Web site security testing tools
Results 1 to 10 of 10

Thread: Web site security testing tools

  1. #1
    Senior Member
    Join Date
    Oct 2002
    Posts
    181

    Question Web site security testing tools

    I'm interested to find out what tools people use when testing the security of web sites

    I mainly use a web browser, and Achilles http://www.digizen-security.com/downloads.html (currently not working) I find that these two together will cover about 95% of the testing. The other tool I often use is Whisker this can be found at http://www.wiretrip.net/rfp/8/index.asp

    So what tools do you use?

    (Now I know some people are going to get the wrong idea about this tread, but it's NOT a " I'm a script kidde, I need a tool to hack this web site " thread. I hope that people will understand this)

    <EDIT>
    Well the link above for Achilles has died, no idea why, it worked the other day, I have had a look to see if there is another source for the download and was unable to find one. This program is NOT the same as Achilles anti virus. If you wont to have a look for your self try "Achilles proxy" as your search term.

    If anyone finds a working download, please let me know so I can adjust this post
    </EDIT>

    <EDIT>
    To solve this problem here is Achilles

    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    NMAP - www.insecure.org

    Nessus - www.nessus.com

    Those are the two that I use frequently. There are some others out there, but these get the job done for me.

  3. #3
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    Are you sure that link to Achilles is correct? I get a completely unrelated page when I go there.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Other than the previously mentioned tools, I would also use the following:

    LANGuard -> http://www.webattack.com/get/languardscan.shtml (Im under the impression that version 2 is free)
    Typhon (aka Cerberus) -> http://www.nextgenss.com/ (version 1 is free)
    Fx-Scanner -> www.fx-tools.net (free)
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  5. #5
    Junior Member
    Join Date
    Aug 2002
    Posts
    22
    props to the web browser

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    Sorry Angrys Back I don't understand what you mean by

    props to the web browser
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    I am a fan of the tools below..

    Originally posted here by Sgt_B
    NMAP - www.insecure.org

    Nessus - www.nessus.com

    Those are the two that I use frequently. There are some others out there, but these get the job done for me.
    And to add a few favorites to the list.

    DSniff
    NBTScan
    Ethereal
    PureSecure & Snort

    You can find all above for both win32 and *nix systems except Nessus deamon which has to be run on *nix (client is available for win32).

    A good to have add-on for win32 is WinPcap . This is an architecture for packet capture and network analysis for the Win32 platforms, many tools are dependant on this packet driver or similiar drivers to work well (or at all).

    Ethereal are a network analyzer, puresecure and snort IDS systems. I added those cause they are valuable when you want to find out what happens in your network. IMHO its not enough just to scan a server its also good to see what really happens on the network level and to see the response of the targeted system can provide you with important information.

    ~micael

  8. #8
    Senior Member
    Join Date
    Nov 2002
    Posts
    174
    Mike Reilly
    bluebeard96@yahoo.com

  9. #9
    Junior Member
    Join Date
    Oct 2002
    Posts
    1

    Analyzer

    While your at http://winpcap.polito.it/ getting WinPcap, grap Analyzer 2 from http://analyzer.polito.it/.

  10. #10
    Banned
    Join Date
    Dec 2002
    Posts
    394
    I'm new to this security stuff guess, i better catch ^ with time.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •