Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: spider web scanner

From: Dan Crowley <dcrowley () coresecurity com>
Date: Mon, 20 Dec 2010 10:14:59 -0500
Skipfish has been my preferred web vulnerability scanner as of late.
It's free, does the spidering for you, and will do some brute forcing to
find hidden directories with easily guessed names.

Just make sure you either run it against a test server or throttle it.
Most people find that skipfish with default settings also works nicely
as a DDoS tool against most web servers which aren't high-performance or
sitting behind load balancers. ;)

On 12/17/2010 2:13 AM, modversion wrote:

hi list:
  Anybody could suggest a web scanner with the following functions:
1.It could import many domain and subdomain for scan.
2.Acting as a spider could find subdomain and directory.
3.support customs url check which can work with spidered result

thanks in advanced!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: