EvilZone
Hacking and Security => Hacking and Security => : l0n3r January 29, 2014, 04:35:28 AM
-
hey guys,
I have been getting deep into webapp pentesting lately, also been using burp suite to do most of my work. But recently I have been looking alot at these automated scanners like nikto, acunetix, arachni, and w3af, and have been wondering if its even worth my time.
I feel like those automated scanners would send too much traffic in pentest, and not even be worth it . Part of me thinks i should just continue to use burp suite and do it "manually" (to an extent).
anyways just wondering if i could get some advice and if any of these are worth looking into.
thanks
-
I like acunetix but its defiantly not stealthy by any means
-
Try Wapiti
-
yeah ive used acunetix and really like it. but it literally sends enough traffic to bog down a server and leaves the biggest mess in logs. so ive ruled that one out lol
and I've never heard of Wapiti...gonna have to look into that one.
-
Vuln scanners are cool to some extent. (I never use them, but I assume they can come in handy in pentesting)
But I do think that where the scan ends the real pentest begins, you have to get real information that can harm the organization you are pentesting. Cause if you are just going to give them a boring report with the exploits and tell them to fix it, they might not even bother. On the other hand when you get in grab financial information, get trade secrets and own their shit. They are defenetily gonna fix it.. :P
-
I personally don't like accunetix,because the reasons posted above. You can give it a try to tools like
inguma (python)
uniscan (perl)
nikto (perl)
golismero (python)
and some other good ones.
If you install in windows perl,python,ruby you'll find better tools for windows os.
-
yeah ive used acunetix and really like it. but it literally sends enough traffic to bog down a server and leaves the biggest mess in logs. so ive ruled that one out lol
and I've never heard of Wapiti...gonna have to look into that one.
And how exactly would that be a problem in a pentest ?
Ẃebservers get scanned , abused and analraped everyday of the year.
Plus the fact that a pentest would suggest it is legal.