HTTP App Scanner in Perl?

Discussion in 'Perl Misc' started by Chris, Nov 2, 2005.

  1. Chris

    Chris Guest

    Well, from the lack of Google results I'm receiving, I'd say this does
    not exist. But since I've done some searching on my own and come up
    with nothing, it can't hurt to ask...

    Does anyone know of a web app scanner that basically hits web
    applications and does "ethical hacking" -- like this product:

    http://www.watchfire.com/products/security/appscan-audit.aspx

    Tries Forceful URLs, SQL Injection, Cookie Poisoning, etc. to check for
    and report vunerabilities. I'd really rather have a tool that supports
    plugins we write (like Nessus) and having it in Perl would be even
    better.

    I realize recommending something like this is a bit of a two-edged
    sword -- how does anyone know it will be used ethically? I guess
    that's the same risk the Nessus project is taking. If someone seems
    overly concerned, all I can say is that I'm a IT security engineer for
    a large US corporation and we intend to use this to scan and secure our
    network, so...

    Any leads would be appreciated. We actually already license the
    AppScan product referred to by the URL above. I just want something I
    can create site specific tests for.

    -ceo
    Chris, Nov 2, 2005
    #1
    1. Advertising

  2. Chris

    Brian Wakem Guest

    Chris wrote:

    > Well, from the lack of Google results I'm receiving, I'd say this does
    > not exist. But since I've done some searching on my own and come up
    > with nothing, it can't hurt to ask...
    >
    > Does anyone know of a web app scanner that basically hits web
    > applications and does "ethical hacking" -- like this product:
    >
    > http://www.watchfire.com/products/security/appscan-audit.aspx
    >
    > Tries Forceful URLs, SQL Injection, Cookie Poisoning, etc. to check for
    > and report vunerabilities. I'd really rather have a tool that supports
    > plugins we write (like Nessus) and having it in Perl would be even
    > better.
    >
    > I realize recommending something like this is a bit of a two-edged
    > sword -- how does anyone know it will be used ethically? I guess
    > that's the same risk the Nessus project is taking. If someone seems
    > overly concerned, all I can say is that I'm a IT security engineer for
    > a large US corporation and we intend to use this to scan and secure our
    > network, so...
    >
    > Any leads would be appreciated. We actually already license the
    > AppScan product referred to by the URL above. I just want something I
    > can create site specific tests for.
    >
    > -ceo



    Netcraft do it http://audited.netcraft.com/web-application but it ain't
    cheap.



    --
    Brian Wakem
    Email: http://homepage.ntlworld.com/b.wakem/myemail.png
    Brian Wakem, Nov 2, 2005
    #2
    1. Advertising

  3. Chris

    Chris Guest

    Brian Wakem wrote:
    > Chris wrote:
    >
    > > Well, from the lack of Google results I'm receiving, I'd say this does
    > > not exist. But since I've done some searching on my own and come up
    > > with nothing, it can't hurt to ask...
    > >
    > > Does anyone know of a web app scanner that basically hits web
    > > applications and does "ethical hacking" -- like this product:
    > >
    > > http://www.watchfire.com/products/security/appscan-audit.aspx
    > >
    > > Tries Forceful URLs, SQL Injection, Cookie Poisoning, etc. to check for
    > > and report vunerabilities. I'd really rather have a tool that supports
    > > plugins we write (like Nessus) and having it in Perl would be even
    > > better.
    > >
    > > I realize recommending something like this is a bit of a two-edged
    > > sword -- how does anyone know it will be used ethically? I guess
    > > that's the same risk the Nessus project is taking. If someone seems
    > > overly concerned, all I can say is that I'm a IT security engineer for
    > > a large US corporation and we intend to use this to scan and secure our
    > > network, so...
    > >
    > > Any leads would be appreciated. We actually already license the
    > > AppScan product referred to by the URL above. I just want something I
    > > can create site specific tests for.
    > >
    > > -ceo

    >
    >
    > Netcraft do it http://audited.netcraft.com/web-application but it ain't
    > cheap.


    Why is it that 10 minutes after submitting a question to c.l.p.m, I
    find what I am searching for? :) After spending much time searching
    before asking the question...!!!!???

    Anyway, this is probably going to do the trick:

    Nikto: http://www.cirt.net/code/nikto.shtml

    Thanks all!
    -ceo
    Chris, Nov 2, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V29uZw==?=

    Asp.net upload file links to virus scanner

    =?Utf-8?B?V29uZw==?=, Aug 30, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    510
    =?Utf-8?B?V29uZw==?=
    Aug 30, 2004
  2. =?Utf-8?B?V29uZw==?=

    Asp.net Upload File links to Virus Scanner

    =?Utf-8?B?V29uZw==?=, Aug 30, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    3,981
    bsandhu
    Dec 16, 2005
  3. Replies:
    5
    Views:
    1,600
    tehka
    Sep 5, 2006
  4. Pieter Jongsma

    Barcode scanner app

    Pieter Jongsma, Sep 20, 2007, in forum: Ruby
    Replies:
    6
    Views:
    169
    Pieter Jongsma
    Sep 21, 2007
  5. learnerplates
    Replies:
    8
    Views:
    421
    John Bokma
    Jun 8, 2005
Loading...

Share This Page