|
(Page 5 of 9) < Prev 1 2 3 4 5 6 7 8 9 Next > Category: Auditing » Network » Web The OpenAntivirus Project: Summary Added 2003-09-04 Developing Open Source AntiVirus Solutions Nikto Added 2003-06-16 Nikto is a PERL, open source web server scanner which supports SSL. Based on LibWhisker, it has features which Whisker 1.4 lacks, including proxy support, host authentication, and SSL. Nikto checks for (and if possible attempts to exploit) remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site.Nikto is a PERL, open source web server scanner which supports SSL. Based on LibWhisker, it has features which Whisker 1.4 lacks, including proxy support, host authentication, and SSL. Nikto checks for (and if possible attempts to exploit) remote web server vulnerabilities and misconfigurations. It also looks for outdated software and modules, warns of any version specific problems, supports scans through proxies (with authentication), host Basic authentication and more. Data is kept in CSV format databases for easy maintenance, and supports the ability to automatically update local databases with current versions on the Nikto web site. Visual Interactive Datapipe (Vida) Added 2002-07-19 Visual Interactive Datapipe (Vida) is an interactive visual datapipe for all *nix systems, which allows socket communications to be redirected over pipes. It features an ncurses interface that allows the creation of multiple datapipes, each supporting multiple connections. It is possible to sniff and log traffic in various ways, hijack piped connections, perform DNS hijacking on switched LANs, and much more. nstalker-chunked.c Added 2002-06-26 nstalker-chunked.c is free and open-source, so try it out. The program uses a sophisticated method to find susceptible servers - not just banner checking. WebProxy Added 2002-04-26 WebProxy 1.0 is a cross-platform/browser security tool for use in auditing web sites. Installed as a proxy for your browser, WebProxy allows you to intercept, modify, log, and re-submit requests, both HTTP and HTTPS. Editing capabilities include parsing of query parameters, request headers, and POST parameters, as well as cookie editing. The convenient "browse from here" capability allows you to edit and resubmit previous requests and continue browsing on from the returned page. Request interception allows on-the-fly editing of requests based on a matching regular expression. There is also dynamic certificate generation. Use WebProxy for SQL injection, cookie manipulation, parameter testing, or simply monitoring of requests. ELZA Added 2002-04-23 The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicing browser behavior almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool. Metis Added 2002-04-16 This is a tool I write to collect information from web servers. This was written for the Open Source Security Testing Methodology (OSSTM) located on http://www.ideahamster.org/osstmm-description.htm. If you get OutOfMemory errors, it means that the site you are scanning is quite big and you need to grow the heap size by using the -Xms option. By default, the metis.bat will set it to 150. Panoptis Added 2002-04-08 Panoptis is a tool to detect and stop DoS/DDoS attacks. It relies on data provided by NetFlow-enabled routers, and includes functionality to cooperate with other "Panoptis" detectors in order to trace the attack back to its source. VoidEye CGI scanner Added 2002-03-25 VoidEye CGI scanner, build 461. Scans for 78 known vulnerabilities. Runs on: win9x, winNT, win2000. Features: user can add his own holes, editing "exp.dat" in any text editor or via program interface, user can process a site list, editing it via the program interface or the file "servers.dat", scanner can work via a proxy, for more security. Multi-threaded and fast. By Duke. Typhon Added 2002-02-06 Typhon, an updated version of Cerberus Internet Scanner, is a vulnerability assessment tool. It will scan a given host for known security holes and vulnerabilities. It does this by looking at the services offered by a host and each of these are examined for holes. For example, Typhon will check for over 180 known vulnerabilities in the web service or daemon offered by a server. Once a scan has been completed a report in HTML is produced detailing what security holes were found, the impact of those holes and how to fix them. Once these holes have been removed then the host will be more secure against attacks. As new vulnerabilities are discovered almost on a daily basis it is necessary to ensure that the Typhon is kept upto date and hosts are scanned on a regular basis. Browse by category |
|
|
Privacy Statement |
