Re: Know such a web's server tool?

From: morning_wood (se_cur_ityat_private)
Date: Thu Jul 17 2003 - 12:36:31 PDT

Next message: Alfred Huger: "Vacation Troller - Ignore (1 of 2)"

Previous message: Alfred Huger: "New Articles @ SecurityFocus"
In reply to: Paul Vet: "RE: Know such a web's server tool?"
Next in thread: Alvin Oga: "RE: Know such a web's server tool? -- huh"
Next in thread: Bill Weiss: "Re: Know such a web's server tool?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://cirt.net has Nikto ( vuln scanner ) and I maintain a win32 binary
port of the .pl for those without perl support.
Wnikto32 may be obtained at
http://exploitlabs.com/files/woods/wnikto32-1.3c.zip
and just released today,
Wnikto32 with php remote frontend avail at
http://exploitlabs.com/files/woods/wnikto32-phpfe.zip
please note the php front end is very alpha, but does work very nicely.

Donnie Werner
http://exploitlabs.com



----- Original Message ----- 
From: "Paul Vet" <paul.vetat_private>
To: "MARTIN M. Bénoni" <benoni_martinat_private>;
<pen-testat_private>
Sent: Thursday, July 17, 2003 9:16 AM
Subject: RE: Know such a web's server tool?


> Except for trying actual exploits, give nmap
(http://www.insecure.org/nmap/)
> a shot.  It's very powerful on its own, and CPAN has some perl modules
> (http://search.cpan.org/search?query=nmap) to control it if you're
feeling
> creative.
>
> You might want to consider Nessus (http://www.nessus.org/) for it's
tests,
> it has an exploit scripting engine (I believe).
>
> If you're willing to pay, there's been some talk on this list about CORE
> Impact, which does that as well.
>
>
> Paul Vet.
>
> > -----Original Message-----
> > From: MARTIN M. Bénoni [mailto:benoni_martinat_private]
> > Sent: July 17, 2003 7:40 AM
> > To: pen-testat_private
> > Subject: Know such a web's server tool?
> >
> >
> > Hi list!
> >
> > I am currently writing an application which will allow to find
> > out all (well
> > the maximum of them! :) ) the servers on a network. Here is how it
works:
> > 1- I feed it with a list of targets (command-line or file): CIDR
subnets,
> > hostnames, IP address(es),..
> > 2- I specify a type of scan: looking for FTP, HTTP, POP, ... servers /
> > intrusive scan or not / ....
> > 3- It tries to find them out.
> > 4- Gets its OS and vulnerabilities. And if desired, it will try to
breack
> > down the systems using the found vulnerabilities.
> > 5- Creates a simple HTML page with the results.
> >
> > I have been wandering around Internet, and I could not find any tool
like
> > that (well doing all these features). So, if you know such a
> > tool, could you
> > tell me about it? If you have any idea/clue/help, feel free to mail me!
> >
> > Cheers!
> >
> > Bénoni-
> >
> > _________________________________________________________________
> > STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> > http://join.msn.com/?page=features/junkmail
> >
> >
> > ------------------------------------------------------------------
> > ---------
> > Your network Firewall and IDS products do not prevent Web application
> > exploits - the most common form of online attack - resulting in Web
> > defacement, data theft, sabotage and fraud.
> >
> > KaVaDo is the first and only company that provides a complete and an
> > integrated suite of Web application security products, allowing you to
> > assess your entire environment, automatically set positive security
> > policies and maintain it without compromising business performance.
> >
> > For more information on KaVaDo and to download a FREE white paper on
Web
> > applications - security policy automation, please visit:
> > http://www.kavado.com/ad.htm
> > ------------------------------------------------------------------
> > ----------
> >
> >
>
>
> -------------------------------------------------------------------------
--
> Your network Firewall and IDS products do not prevent Web application
> exploits - the most common form of online attack - resulting in Web
> defacement, data theft, sabotage and fraud.
>
> KaVaDo is the first and only company that provides a complete and an
> integrated suite of Web application security products, allowing you to
> assess your entire environment, automatically set positive security
> policies and maintain it without compromising business performance.
>
> For more information on KaVaDo and to download a FREE white paper on Web
> applications - security policy automation, please visit:
> http://www.kavado.com/ad.htm
> -------------------------------------------------------------------------
---
>
>

---------------------------------------------------------------------------
Your network Firewall and IDS products do not prevent Web application
exploits - the most common form of online attack - resulting in Web
defacement, data theft, sabotage and fraud.

KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to
assess your entire environment, automatically set positive security
policies and maintain it without compromising business performance.

For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

Next message: Alfred Huger: "Vacation Troller - Ignore (1 of 2)"
Previous message: Alfred Huger: "New Articles @ SecurityFocus"
In reply to: Paul Vet: "RE: Know such a web's server tool?"
Next in thread: Alvin Oga: "RE: Know such a web's server tool? -- huh"
Next in thread: Bill Weiss: "Re: Know such a web's server tool?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 17 2003 - 12:42:39 PDT