CUM Security Toolkit [CST]
Platforms:
Java
Categories:
Auditing,
Network,
Web
Version: v1.4
URL: http://www.blackhat.be/
This version contains a script scanner, that scans using a database of scripts (user editable). The sample databases included contains +700 possibly vulnerable scripts/dirs. You can scan with or without a proxyserver. The scanner has 11 different Anti-IDS tactics (hex-values, double slashes, self-reference dirs, parameter hiding and session splicing), and sends fake "X-Forwarded-For:", "Referer:" and "User-Agent:" headers to hide your scan even more. You can also specify a waittime between 2 script fetches. The scanner uses HEAD requests instead of GET for faster scanning, and has support for scanning virtual hosts. You can also specify another port to scan instead of the standard port 80. The scanner outputs the scripts/dirs that return a 200, 403 or 401 HTTP code and outputs the webserver software. I'm probably forgetting some options because there are *alot* in this new version - you have to try it to see... Also included is a portscanner. It can perform TCP scans, and it outputs the open ports, and their reply. A full and comprehensive manual is included, but if you have problems, you can always mail us.
