Penetration Testing mailing list archives
Re: Web Application Tester
From: Anders Thulin <Anders.Thulin () tietoenator com>
Date: Wed, 15 Sep 2004 09:09:56 +0200
Andrew Bagrin wrote:
Does anyone know of an application tester similar to AppDetective thats not as hard on the pocket book? I need to pentest a web app and am looking for some tools
Haven't tried AppDetective for Web Applications myself, so I'm not sure of just what capabilities you're looking for. Nothing magic I hope. Take a look at: * Nikto (http://www.cirt.net/code/nikto.shtml) Freeware Useful for single-shot exercies, less useful for mass deployment. Looks mainly at the server and the server set-up, not the web-site itself. * Xenu's Link Sleuth (http://home.snafu.de/tilman/xenulink.html) Freeware Intended for finding broken links, but also helps enumerate all reachable pages on a site, given a starting point (and in some cases an account/password). * wget (http://www.gnu.org/software/wget/wget.html) Freeware -- typically part of free Unixes, including Cygwin Useful for getting a 'copy' of the web site: search for keywords, comments, etc. A SSL-proxy is sometimes useful, as is some kind of brute-force login tool (THC-Hydra is well known - http://thc.org/) And, in general, the book Scambray & Shema: 'Hacking Exposed: Web Applications' is one of the best places to start preparing for this kind of exercise. -- Anders Thulin anders.thulin () tietoenator com 040-661 50 63 TietoEnator Telecom & Media AB, Box 85, SE-201 20 Malmö ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Web Application Tester Andrew Bagrin (Sep 14)
- Re: Web Application Tester A.R. (Sep 15)
- Re: Web Application Tester Anders Thulin (Sep 15)
- Re: Web Application Tester cbc (Sep 16)
- Re: Web Application Tester brennan stewart (Sep 16)
- Re: Web Application Tester Danux (Sep 15)
- Re: Web Application Tester Mambo Dsouza (Sep 16)
- Re: Web Application Tester GUsh-T (Sep 16)
- Re: Web Application Tester Darren Bounds (Sep 21)
- <Possible follow-ups>
- Re: Web Application Tester mkraisi (Sep 15)
- RE: Web Application Tester Hayden Searle (Sep 15)
- Re: Web Application Tester Mambo Dsouza (Sep 16)
- RE: Web Application Tester John Floyd (Sep 16)
(Thread continues...)