|
-
November 26th, 2002, 12:21 PM
#1
 Web site security testing tools
I'm interested to find out what tools people use when testing the security of web sites
I mainly use a web browser, and Achilles http://www.digizen-security.com/downloads.html (currently not working) I find that these two together will cover about 95% of the testing. The other tool I often use is Whisker this can be found at http://www.wiretrip.net/rfp/8/index.asp
So what tools do you use?
(Now I know some people are going to get the wrong idea about this tread, but it's NOT a " I'm a script kidde, I need a tool to hack this web site " thread. I hope that people will understand this)
<EDIT>
Well the link above for Achilles has died, no idea why, it worked the other day, I have had a look to see if there is another source for the download and was unable to find one. This program is NOT the same as Achilles anti virus. If you wont to have a look for your self try "Achilles proxy" as your search term.
If anyone finds a working download, please let me know so I can adjust this post
</EDIT>
<EDIT>
To solve this problem here is Achilles
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"
-
November 26th, 2002, 03:08 PM
#2
Senior Member
NMAP - www.insecure.org
Nessus - www.nessus.com
Those are the two that I use frequently. There are some others out there, but these get the job done for me.
-
November 26th, 2002, 04:38 PM
#3
Are you sure that link to Achilles is correct? I get a completely unrelated page when I go there.
-
November 26th, 2002, 09:52 PM
#4
Other than the previously mentioned tools, I would also use the following:
LANGuard -> http://www.webattack.com/get/languardscan.shtml (Im under the impression that version 2 is free)
Typhon (aka Cerberus) -> http://www.nextgenss.com/ (version 1 is free)
Fx-Scanner -> www.fx-tools.net (free)
SoggyBottom.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
-
November 26th, 2002, 09:59 PM
#5
Junior Member
props to the web browser 
-
November 26th, 2002, 11:48 PM
#6
Sorry Angrys Back I don't understand what you mean by
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"
-
November 27th, 2002, 01:27 AM
#7
I am a fan of the tools below..
Originally posted here by Sgt_B
NMAP - www.insecure.org
Nessus - www.nessus.com
Those are the two that I use frequently. There are some others out there, but these get the job done for me.
And to add a few favorites to the list.
DSniff
NBTScan
Ethereal
PureSecure & Snort
You can find all above for both win32 and *nix systems except Nessus deamon which has to be run on *nix (client is available for win32).
A good to have add-on for win32 is WinPcap . This is an architecture for packet capture and network analysis for the Win32 platforms, many tools are dependant on this packet driver or similiar drivers to work well (or at all).
Ethereal are a network analyzer, puresecure and snort IDS systems. I added those cause they are valuable when you want to find out what happens in your network. IMHO its not enough just to scan a server its also good to see what really happens on the network level and to see the response of the targeted system can provide you with important information.
~micael
-
December 5th, 2002, 07:02 AM
#8
Mike Reilly
bluebeard96@yahoo.com
-
December 23rd, 2002, 05:55 PM
#9
Junior Member
Analyzer
While your at http://winpcap.polito.it/ getting WinPcap, grap Analyzer 2 from http://analyzer.polito.it/.
-
December 23rd, 2002, 07:11 PM
#10
I'm new to this security stuff guess, i better catch ^ with time.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote