Penetration Testing mailing list archives
Re: Web Application Tester
From: Darren Bounds <dbounds () intrusense com>
Date: Sat, 18 Sep 2004 14:51:53 -0400
SPI recently released a comprehensive web app pen testing toolkit. It includes the following:
• Cookie Cruncher - Analyzes strength of cookies to avoid session hijacking
• Encoders/Decoders - Translate different encryption standards • HTTP Editor - Create and edit HTTP requests • Regex Tester - Test regular expressions• SOAP Editor - Automatically generate Web services SOAP requests as well as manually edit • SPI Fuzzer - HTTP fuzzing or modification of input variables to identify buffer overflows • SPI Proxy - Stand-alone, self-contained proxy server that you can configure and run on your desktop to monitor traffic for debugging and penetration assessments; view every request and server response while browsing a site • SQL Injector - Automated SQL injection attacks against Web site to test susceptibility to exploits • WebBrute - Brute force tool to test strength of usernames and passwords used in login forms or authentication pages • WebDiscovery - Discovery tool to identify which Web servers and Web applications are behind which ports
Darren Bounds, CISSP 443D 628D 0AC7 CACF 6085 C0E0 B2FC 534B 3D9E 69AF -- Intrusense - Securing Business As Usual On Sep 14, 2004, at 6:49 PM, Andrew Bagrin wrote:
Does anyone know of an application tester similar to AppDetective thats not as hard on the pocket book? I need to pentest a web app and am looking for some tools Thanks,-- Andrew Bagrinandrew () bagrin com----------------------------------------------------------------------- -------Ethical Hacking at the InfoSec Institute. All of our class sizes areguaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a coursetaught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html----------------------------------------------------------------------- --------
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Web Application Tester Andrew Bagrin (Sep 14)
- Re: Web Application Tester A.R. (Sep 15)
- Re: Web Application Tester Anders Thulin (Sep 15)
- Re: Web Application Tester cbc (Sep 16)
- Re: Web Application Tester brennan stewart (Sep 16)
- Re: Web Application Tester Danux (Sep 15)
- Re: Web Application Tester Mambo Dsouza (Sep 16)
- Re: Web Application Tester GUsh-T (Sep 16)
- Re: Web Application Tester Darren Bounds (Sep 21)
- <Possible follow-ups>
- Re: Web Application Tester mkraisi (Sep 15)
- RE: Web Application Tester Hayden Searle (Sep 15)
- Re: Web Application Tester Mambo Dsouza (Sep 16)
- RE: Web Application Tester John Floyd (Sep 16)
- RE: Web Application Tester chuan.delahosseraye (Sep 16)
- RE: Web Application Tester A.R. (Sep 18)
- RE: Web Application Tester dseth (Sep 17)
- RE: Web Application Tester Bénoni MARTIN (Sep 17)
- RE: Web Application Tester Bowes, Ronald (EST) (Sep 18)
- RE: Web Application Tester Lachniet, Mark (Sep 21)
(Thread continues...)