Re: Web Application Tester

[brennan stewart <brennan () ideahamster org>]

His list looks similar to mine.

firefox + switchproxy, livehttpheaders, googlebar, others = ^^

dave aitel's spike proxy, OWASP webscarab, Paros

nikto (btw, you could easily get the URLs from different web scanners
and put them directly into the file nikto uses, not sure if ppl have
done that before or not)

nmap (Mr smart admin, why do you have telnet open on your web
application server?, no i am not kidding ^^ )

Brutus, thc-hydra

recursive wget. 

dinis cruz's tools for a .net environment, i don't know of automated
tools for the others, might have to use checklists.

OSVDB for vulns

Depending on the app design itself, a good amount of CSS/SQL injection. 
I like to submit lots of different variants simultaneously, far beyond
the du jour <script>...

I'm also partial to the OWASP guide.

Do you have a defined scope yet?

I ask because webapps normally consist of:
http server, application server, application itself, rdbms, host os for
each, plus all the serving network infrastructure
(routers/switches/firewalls/etc)

So that would require a code audit, configuration checks of everything,
and an architecture review since some CCIEs think a spf firewall
protects the web server ^^ 
 
-b

On Wed, 2004-09-15 at 03:09, Anders Thulin wrote:
> Andrew Bagrin wrote:
>
> > Does anyone know of an application tester similar to AppDetective
> > thats not as hard on the pocket book?
> > I need to pentest a web app and am looking for some tools
>
>    Haven't tried AppDetective for Web Applications myself, so I'm
> not sure of just what capabilities you're looking for. Nothing
> magic I hope. Take a look at:
>
>    * Nikto (http://www.cirt.net/code/nikto.shtml)
>      Freeware
>      Useful for single-shot exercies, less useful for mass deployment.
>      Looks mainly at the server and the server set-up, not the web-site
>      itself.
>
>    * Xenu's Link Sleuth (http://home.snafu.de/tilman/xenulink.html)
>      Freeware
>      Intended for finding broken links, but also helps enumerate all
>      reachable pages on a site, given a starting point (and in some
>      cases an account/password).
>
>    * wget (http://www.gnu.org/software/wget/wget.html)
>      Freeware -- typically part of free Unixes, including Cygwin
>      Useful for getting a 'copy' of the web site: search for keywords,
>      comments, etc.
>
>    A SSL-proxy is sometimes useful, as is some kind of brute-force
> login tool (THC-Hydra is well known - http://thc.org/)
>
>    And, in general, the book Scambray & Shema: 'Hacking Exposed:
> Web Applications' is one of the best places to start preparing for
> this kind of exercise.

Attachment: signature.asc
Description: This is a digitally signed message part