[Intrusions] need a suggestion of tool for pentest web application.

rbeken at scitechsystems.net rbeken at scitechsystems.net
Sat Jul 2 16:10:24 GMT 2005


Dany,

I think you're looking for a vulnerability scanner, not a penetration test
tool?  Usually pen tests are done by people who are focused on penetration
exclusively.

Check out Whisker (it does cgi script vulnerability tests) Nikto (Nikto
uses Whisker for a back-end but references the CVE #), lists of others go
on: N-Stealth, Screaming Cobra, Web Sleuth, Web Scarab, Brutus, Achilles,
WebProxy, Etc.
Some are free, some are not.  You may want to use several tools to
evaluate your system(s) depending on your environment and how deep into
the box you want to test.  You may want to use a host security scanner
such as Nessus, Harris Stat http://www.stat.harris.com (pretty slick tool
that's used pretty widely in the Government), etc.

Cheers,

Robert Beken
CISSP, GCFW


> Hello list,
> Anyone can suggest me a tools to do a pentest on web application like
> intranet etc and tell me why this tool is nice.
> If possible with a license "per engagement".
> Thx in advance.
> Sorry for my bad English.
> Dany






More information about the Intrusions mailing list