-
December 1st, 2004, 04:42 PM
#1
Banned
Apache Vulnerability Scanner
im running a windows port of Apache HTTP Server, which i was hoping to upgrade but due to "MSI" files i get errors so blah. im wondering if someone knows a good tool that i can use to scan my server for vulnerabilities. ive tried n-stealth i believe it is, but it tells me "host not found". so pretty much its of no use to me respectively. any info would be helpful.
-
December 1st, 2004, 05:21 PM
#2
Junior Member
Nessus should do the trick >>> http://nessus.org/
-w00kie
-
December 1st, 2004, 05:23 PM
#3
Senior Member
-
December 2nd, 2004, 12:01 AM
#4
Banned
cool, i found nessus was unix only, but i guess they ported it to windows called NeWT
-
December 2nd, 2004, 04:11 AM
#5
Banned
all the good tools ive found suck. because they are mostly made for unix/linux and are ported to windows they are not as...stable. some require winpcap which crashes my comp every time i install it and try to use a program that requires it. i need someone who has ethics to help me test my web server from a linux/unix based system with these tools. i will give authorization to test my system but not mess with my files. but of course thats a natural thing i place a lot of trust in the experienced user to help me identify my flaws to fix.
-
December 2nd, 2004, 05:04 AM
#6
Senior Member
Originally posted here by karmine
i need someone who has ethics to help me test my web server from a linux/unix based system with these tools. i will give authorization to test my system but not mess with my files.
You are making a mistake never trust a person whom you don't even know how would you determine that the person claiming to be ethical is not a bad boy?
Did you try shadow security scanner?
If not try it.
-
December 2nd, 2004, 10:14 AM
#7
The only thing I can recommend short of finding another machine and setting it up with Linux is using VMWare to install a virtual machine [running Linux - try Knoppix-STD or PHLAK for security-rich distros, they're actually LiveCDs too] and testing your server like that.
It might seem a bit complicated but I assure you it's not... IIRC VMWare comes with a trial version - and for your purposes it should give you enough time to thoroughly test the server out.
Cheers!
/ \\
-
December 3rd, 2004, 03:17 PM
#8
You should also try nikto
-
December 4th, 2004, 03:02 AM
#9
Banned
i cant use nikto. for some reason there is a ver for windows, but it seems i cant find it....thus i need to compile it. and i havent got a good compiler for such projects.
-
December 4th, 2004, 12:23 PM
#10
Member
Originally posted here by hypronix
The only thing I can recommend short of finding another machine and setting it up with Linux is using VMWare to install a virtual machine [running Linux - try Knoppix-STD or PHLAK for security-rich distros, they're actually LiveCDs too] and testing your server like that.
What about Whitehat Knoppix - WHoppix 2.5 ?
WhiteHat Knoppix (WHoppix) is a knoppix 3.6 remaster designed to be a standalone penetration testing toolkit. Heavily modded by muts, WHoppix includes a full set of penetration testing tools and a huge repository of exploits (Framework 2.2, Packetstorm and Securityfocus exploit archives).
http://www.whoppix.net/
It will pretty hard to get a connection for download since they have a lot of traffic.
PS
I did check knoppix website and there is no v 3.7 - the last that i downloaded was 3.6. I didn't look too deep into this though.
Cheers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|