Full Disclosure mailing list archives
RE: Web application Security Scanner
From: "tgoogle" <tgoogle () yandex ru>
Date: Mon, 13 Jun 2005 21:45:27 +0400 (MSD)
Ok I define concretely my task. I wish to find quickly potential holes (XSS, SQL injection and e.t.c.) in the any Web sites, for example www.yandex.ru. I do not know, what OS or database using on server. Many program can find only known CGI bugs or need some interactive with database or environment.
I do not actually think that any of the tools listed below are what you are looking for. * Nikto is a web vulnerability scanner that can identify KNOWN vulnerabilities, as well as some variations on them. It is unable to understand application logic or identify any custom security vulnerabilities. * Nessus is much like Nikto - only it's not limited to web. * Absinthe is the only tool that can help with custom application vulnerabilities, but it's not really an automated scanner such as the one you are looking, but rather an assisting the exploitation of SQL Injection. It still requires a certain level of expertese to succesfully operate. I think what you are looking at is rather one of the commercial tools, such as SPI Dynamics WebInspect, Watchfire's AppScan or KaVaDo's ScanDo. Ofer Maor CTO Hacktics (http://www.hacktics.com/) -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of tgoogle Sent: Monday, June 13, 2005 19:10 To: full-disclosure () lists grok org uk Cc: deepquest () mac com Subject: Re: [Full-disclosure] Web application Security Scanner Thanks, I shall test all these programs, tomorrow I send my results. For example, i try to find vulnerabilities in www.yandex.ru and www.google.ru sites :). You really consider that all these programs are capable found vulnerability in UNKNOWN scripts? I need BEST program, which can found Maximum bugs in any custom Web application.http://www.0x90.org/releases/absinthe/ http://www.nessus.org/download/ with some plugins http://www.cirt.net/code/nikto.shtml The "best" depends of your target, the OS you use, if you looking for opensource products or commercial ones. Just google there many of them. Deepquest "Justification of windows usage is a combinaison of Stockholm Syndrome and cognitive dissonance." -------------------------------------------------------------- Propaganda http://deepquest.code511.com/blog FIB http://www.futureisbeta.com PGP DH/DSS http://www.futureisbeta.com/pgp --------------------------------------------------------------Did you know the best Web app security scanner? I need scanner, which would find SQL injections, XSS, php include and other bug in unknown Web application. Thanks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- Яндекс.Почта: объем почтового ящика не ограничен! http://mail.yandex.ru/monitoring/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- "Спамооборона" - почта без спама в вашем офисе! http://so.yandex.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Web application Security Scanner tgoogle (Jun 13)
- RE: Web application Security Scanner alex (Jun 13)
- Re: Web application Security Scanner deepquest (Jun 13)
- Re: Web application Security Scanner tgoogle (Jun 13)
- Re: Web application Security Scanner Valdis . Kletnieks (Jun 13)
- Re: Web application Security Scanner tgoogle (Jun 13)
- Re: Web application Security Scanner Frederic Charpentier (Jun 14)
- <Possible follow-ups>
- RE: Web application Security Scanner tgoogle (Jun 13)
- RE: Web application Security Scanner Todd Towles (Jun 13)
- RE: Web application Security Scanner alex (Jun 13)
- Re: Web application Security Scanner Valdis . Kletnieks (Jun 13)
- RE: Web application Security Scanner alex (Jun 13)