En el post "Open Source Vulnerability Database (OSVDB)" se nombro a Sandcat, esta herramienta permite a los administradores realizar scan de servidores web para aislar e identificar las vulnerabilidades de seguridad.
Caracteristicas:
Caracteristicas:
- Provides over 260 web application security checks, covering over 38 types of web security attacks -- a target server can be local or remote
- Crawls web sites and detects cross-site scripting, directory transversal problems, attempts to execute commands and multiple other attacks
- Scans web servers for the SANS Top Twenty (S1), the OWASP Top 10 and the OWASP PHP Top 5 vulnerabilities
- Allows to scan for specific vulnerabilities, such as Fault Injection, SQL Injection and XSS (Cross-Site Scripting) vulnerabilities
- Allows to define a range or list of IP addresses to be scanned
- Allows to define multiple start URLs
- Allows to perform destructive and non-destructive scans
- Allows to edit the crawling depth: maximum number of links per server, maximum links per page, maximum URL length and maximum response size and more
- Allows to create user signatures for detecting application vulnerabilities
- Prevents logout
- Tests intrusion detection systems
- Exploits AJAX-based web applications
- Supports host authentication (basic and web form authentication)
- Supports OSVDB, NVD, CVE and CWE
- Stores and allows you to view the HTTP request and response for each successful test
- Automatically discovers and analyzes the server's configuration to determine which tests are needed
- Analyzes robots.txt file and javascript
- Ensures security against outdated server software
Version: 3.6 al 04.08.2008
License: Freeware
Download Size: 7.34 MB
Requires a Win32 platform (Windows 95, 98, ME, NT, 2000, 2003, XP or Vista).
Web de descarga: www.syhunt.com/?section=sandcat
No hay comentarios:
Publicar un comentario