[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Web application Security Scanner

I define concretely my task. 

I wish to find quickly potential holes (XSS, SQL injection and e.t.c.) in the 
any Web sites, for example www.yandex.ru. I do not know, what OS or database 
using on server.

Many program can find only known CGI bugs or need some interactive with 
database or environment. 

>I do not actually think that any of the tools listed below are what you are
>looking for.
>* Nikto is a web vulnerability scanner that can identify KNOWN
>vulnerabilities, as well as some variations on them. It is unable to
>understand application logic or identify any custom security
>* Nessus is much like Nikto - only it's not limited to web. 
>* Absinthe is the only tool that can help with custom application
>vulnerabilities, but it's not really an automated scanner such as the one
>you are looking, but rather an assisting the exploitation of SQL Injection.
>It still requires a certain level of expertese to succesfully operate. 
>I think what you are looking at is rather one of the commercial tools, such
>as SPI Dynamics WebInspect, Watchfire's AppScan or KaVaDo's ScanDo. 
>Ofer Maor
>Hacktics (http://www.hacktics.com/)
>-----Original Message-----
>From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
>[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of tgoogle
>Sent: Monday, June 13, 2005 19:10
>To: full-disclosure@xxxxxxxxxxxxxxxxx
>Cc: deepquest@xxxxxxx
>Subject: Re: [Full-disclosure] Web application Security Scanner
>I shall test all these programs, tomorrow I send my results. For example, i
>try to find vulnerabilities in www.yandex.ru and www.google.ru sites :).
>You really consider that all these programs are capable found vulnerability
>in UNKNOWN scripts?
>I need BEST program, which can found Maximum bugs in any custom Web
>>http://www.nessus.org/download/ with some plugins 
>>The "best" depends of your target, the OS you use, if you looking for
>>opensource products or commercial ones.
>>Just google there many of them.
>>"Justification of windows usage is a combinaison of Stockholm
>>Syndrome and cognitive dissonance."
>>Propaganda              http://deepquest.code511.com/blog
>>FIB                     http://www.futureisbeta.com
>>PGP DH/DSS              http://www.futureisbeta.com/pgp
>>> Did you know the best Web app security scanner?
>>> I need scanner, which would find SQL injections, XSS, php include  
>>> and other bug in unknown Web application.
>>> Thanks
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>Яндекс.Почта: объем почтового ящика не ограничен!
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

"Спамооборона" - почта без спама в вашем офисе!  http://so.yandex.ru/
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/