|
 |
dimecres, 22 / agost / 2007 |
|
|
 Web Application Attack and Audit Framework una eina per a la realitzaciķ d'auditories de seguretat d'aplicacions web.
Audit
- SQL injection detection
- XSS detection
- SSI detection
- Local file include detection
- Remote file include detection
- Buffer Overflow detection
- Format String bugs detection
- OS Commanding detection
- Response Splitting detection
- LDAP Injection detection
- Basic Authentication bruteforce
- File upload inside webroot
- htaccess LIMIT misconfiguration
- SSL certificate validation
- XPATH injection detection
- unSSL (HTTPS documents can be fetched using HTTP)
Discovery
- Pykto, a nikto port to python
- Hmap, http fingerprinting.
- fingerGoogle, finds valid user accounts in google.
- googleSpider, a spider that uses google.
- webSpider, a classic web spider.
- robotsReader
- urlFuzzer
- serverHeader, fetches server header
- allowedMethods, gets a list of allowed HTTP methods.
- crossDomain, get and parse the flash file crossdomain.xml
- error404page, generate a regular expression to match 404 pages.
- sitemapReader, read googles sitemap.xml and parse it.
- spiderMan, using a localproxy and a human, find new URLs for auditing.
- webDiff, find differences between a local and a remote directory.
- wsdlFinder, find and parse WSDL and DISCO files.
|
  | 11:10 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2000-2007 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicčncia Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relaciķ amb les seves activitats professionals.
|
|
