Re: Open Source SQL Inject, XSS, Remote File Include Testing

To:	pen-test@securityfocus.com
Subject:	Re: Open Source SQL Inject, XSS, Remote File Include Testing
From:	"Nikhil Wagholikar" <visitnikhil@gmail.com>
Date:	Mon, 21 May 2007 13:06:59 +0530
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=f49oyBKxXcAw7b5LILdGS+bvwnj/SJtFX2Wx381GA6HaGlTii2YtpRxn31m9P/9d0aCl1yIyIm6cvaaz2NHNa2slDudHcw1a8kq2HeFRrUcEvToMKbS1tXamfTMoYj1AbG5qlKF3Pv2CsQLEjyGLqnC/+Q9G1Aitj6rYUk8hMCY=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GCnP9GQ5wS6VuXHn+3/Tgt49Ij/1bcfFdUVTAzHL8KdRXdKBjqw/FiUf04CZyystWk6o8FnBksjpe3G2m/aX6SLcM+hwDhJe9qCrduHczSas4qmAeTpvtY9oGVAkDDitk9S8XY5yToJxizaimnlrDGyy4Q1mITr+uoK3TOawQ5Y=
In-reply-to:	<20070519163030.b0favv1vbswg848c@correo.seguridad.unam.mx>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<003301c79a01$eca26920$c5e73b60$@com> <20070519163030.b0favv1vbswg848c@correo.seguridad.unam.mx>
Resent-date:	Mon, 21 May 2007 09:45:36 -0600 (MDT)
Resent-from:	pen-test-return-1078484217@securityfocus.com
Resent-message-id:	<20070521154536.442362444CE@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Hello Winsoc,

There are couple of open source tools for Pen-testing purpose, some of
them are mentioned below:

1.   OWASP WebScarab Project --
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

2.   Paros Proxy -- http://www.parosproxy.org/download.shtml

3.   BurpSuite -- http://portswigger.net/suite/

4.   Nikto -- http://www.cirt.net/code/nikto.shtml

5.   Oedipus -- http://oedipus.rubyforge.org/

6.   Priamos -- www.priamos-project.com

7.   Proxmon  -- http://www.isecpartners.com/proxmon.html

8.   WebSleuth -- http://www.xmcopartners.com/

9.   Nessus Security Scanner -- http://www.nessus.org/download/

10. Security Auditor's Research Assistant (SARA) --
http://www-arc.com/products.shtml



Beside these, there are live distros that bundle all Penetration
testing and Auditing tools in it. Some of them are:

1.    BackTrack -- http://www.remote-exploit.org/index.php/BackTrack

2.    Operator -- http://www.ussysadmin.com/operator/

3.    PHLAK -- http://www.phlak.org/modules/mydownloads/

4.    Auditor -- http://www.remote-exploit.org/index.php/Auditor_mirrors


So Enjoy Pen-Testing !!
--
Nikhil Wagholikar
Information Security Analyst

NII Consulting
Web: www.niiconsulting.com


On 5/20/07, jgervacio@seguridad.unam.mx <jgervacio@seguridad.unam.mx> wrote:

OWASP WebScarab Project
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
- Java Web Start version
  http://dawes.za.net/rogan/webscarab/WebScarab.jnlp

Parosproxy.org - Web Application Security
- Paros Scanner Function
http://www.parosproxy.org/faq.shtml

g3
Quoting winsoc <winsoc@googlemail.com>:

> Can anyone recommend a quick and cheerful Open Source Tool which will test
> websites for SQL Injection, XSS, Remote File Include.
>
>
> Regards
> winsoc
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Open Source SQL Inject, XSS, Remote File Include Testing, winsoc Re: Open Source SQL Inject, XSS, Remote File Include Testing, jgervacio Re: Open Source SQL Inject, XSS, Remote File Include Testing, Nikhil Wagholikar <= Re: Open Source SQL Inject, XSS, Remote File Include Testing, Rodrigo Montoro (Sp0oKeR) Re: Open Source SQL Inject, XSS, Remote File Include Testing, Marco Ivaldi Re: Open Source SQL Inject, XSS, Remote File Include Testing, Marco Ivaldi

Previous by Date:	Re: Open Source SQL Inject, XSS, Remote File Include Testing, Rodrigo Montoro (Sp0oKeR)
Next by Date:	Re: Legality of WEP Cracking, Justin Ferguson
Previous by Thread:	Re: Open Source SQL Inject, XSS, Remote File Include Testing, jgervacio
Next by Thread:	Re: Open Source SQL Inject, XSS, Remote File Include Testing, Rodrigo Montoro (Sp0oKeR)
Indexes:	[Date] [Thread] [Top] [All Lists]