Results 1 to 10 of 10

Thread: How to scan any website for vulnerabilities.

  1. #1
    bluemimmosa
    Guest

    Post How to scan any website for vulnerabilities.

    How can we scan a website for vulnerabilities? Are there any tools we can find or we need to write it ourself? for eg:
    WEBSITE: www dot example dot com
    SERVEROS: CentOS
    WEBSERVER: apache 2.2.3

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by bluemimmosa View Post
    How can we scan a website for vulnerabilities? Are there any tools we can find or we need to write it ourself? for eg:
    WEBSITE: www dot example dot com
    SERVEROS: CentOS
    WEBSERVER: apache 2.2.3
    You use the search function.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Member
    Join Date
    Jan 2010
    Posts
    332

    Default

    Here's a book.
    It's a good one.
    SecurityTube has two new sections. Questions & News

  4. #4
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Quote Originally Posted by bluemimmosa View Post
    How can we scan a website for vulnerabilities? Are there any tools we can find or we need to write it ourself? for eg:
    WEBSITE: www dot example dot com
    SERVEROS: CentOS
    WEBSERVER: apache 2.2.3
    Oh my goodness!


    Ask your local FBI agent...................
    Don't eat yellow snow :rolleyes:

  5. #5
    Moderator
    Join Date
    Jan 2010
    Posts
    167

    Default

    Quote Originally Posted by bluemimmosa View Post
    How can we scan a website for vulnerabilities? Are there any tools we can find or we need to write it ourself? for eg:
    WEBSITE: www dot example dot com
    SERVEROS: CentOS
    WEBSERVER: apache 2.2.3
    There is no single tool which is able to test all the different web apps. Normally you can use one of the commercial tools like IBM Appscan [1] or Acunetix [2] and you have to test lots of stuff manually (webscarab is a nice tool for this [3]). Also Nessus and nikto [4] will help you a little bit. Then there are some firefox plugins (XXSme, SQLme, Firebug, Cookie Editor, ...) which will help you. You can also find the samurai [5] linux distri, which brings you all the different open source tools.

    m-1-k-3

    [1] http://www-01.ibm.com/software/awdtools/appscan/
    [2] http://www.acunetix.com/
    [3] http://www.owasp.org/index.php/Categ...Scarab_Project
    [4] http://www.cirt.net/nikto2
    [5] http://samurai.inguardians.com/

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by bluemimmosa View Post
    How can we scan a website for vulnerabilities? Are there any tools we can find or we need to write it ourself? for eg:
    WEBSITE: www dot example dot com
    SERVEROS: CentOS
    WEBSERVER: apache 2.2.3
    Hire someone who does this for a living.

    Start by keeping your Apache install up-to-date current stable release in the 2.2.x line is 2.2.11.

    In addition to the tools already mentioned you might want to check out w3af.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Paros can do some basic security and injection checks.
    Nikto can scan for some known vulnerabilities (updates are a tad infrequent).

    A list which mentions these plus others above is here:

    http://sectools.org/web-scanners.html

    As well as keeping Apache up to date (as mentioned by Thorin) also keep any web applications/server side script languages up to date, e.g. PHP, any forum/bulletin board/wikis, etc
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default Isp

    A little friendly comment:

    You all might want to check the terms of use from your ISP before using some of these tools if you are inexperienced.

    They are mostly VERY NOISY!

    For those of you who are new to examinations of this type that means that they 'blast out' a high number of investigative sequences in a very short time.

    Such activity might cause an excess report and a reset to your connection.

    For educational purposes first run on an internal network only.
    Lux sit

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by blackfoot View Post
    A little friendly comment:
    You all might want to check the terms of use from your ISP before using some of these tools if you are inexperienced.
    Very good reminder blackfoot.
    Not to mention there are those admins out there that just love to report someone scanning their networks for whatever reason.
    One of the happens to be a contributor here.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by archangel.amael View Post
    Very good reminder blackfoot.
    Not to mention there are those admins out there that just love to report someone scanning their networks for whatever reason.
    One of the happens to be a contributor here.
    I hear he's really mean too.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •