Pages: [1]

Author Topic: Web Application Vulnerablity Scanners:  (Read 1671 times)

0 Members and 1 Guest are viewing this topic.

Offline l0n3r

  • Serf
  • *
  • Posts: 23
  • Cookies: -16
    • View Profile
Web Application Vulnerablity Scanners:
« on: January 29, 2014, 04:35:28 am »
hey guys,

I have been getting deep into webapp pentesting lately, also been using burp suite to do most of my work. But recently I have been looking alot at these automated scanners like nikto, acunetix, arachni, and w3af, and have been wondering if its even worth my time.

I feel like those automated scanners would send too much traffic in pentest, and not even be worth it . Part of me thinks i should just continue to use burp suite and do it "manually" (to an extent).

anyways just wondering if i could get some advice and if any of these are worth looking into.

thanks
Report to moderator   Logged

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Web Application Vulnerablity Scanners:
« Reply #1 on: January 29, 2014, 06:51:13 am »
I like acunetix but its defiantly not stealthy by any means
Report to moderator   Logged
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Cr4t3r

  • NULL
  • Posts: 4
  • Cookies: -3
    • View Profile
Re: Web Application Vulnerablity Scanners:
« Reply #2 on: January 29, 2014, 12:17:44 pm »
Try Wapiti
Report to moderator   Logged

Offline l0n3r

  • Serf
  • *
  • Posts: 23
  • Cookies: -16
    • View Profile
Re: Web Application Vulnerablity Scanners:
« Reply #3 on: January 29, 2014, 05:43:32 pm »
yeah ive used acunetix and really like it. but it literally sends enough traffic to bog down a server and leaves the biggest mess in logs. so ive ruled that one out lol

and I've never heard of Wapiti...gonna have to look into that one.
Report to moderator   Logged

Offline hppd

  • Knight
  • **
  • Posts: 163
  • Cookies: 7
    • View Profile
Re: Web Application Vulnerablity Scanners:
« Reply #4 on: February 06, 2014, 08:47:59 pm »
Vuln scanners are cool to some extent. (I never use them, but I assume they can come in handy in pentesting)

But I do think that where the scan ends the real pentest begins, you have to get real information that can harm the organization you are pentesting. Cause if you are just going to give them a boring report with the exploits and tell them to fix it, they might not even bother. On the other hand when you get in grab financial information, get trade secrets and own their shit. They are defenetily gonna fix it.. :P
Report to moderator   Logged

Offline gh05t3d

  • /dev/null
  • *
  • Posts: 11
  • Cookies: -2
  • jabber: gh05t3d@jabb3r.org
    • View Profile
    • My website?
Re: Web Application Vulnerablity Scanners:
« Reply #5 on: March 30, 2014, 09:44:43 pm »

I personally don't like accunetix,because the reasons posted above. You can give it a try to tools like
 inguma (python)
 uniscan (perl)
 nikto (perl)
 golismero (python)
and some other good ones.
  If you install in windows perl,python,ruby you'll find better tools for windows os.

Report to moderator   Logged
Jabber: gh05t3d@jabb3r.org

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Web Application Vulnerablity Scanners:
« Reply #6 on: March 31, 2014, 02:49:50 pm »
Quote from: l0n3r on January 29, 2014, 05:43:32 pm
yeah ive used acunetix and really like it. but it literally sends enough traffic to bog down a server and leaves the biggest mess in logs. so ive ruled that one out lol

and I've never heard of Wapiti...gonna have to look into that one.
And how exactly would that be a problem in a pentest ?
Ẃebservers get scanned , abused and analraped everyday of the year.
Plus the fact that a pentest would suggest it is legal.
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage
Pages: [1]