Apache Vulnerability Scanner

**karmine** · December 1st, 2004, 04:42 PM

im running a windows port of Apache HTTP Server, which i was hoping to upgrade but due to "MSI" files i get errors so blah. im wondering if someone knows a good tool that i can use to scan my server for vulnerabilities. ive tried n-stealth i believe it is, but it tells me "host not found". so pretty much its of no use to me respectively. any info would be helpful.

**w00kie** · December 1st, 2004, 05:21 PM

Nessus should do the trick >>> http://nessus.org/

-w00kie

**littlenick** · December 1st, 2004, 05:23 PM

search on http://packetstormsecurity.nl for the same

**karmine** · December 2nd, 2004, 12:01 AM

cool, i found nessus was unix only, but i guess they ported it to windows called NeWT

**karmine** · December 2nd, 2004, 04:11 AM

all the good tools ive found suck. because they are mostly made for unix/linux and are ported to windows they are not as...stable. some require winpcap which crashes my comp every time i install it and try to use a program that requires it. i need someone who has ethics to help me test my web server from a linux/unix based system with these tools. i will give authorization to test my system but not mess with my files. but of course thats a natural thing

i place a lot of trust in the experienced user to help me identify my flaws to fix.

**littlenick** · December 2nd, 2004, 05:04 AM

Originally posted here by karmine
i need someone who has ethics to help me test my web server from a linux/unix based system with these tools. i will give authorization to test my system but not mess with my files.

You are making a mistake never trust a person whom you don't even know how would you determine that the person claiming to be ethical is not a bad boy?
Did you try shadow security scanner?
If not try it.

***hypronix*** · December 2nd, 2004, 10:14 AM

The only thing I can recommend short of finding another machine and setting it up with Linux is using VMWare to install a virtual machine [running Linux

- try Knoppix-STD or PHLAK for security-rich distros, they're actually LiveCDs too] and testing your server like that.

It might seem a bit complicated but I assure you it's not... IIRC VMWare comes with a trial version - and for your purposes it should give you enough time to thoroughly test the server out.

Cheers!

**hongkongdragon** · December 3rd, 2004, 03:17 PM

You should also try nikto

**karmine** · December 4th, 2004, 03:02 AM

i cant use nikto. for some reason there is a ver for windows, but it seems i cant find it....thus i need to compile it. and i havent got a good compiler for such projects.

**ghostintheruins** · December 4th, 2004, 12:23 PM

Originally posted here by hypronix
The only thing I can recommend short of finding another machine and setting it up with Linux is using VMWare to install a virtual machine [running Linux - try Knoppix-STD or PHLAK for security-rich distros, they're actually LiveCDs too] and testing your server like that.

What about Whitehat Knoppix - WHoppix 2.5 ?

WhiteHat Knoppix (WHoppix) is a knoppix 3.6 remaster designed to be a standalone penetration testing toolkit. Heavily modded by muts, WHoppix includes a full set of penetration testing tools and a huge repository of exploits (Framework 2.2, Packetstorm and Securityfocus exploit archives).

http://www.whoppix.net/

It will pretty hard to get a connection for download since they have a lot of traffic.

PS
I did check knoppix website and there is no v 3.7 - the last that i downloaded was 3.6. I didn't look too deep into this though.

Cheers

Thread: Apache Vulnerability Scanner

Thread Tools

Display

Apache Vulnerability Scanner

Posting Permissions