Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] "Type of webserver"-scanner

From: "Riley, Steven (Security)" <steven.riley () WCOM CO UK>
Date: Wed, 13 Dec 2000 09:13:52 -0000
Whisker is a really good freeware tool that scans for all the cgi-type
exploits and it has some nice anti-ids features.

I like to use netcat to identify the server and then run whisker to test for
any exploits.

You can get it at wiretrip.net.

I've also used Grinder by Rhino9 in the past which will scan a IP range
looking for a particular directory and make a server guess. You can download
it at:

http://www.technotronic.com/rhino9/software/grinder.htm

Steve

-----Original Message-----
From: Waters, Simon [mailto:Simon () WRETCHED DEMON CO UK]
Sent: 12 December 2000 19:37
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] "Type of webserver"-scanner


YAPS is a small shareware port scanner. Not overly
sophisticated but produced fairly readable reports with http
server amongst other info retrieved.

If you already an nmap/perl wizard it isn't for you - who
knows your managers could probably run YAPS themselves
8-)

Any suggestions for good value (free?) tools testing for
common webserver vuln?
--
This communication contains information which is confidential and
may also be privileged.  It is for the exclusive use of the
intended recipient(s).  If you are not the intended recipient(s),
please note that any distribution, copying or use of this
communication or the information in it is strictly prohibited.
If you have received this communication in error, please notify
the sender immediately and then destroy any copies of it.
Previous By Date Next
Previous By Thread Next

Current thread: