Nikto2 Nikto is sponsored by Netsparker, a dead accurate and easy to use web application security solution. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto is not designed as a stealthy tool. Not every check is a security problem, though most are.
Web Application Security Testing Cheat Sheet This cheat sheet provides a checklist of tasks to be performed during blackbox security testing of a web application. This checklist is intended to be used as an aide memoire for experienced pentesters and should be used in conjunction with the OWASP Testing Guide. It will be updated as the Testing Guide v4 is progressed. The intention is that this guide will be available as an XML document, with scripts that convert it into formats such as pdf, Media Wiki markup, HTML etc. This will allow it to be consumed within security tools as well as being available in a format suitable for printing. All feedback or offers of help will be appreciated - and if you have specific changes you think should be made, please log in and make suggestions. Information Gathering Rendered Site Review Development Review Hosting and Platform Review Identify web services Identify co-hosted and related applications Identify all hostnames and ports Identify third-party hosted content Configuration Management Authentication
Documentation - Openscap From Openscap The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents. The following sections provide information about using oscap for both, normal users and developers. The user part covers explanation of the most common oscap operations and shows the relevant examples. The developer part provides information on tasks related to OpenSCAP development. An alternative to the oscap command line tool is SCAP Workbench - a GUI application with scanning and tailoring capabilities. This part of documentation explains usage of the most common oscap operations and presents examples based on industry standard data (SCAP content). $ man oscap Installation You can either build the OpenSCAP library and the oscap tool from source code (for details refer to Compilation), or you can use an existing build for your Linux distribution. # yum install openscap-utils Common Usage $ oscap -V Displaying Information About SCAP Content Scanning Check engines
sqlmap: automatic SQL injection and database takeover tool OpenVAS - OpenVAS - Open Vulnerability Assessment System Charles Web Debugging Proxy • HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Reverse Proxy Try Tenable Products Vulnerability scanning for auditors and security analysts. Nessus features high-speed asset discovery, patch and configuration auditing, asset profiling, sensitive data discovery, patch management integration, multi-scanner control, and vulnerability analysis. Try Now The industry’s only continuous vulnerability monitor that identifies server- and client-side vulnerabilities in new or transient assets. Try Now
Home - Arachni - Web Application Security Scanner Framework