Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Automatic web application security profiling

From: Volker Tanger <vtlists () wyae de>
Date: Wed, 9 Sep 2009 11:00:55 +0200
Hi!

Am Sat, 5 Sep 2009 18:52:01 +0530
schrieb D Adusumalli <asndpp () gmail com>:

Open source web proxies BURP, WebScarab have spidering ability.

On Thu, Jul 16, 2009 at 7:12 AM, John Beck<jbeck59 () hotmail com> wrote:


I am about to start an application layer security assessment of a web 

application and I am searching for a quick method of identifying "most"
of the inputs of a JSP/tomcat web application (remotely, without source
code access).


Burp, WebScarab et al. don't summarize form usage - if you have a
search form on each page, every single page will be listed as form.
:-/

Thus I wrote the "Thekla" spider for exactly this purpose
        http://www.wyae.de/software/thekla/

It consolidates all forms and their resulting action CGI interface as
well as parameter-laden URLs into neat text/CSV files.

I fyou use it, comments and suggestions are welcome.

Bye

Volker


-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: