Also you will need
wget.exe (ported to Windows). You can get it from:
http://unxutils.sourceforge.net/

*nix~ers, you should be able to run this bad-boy as well; direct from your
shell of choice.

CAUTION!! This tool will trigger alerts in Snort and several other IDS's. Do
NOT use without
authorization.

Read the ReadMe.txt for a description and instructions.

Any feedback or ideas for improvements are welcome.

Thank~Ya,

Scot Wiedenfeld

"It's All About The Pentium"     -Weird Al




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
PC Mods, Computing goodies, cases & more
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users