Eikonal Blog

2010.01.29

Vulnerability Assessment tools

Information Gathering

Network Scanners and Discovery, Port scanners

Vulnerability Scanners, Integrated VA (Vulnerability Assessment) scanners

Windows Auditing

GOTO: https://eikonal.wordpress.com/2011/01/05/auditing-ms-windows/

Unix Auditing

GOTO: https://eikonal.wordpress.com/2011/07/08/auditing-unix/

Database auditing

GOTO: https://eikonal.wordpress.com/2011/02/24/database-security/

Web Applications and Web Services assessment

Lists of tools:

Application Assessment:

Web services testing:

Fuzzing:

Using browsers as the webapp testing tools:

Misc info:

  • Book: “The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws” by Dafydd Stuttard and Marcus Pinto – http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/0470170778/
  • The Web Application Security Consortium (WASC): http://www.webappsec.org/ | http://projects.webappsec.org/
  • OSSTMM – “Open Source Security Testing Methodology Manual” by Pete Herzog – http://www.isecom.org/osstmm/
  • OWASP: http://www.owasp.org/index.php/Main_Page
    • OWASP Testing Guide:
  • Top 10 Web Vulnerability Scanners – http://sectools.org/web-scanners.html:

    • #1 – Nikto : A more comprehensive web scanner:
      Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). It uses Whisker/libwhisker for much of its underlying functionality. It is a great tool, but the value is limited by its infrequent updates. The newest and most critical vulnerabilities are often not detected.
    • #2 – Paros proxy : A web application vulnerability assessment proxy
      A Java based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting.
    • #3 – WebScarab : A framework for analyzing applications that communicate using the HTTP and HTTPS protocols
      In its simplest form, WebScarab records the conversations (requests and responses) that it observes, and allows the operator to review them in various ways. WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.
    • #4 – WebInspect : A Powerful Web Application Scanner
      SPI Dynamics’ WebInspect application security assessment tool helps identify known and unknown vulnerabilities within the Web application layer. WebInspect can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more.
    • #5 – Whisker/libwhisker : Rain.Forest.Puppy’s CGI vulnerability scanner and library
      Libwhisker is a Perl module geared geared towards HTTP testing. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Whisker is a scanner that used libwhisker but is now deprecated in favor of Nikto which also uses libwhisker.
    • #6 – Burpsuite : An integrated platform for attacking web applications
      Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyze, attack and exploit web applications. The various burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.
    • #7 – Wikto : Web Server Assessment Tool
      Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as Nikto but adds various interesting pieces of functionality, such as a Back-End miner and close Google integration. Wikto is written for the MS .NET environment and registration is required to download the binary and/or source code.
    • #8 – Acunetix WVS : Commercial Web Vulnerability Scanner
      Acunetix WVS automatically checks web applications for vulnerabilities such as SQL Injections, cross site scripting, arbitrary file creation/deletion, weak password strength on authentication pages. AcuSensor technology detects vulnerabilities which typical black box scanners miss. Acunetix WVS boasts a comfortable GUI, an ability to create professional security audit and compliance reports, and tools for advanced manual webapp testing.
    • #9 – Rational AppScan : Commercial Web Vulnerability Scanner
      AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. Appscan was merged into IBM’s Rational division after IBM purchased it’s original developer (Watchfire) in 2007.
    • #10 – N-Stealth : Web server scanner
      N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as Whisker/libwhisker and Nikto, but do take their web site with a grain of salt. The claims of “30,000 vulnerabilities and exploits” and “Dozens of vulnerability checks are added every day” are highly questionable. Also note that essentially all general VA tools such as Nessus, ISS Internet Scanner, Retina, SAINT, and Sara include web scanning components. They may not all be as up-to-date or flexible though. N-Stealth is Windows only and no source code is provided.
  • Jeremiah Grossman blog on web applicaiton’s security: http://jeremiahgrossman.blogspot.com | RSS – http://feeds.feedburner.com/JeremiahGrossman:
  • “Web Application Testing” by Russ Klanke (at Aggressive Virus Defense blog) – http://aggressivevirusdefense.wordpress.com/2009/08/02/web-application-testing/ – has numerous good links and tips.
  • Browser Security Handbook – http://code.google.com/p/browsersec/wiki/Main
      Browser Security Handbook is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.

      The document currently covers several hundred security-relevant characteristics of Microsoft Internet Explorer (versions 6, 7, and 8), Mozilla Firefox (versions 2 and 3), Apple Safari, Opera, Google Chrome, and Android embedded browser.

      Open-source test cases provided alongside with this document permit any other browser implementations to be quickly evaluated in a similar manner.

  • “Web Security Testing Cookbook” by Paco Hope – http://websecuritytesting.com/

(other) Specialized scanners

IPSec security

  • IPSecScan (by NTSecurity.nu) – http://ntsecurity.nu/toolbox/ipsecscan/IPSecScan is a tool that can scan either a single IP address or a range of IP addresses looking for systems that are IPSec enabled.

Wireless Hacking and auditing

VoIP & Telephony auditing

Live CDs

Exploitation Frameworks

Tools:

Articles:

Penetration Testing and Exploitation

Network testers


See also: list of (other) security tools (in this blog) – https://eikonal.wordpress.com/2010/07/28/security-tools/.

2 Comments »

  1. […] Vulnerability Assessment tools – https://eikonal.wordpress.com/2010/01/29/vulnerability-assessment-tools/ […]

    Like

    Pingback by Security tools « Eikonal Blog — 2010.07.28 @ 14:23


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: