a good starting point would be http://cirt.net/nikto2 windows based vrsion http://www.sensepost.com/research/wikto/
for IIS checklist you can start here. http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=98 Regards Gautam On 18 February 2010 17:39, suresh tiwary <[email protected]>wrote: > Dear OWASP Delhi, > > Thank you all for the good information. but i am still confused whether > "NESSUS" is a web server vulnerability assessment tool or a Network > Assessment tool. > > Please suggest. > > The situation is: I have to perform the V.A of IIS using a tool. So how do > I start, Use NESSES and proceed or use any commercial tool. If commercial > tool, then which is the widely accepted commercial tool. A organization cant > have multiple commerical tool, so suggest A few commercial tools that can > perform web server V.A. > > Also any checklist for IIS V.A ? > > Thanks & regards, > Suresh > > Note: Forwarded message attached > > -- Original Message -- > > From: "Vinodh Kiran S" [email protected] > To: [email protected] > Cc: [email protected], [email protected] > Subject: FW: [Owasp-delhi] Tools for Web Server V A > > <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline....@middle?> > > ---------- Forwarded message ---------- > From: "Vinodh Kiran S" <[email protected]> > To: <[email protected]> > Date: > Subject: FW: [Owasp-delhi] Tools for Web Server V A > > Dear Suresh, > > > > In continuation of the below recommendations from Rahul and Neelu, I just > wanted to let you know that we represent Core Security (Providers of Core > Impact), here in India. The attached datasheet will give you a quick > overview. I would like to know your thoughts on this. Please do contact me > for any further assistance. > > > > Good Day! > > > > Regards, > > > > Vinodh Kiran S |Sr. Manager – ECM | Cell: +91 (0) 9900247424 > > > > *[image: cid:[email protected]]*** > > *[image: Teaq]*** > > * * > > *Teaq Technologies Pvt. Ltd.* > > #320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80) > 4161 2610 > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Neelu Tripathy > *Sent:* Wednesday, February 17, 2010 4:11 PM > *To:* suresh tiwary > *Cc:* [email protected]; [email protected] > *Subject:* Re: [Owasp-delhi] Tools for Web Server V A > > > > > Hi Suresh, > > Apart from what Rahul suggested, you can also for GFI Languard or Core > Impact (both proprietary). For a better hands-on and/or manual assessment, > try using Metasploit (Opensource), though that might be more on the PT side. > > > Regards, > Neelu Tripathy > Security Analyst, TEG > Tata Consultancy Services > Mailto: [email protected] > > From: > > "suresh tiwary" <[email protected]> > > To: > > <[email protected]> > > Date: > > 02/17/2010 11:46 AM > > Subject: > > [Owasp-delhi] Tools for Web Server V A > > Sent by: > > [email protected] > > > ------------------------------ > > > > > Issue: Tools for web server V A for IIS, Apache etc ? > > Dear OWASP Delhi, > > Can anyone provide complete and comprehensive information, sites of web > server vulnerability assessment by manual method and by automated tools. > > 1. What are the free tools / open source tools actually and > practically used for web serv V A ? > > 2. What are the commercial tools used for automated web server V A ? > > 3. How a manual web server v a is conducted ? Any checklist and the > practical process. > > 4. People can share their web server v a experience. > > Thanks & regards, > Suresh > > > _______________________________________________ > Owasp-delhi mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-delhi > > =====-----=====-----===== > > Notice: The information contained in this e-mail > > message and/or attachments to it may contain > > confidential or privileged information. If you are > > not the intended recipient, any dissemination, use, > > review, distribution, printing or copying of the > > information contained in this e-mail message > > and/or attachments to it are strictly prohibited. If > > you have received this communication in error, > > please notify us by reply e-mail or telephone and > > immediately and permanently delete the message > > and any attachments. Thank you > > > > > > > _______________________________________________ > Owasp-delhi mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-delhi > >
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
