Acunetix is pretty good...

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of mojorising
Sent: Tuesday, October 13, 2009 4:50 PM
To: Adam Pal
Cc: Scott Race; security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: Re[2]: Testing for SQL injection or Cross Site scripting

Hi.

There are a few good tools out there for finding web application
vulnerabilites and it's a good idea run them against your sites before
someone else does. I've used and had good experience with all these
aside from Pantera and Proxmon but I understand they are also quality
tools.

ratproxy - http://code.google.com/p/ratproxy/
Paros - http://www.parosproxy.org
Nikto - http://cirt.net/nikto2
Wapiti - http://sourceforge.net/projects/wapiti/
Proxmon - http://www.isecpartners.com/proxmon.html
Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Stu
dio_Project

Also useful for creating your own attacks.
Webscarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp - http://portswigger.net/proxy/

VB, thanks for the list you sent. I'm checking that out now.

If anyone knows of more web application vulnerabilty scanners, I'd
definitely love to hear about them too. Finding such issues is part of
my job (I work for a web development shop) and I'm always looking for
more free/open source tools like this to ensure few/no such bugs slip
through the cracks.

Mike

On 10/10/2009, Adam Pal <pal_adam (at) gmx (dot) net [email concealed]> wrote:
> Hello Scott,
>
> Try absinthe ( http://www.0x90.org/releases/absinthe/download.php ).
> There was once a tool called lilith but i dont know if still exists.
>
>
>
> --
> Best regards,
> Adam Pal
>
> Wednesday, October 7, 2009, 1:57:36 AM, you wrote:
>
> <==============Original message text===============
> SR> Hey everyone,
> SR> Does anyone know of any free SQL injection or XSS tools to scan a
> single
> SR> website? I checked out Acunetix and a few other tools, but they are
> SR> pretty expensive. Not that I don't want to support vendors who make
> SR> good tools, but this project isn't going to make much $$, so free tools
> SR> are our only option if we want to scan to see where we're at.
>
> SR> Thanks in advance!
>
>
>
> SR> Scott
>
> SR>
> ------------------------------------------------------------------------

> SR> Securing Apache Web Server with thawte Digital Certificate
> SR> In this guide we examine the importance of Apache-SSL and who
> SR> needs an SSL certificate. We look at how SSL works, how it
> SR> benefits your company and how your customers can tell if a site is
> SR> secure. You will find out how to test, purchase, install and use a
> SR> thawte Digital Certificate on your Apache web server. Throughout,
> SR> best practices for set-up are highlighted to help you ensure
> SR> efficient ongoing management of your encryption keys and digital
> certificates.
>
> SR>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> SR>
> ------------------------------------------------------------------------

>
> <===========End of original message text===========
>
>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

This email message is a private communication. The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential, privileged, and/or proprietary material. Any review, duplication, retransmission, distribution, or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is unauthorized by the sender and is prohibited. If you have received this message in error, please contact the sender immediately by return email and delete the original message from all computer systems. Thank you.

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]