Jan-Oliver Wagner wrote: > Hello, > > On Montag, 22. März 2010, Christian Kuersteiner wrote: >>> Built w3af support, so will try this as well. >> Drop me a line if you need an additional helping hand. > > any progress with this? > w3af causes a lot of trouble, so I'd like to have an alternative...
Yes and No. Here's the few details about skipfish (if you did not tried to use it): - skipfish is very chatty (it outputs statistics every 20 requests) - skipfish generates a LOT requests even with minimal dictionary - skipfish generates html report which should be parsed a lot (with copies of everything downloaded) I have sent patch to Michael (author of skipfish), but did not get any response afterwards. If Michael does not accept the patch, we can distribute OpenVAS with a patch, but it's always clumsy solution. Even with that patch, I'm not sure if skipfish is right software for this use. It's more for manual web vulnerability assessment. That's why I have implemented wapiti(http://wapiti.sourceforge.net/) support in the meantime on SVN r7114. Take a look at: http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/remote-web-wapiti.nasl?root=openvas&view=log Unfortunately, I'm not aware of any better open source web vulnerability scanner. Anyone would like to enlighten us? Kost _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
