a while ago I've postet the first release of a small script for auditing webservers ... now the 2nd release with some small improvements and some bugfixes is available.
It's a bash script which automates the basic metasploit (wmap) auditing stuff for a huge number of webservers ... quite nice to work with on a pentest where you are fighting with some more webservers ...
The script is quite easy but in my opinion very usefull on pentests with lots of servers ...
# Webserver version:
Metasploit Auxiliary Mode: auxiliary/scanner/http/http_version
# Webserver options:
Metasploit Auxiliary Mode: auxiliary/scanner/http/options
# write access
Metasploit Auxiliary Mode: auxiliary/scanner/http/writable
# searching for directories:
Metasploit Auxiliary Mode: auxiliary/scanner/http/wmap_dir_scanner
# searching for files
Metasploit Auxiliary Mode: auxiliary/scanner/http/wmap_files_dir
# analysing ssl ciphers
Metasploit Auxiliary Mode: auxiliary/scanner/http/wmap_ssl
# Nikto webaudit
have fun and feedback would be great ...
Download: basic Webaudit script v0.2 | www.s3cur1ty.de