SLUG Mailing List Archives
Re: [SLUG] Penetration testing tools?
- To: Morgan Storey <me@xxxxxxxxxxxxxxxx>
- Subject: Re: [SLUG] Penetration testing tools?
- From: Marghanita da Cruz <marghanita@xxxxxxxxxxxx>
- Date: Mon, 20 Oct 2008 11:04:05 +1000
- Cc: SLUG <slug@xxxxxxxxxxx>
- Organization: Ramin Communications
- Reply-to: marghanita@xxxxxxxxxxxx
- User-agent: Icedove 184.108.40.206 (X11/20061220)
You might like to check the Australian Government ICT Security Manual (ISM) it
tends to talk at a higher conceptual level than specific applications. But
provides useful contextual information...I would be interested in your comments
about its relevance/comprehensiveness.
Morgan Storey wrote:
That isn't a bad list, I tend to direct people to
http://sectools.org/vuln-scanners.html even though it is a little
dated, and doesn't mention OpenVAS (Nessus forked and OpenVAS is truly
OSS), I also use Webscarab, Xenu (just a link checker but gives you a
good list of the site), W3af, as it is open source and does some nice
fuzzing through its proxy, Nikto/Wikto and Nmap if it is more than
These are all just auto tests, they won't find everything and there
are some false finds too, so you also have to have a look at
techniques like sql injection (you can get sql injection tools like
the Acuntix, but it is not cheap), and imho you are better learning
the techniques yourself, cause if you know how a tool works you are so
much better off.
On 10/16/08, Amos Shapira <amos.shapira@xxxxxxxxx> wrote:
I need to find tools to run penetration testing on our external web
interfaces (a web application and an HTTP-based data interface).
The idea is to be able to run automatic tests on new releases before
deployment. Stress is on "automatic".
Has anyone here got good experience with such tools? I'm digging through
the net and found lots of lists (e.g.
but if someone can give some input from their personal experience on what's
worth pursuing and what's a waste of time it'll, well..., might save us some
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Marghanita da Cruz
Phone: (+61)0414 869202