Penetration Testing mailing list archives
Re: Looking for good Brute-Force Web form auditing tool
From: kapil assudani <kapil.assudani () yahoo com>
Date: Sat, 10 Jun 2006 12:23:01 -0700 (PDT)
Hi, If you are ready to shed some money from your pockets ...burp suite professional has a lot of cool bruteforcing features esp multithreading various requests for bruteforcing , saving results etc etc...200 bucks approx... I am not an employee of portswigger :) an FYI..but its a one stop shop as a web proxy, brute forcing web forms, HTTP requests in its intruder part etc etc. Lik i said am a big fan of burpe suite --the professional version takes it to the next level thanks secNerd --- Christine Kronberg <seeker () shalla de> wrote:
On Fri, 9 Jun 2006, loki74 () gmail com wrote:Looking for a good web form brute force auditingtool. I must be able to use word lists, passwords and have extensive logging. Not really comfortable with all the freeware (as I have know idea what it is really doing). I have tried brutus, and burp suite though. I am looking for a faster, more robust tool. Free is the not the most important factor, speed and reporting is. Do I understand correctly? You want to brute force a webbased authentication? I'm quite happy with the latest hydra. It now supports testing on forms (you can enter, what hydra must look for). User and password lists are supported as well. The speed depends on a) the computer you use, b) your target and the c) the net in between. Be careful when testing over ssl. I nearly DoS'ed a target with such an attack (the customers wanted the brute force test but, of course, no DoS). What exactly do you mean by "extensive logging"? Hydra gives some statistics and the found user/pw combinations. What else is required? Regards, Christine Kronberg.
------------------------------------------------------------------------------
This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Looking for good Brute-Force Web form auditing tool loki74 (Jun 09)
- Re: Looking for good Brute-Force Web form auditing tool Christine Kronberg (Jun 09)
- Re: Looking for good Brute-Force Web form auditing tool kapil assudani (Jun 10)
- Re: Looking for good Brute-Force Web form auditing tool Art Cooper (Jun 09)
- Re: Looking for good Brute-Force Web form auditing tool Jordan Wiens (Jun 12)
- Re: Looking for good Brute-Force Web form auditing tool A. Ramos (Jun 13)
- Re: Looking for good Brute-Force Web form auditing tool Christine Kronberg (Jun 09)