Penetration Testing mailing list archives
Re: Web Application Tester
From: brennan stewart <brennan () ideahamster org>
Date: Thu, 16 Sep 2004 02:20:06 -0400
His list looks similar to mine. firefox + switchproxy, livehttpheaders, googlebar, others = ^^ dave aitel's spike proxy, OWASP webscarab, Paros nikto (btw, you could easily get the URLs from different web scanners and put them directly into the file nikto uses, not sure if ppl have done that before or not) nmap (Mr smart admin, why do you have telnet open on your web application server?, no i am not kidding ^^ ) Brutus, thc-hydra recursive wget. dinis cruz's tools for a .net environment, i don't know of automated tools for the others, might have to use checklists. OSVDB for vulns Depending on the app design itself, a good amount of CSS/SQL injection. I like to submit lots of different variants simultaneously, far beyond the du jour <script>... I'm also partial to the OWASP guide. Do you have a defined scope yet? I ask because webapps normally consist of: http server, application server, application itself, rdbms, host os for each, plus all the serving network infrastructure (routers/switches/firewalls/etc) So that would require a code audit, configuration checks of everything, and an architecture review since some CCIEs think a spf firewall protects the web server ^^ -b On Wed, 2004-09-15 at 03:09, Anders Thulin wrote:
Andrew Bagrin wrote:Does anyone know of an application tester similar to AppDetective thats not as hard on the pocket book? I need to pentest a web app and am looking for some toolsHaven't tried AppDetective for Web Applications myself, so I'm not sure of just what capabilities you're looking for. Nothing magic I hope. Take a look at: * Nikto (http://www.cirt.net/code/nikto.shtml) Freeware Useful for single-shot exercies, less useful for mass deployment. Looks mainly at the server and the server set-up, not the web-site itself. * Xenu's Link Sleuth (http://home.snafu.de/tilman/xenulink.html) Freeware Intended for finding broken links, but also helps enumerate all reachable pages on a site, given a starting point (and in some cases an account/password). * wget (http://www.gnu.org/software/wget/wget.html) Freeware -- typically part of free Unixes, including Cygwin Useful for getting a 'copy' of the web site: search for keywords, comments, etc. A SSL-proxy is sometimes useful, as is some kind of brute-force login tool (THC-Hydra is well known - http://thc.org/) And, in general, the book Scambray & Shema: 'Hacking Exposed: Web Applications' is one of the best places to start preparing for this kind of exercise.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Web Application Tester Andrew Bagrin (Sep 14)
- Re: Web Application Tester A.R. (Sep 15)
- Re: Web Application Tester Anders Thulin (Sep 15)
- Re: Web Application Tester cbc (Sep 16)
- Re: Web Application Tester brennan stewart (Sep 16)
- Re: Web Application Tester Danux (Sep 15)
- Re: Web Application Tester Mambo Dsouza (Sep 16)
- Re: Web Application Tester GUsh-T (Sep 16)
- Re: Web Application Tester Darren Bounds (Sep 21)
- <Possible follow-ups>
- Re: Web Application Tester mkraisi (Sep 15)
- RE: Web Application Tester Hayden Searle (Sep 15)
- Re: Web Application Tester Mambo Dsouza (Sep 16)
- RE: Web Application Tester John Floyd (Sep 16)
- RE: Web Application Tester chuan.delahosseraye (Sep 16)
- RE: Web Application Tester A.R. (Sep 18)
(Thread continues...)