Ok I define concretely my task. I wish to find quickly potential holes (XSS, SQL injection and e.t.c.) in the any Web sites, for example www.yandex.ru. I do not know, what OS or database using on server.
Many program can find only known CGI bugs or need some interactive with database or environment. >I do not actually think that any of the tools listed below are what you are >looking for. > >* Nikto is a web vulnerability scanner that can identify KNOWN >vulnerabilities, as well as some variations on them. It is unable to >understand application logic or identify any custom security >vulnerabilities. >* Nessus is much like Nikto - only it's not limited to web. >* Absinthe is the only tool that can help with custom application >vulnerabilities, but it's not really an automated scanner such as the one >you are looking, but rather an assisting the exploitation of SQL Injection. >It still requires a certain level of expertese to succesfully operate. > >I think what you are looking at is rather one of the commercial tools, such >as SPI Dynamics WebInspect, Watchfire's AppScan or KaVaDo's ScanDo. > >Ofer Maor >CTO >Hacktics (http://www.hacktics.com/) > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of tgoogle >Sent: Monday, June 13, 2005 19:10 >To: [email protected] >Cc: [EMAIL PROTECTED] >Subject: Re: [Full-disclosure] Web application Security Scanner > > >Thanks, > >I shall test all these programs, tomorrow I send my results. For example, i >try to find vulnerabilities in www.yandex.ru and www.google.ru sites :). > >You really consider that all these programs are capable found vulnerability >in UNKNOWN scripts? > >I need BEST program, which can found Maximum bugs in any custom Web >application. > > >>http://www.0x90.org/releases/absinthe/ >>http://www.nessus.org/download/ with some plugins >>http://www.cirt.net/code/nikto.shtml >> >>The "best" depends of your target, the OS you use, if you looking for >>opensource products or commercial ones. >>Just google there many of them. >> >> >>Deepquest >>"Justification of windows usage is a combinaison of Stockholm >>Syndrome and cognitive dissonance." >>-------------------------------------------------------------- >>Propaganda http://deepquest.code511.com/blog >>FIB http://www.futureisbeta.com >>PGP DH/DSS http://www.futureisbeta.com/pgp >>-------------------------------------------------------------- >> >>> Did you know the best Web app security scanner? >>> >>> I need scanner, which would find SQL injections, XSS, php include >>> and other bug in unknown Web application. >>> >>> Thanks >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >> > > >-- >Яндекс.Почта: объем почтового ящика не ограничен! >http://mail.yandex.ru/monitoring/ >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > -- "Спамооборона" - почта без спама в вашем офисе! http://so.yandex.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
