[ Hackerlink ] Whisker: a next-generation CGI scanner

Fri, 29 Oct 1999 19:04:22 -0700 

          Whisker: a next-generation CGI scanner
----------------------------------------------------------------------------
----


DETAILS

Whisker is a CGI scanner with impressive features that makes it much 
better than most CGI scanners.

Whisker includes the following features:
1) The CGI directory can be pre-defined from the default '/cgi-bin', to 
your own choosing, or a set of well-known CGI paths.
2) Before checking for vulnerability Whisker will verify that the CGI 
directory exists, and that the CGI itself exists, reducing the number of 
false positives.
3) The server type and version is checked prior to any testing, reducing 
checks for unsupported CGIs (i.e. test for details.idc vulnerability on an 
Apache server is futile, since this is an IIS vulnerability).
4) Virtual Hosting is fully supported, allowing Whisker to test 
vulnerabilities against sub-domains within the same server (a feature not 
supported by all CGI scanners).
5) Whisker can be taught to see through custom made "success" pages, which 
are usually a result of "not found" errors (this minimizes false 
positives).
6) Whisker was written in Perl for easy portability and manipulation.
7) Interoperability between products/files such as command separated 
files, nmap result file, IP subnets and etc.
8) URL encoding that hides scans from IDS programs, something like 
'/cgi-bin/phf?' is requested by its mime encoding equivalent: 
'/%63%67%69%2d%62%69%6e/%66%69%6e%67%65%72' which causes most IDS programs 
to not detect the scan.
9) Support for a script language that enables people to easily add new 
scanning scripts.


ADDITIONAL INFORMATION

The tool can be downloaded from:
 <http://www.wiretrip.net/rfp/> http://www.wiretrip.net/rfp/

Or directly from:
 <http://www.wiretrip.net/rfp/whisker.tar.gz> 
http://www.wiretrip.net/rfp/whisker.tar.gz (TAR/GZed)
 <http://www.wiretrip.net/rfp/whisker.tar> 
http://www.wiretrip.net/rfp/whisker.tar (TARed)

This tool has been written by:  <mailto:[EMAIL PROTECTED]> 
rain.forest.puppy. / ADM / wiretrip / [EMAIL PROTECTED]



-------
AFLHI 058009990407128029/089802---(102598//991024)


    milis ini didukung oleh :
 >> http://www.indolinux.com - dunia linux indonesia
 -------------------------------------------------------------------
 untuk berhenti kirim  email  ke  [EMAIL PROTECTED]
 untuk melihat peraturan kirim email  ke  [EMAIL PROTECTED]
 arsip berada di  http://www.mail-archive.com/[email protected]

Kirim email ke