[BabelWeb] NEW web scanner/analyzer/forcer

From: Stephane Aubert (Stephane.Aubert@hsc-labs.com)
Date: Mon Aug 13 2001 - 03:36:07 PDT

  • Next message: Stephane Aubert: "[SubWeb] NEW http proxy/reverse proxy"

    BabelWeb v1.0
    Stephane Aubert <Stephane.Aubert@hsc-labs.com>
    kotao <kotaoat_private>
    HSC security research labs
    Hervé Schauer Consultants
    Download: http://www.hsc-labs.com/tools/babelweb/
    babelweb is born from the from the lack of a powerful tools to achieve
    penetration tests against e-commerce servers. Applications on web servers
    usually are increasingly complex without being increasingly secured. It
    becomes interesting to have a tool allowing to approach human in the test
    the web applications.
    babelweb is a program which allows to automate tests on a HTTP server. It is
    able to follow the links and the HTTP redirect but it is programmed to
    remain on the original server.
    The main goal of babelweb is to obtain informations about a remote web
    server and to sort these informations. It is thus possible to draw up
    the list of the accessible pages, the cgi scripts met, the various files
    found like .zip, .pdf...
    A summary of these informations is proposed in a HTML file whose name can be
    fixed with the option --out-HTML.
    The tests/functionalities are:
      . try to identify the server
        (http fingerprint will be available in the next version)
      . test server for proxying
      . scan for links usually vulnerable, those links are read
        from the file common_vuln_cgi.txt
      . scan for vulnerable cgi babelweb can exploit
        (only well known vuln. for the public version)
      . web spider
      . analyze spider results
      . show the summary
      . handle cookies
      . follow http redirection
    Three additional functionalities are available:
      . transform babelweb into a TCP port scanner by HTTP proxying
      . transform babelweb into a HTTP brute forcer
      . transform babelweb into a generic generator of requests
    Babelweb can run in different modes:
      . aggressive mode (ie. run exploit when possible)
      . interactive mode (during exploits)
      . crash mode (not public)
      . anti-IDS mode (a la wisker)
      HSC security research labs and more notably:
      . Denis Ducamp for the documentation and the cleverness of his inputs
      . Frédéric Lavecot for his ideas and tests
      . Yann Berthier et Nicolas Jombart for read proofing and their passion
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 12:31:04 PDT