lunes, noviembre 15, 2010

Web Application Security Scanner List (I)

La entrada siguiente viene dada por un tweet que leí el otro día de @aramosf y viene listar una serie de herramientas que podremos utilizar para escanear nuestros sitios web en busca de vulnerabilidades.(http://projects.webappsec.org/w/page/13246988/Web-Application-Security-Scanner-List

De dicho listado solo voy a centrarme en las aplicaciones gratuitas o de código abierto, ¿por que?… pues porque son las únicas que podremos testear más o menos “a gusto”.

Para empezar vamos a poner los enlaces a las mismas así como la intro que pone cada uno en su página web, otro día pondremos el uso y disfrute de cada una.

Free / Open Source Tools

  • Grabber by Romain Gaucher
    • Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.
  • Grendel-Scan by David Byrne and Eric Duprey
    • Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.
  • Paros by Chinotec
    • "Paros" is a software for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
  • Powerfuzzer by Marcin Kozlowski
    • Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working.
  • SecurityQA Toolbar by iSEC Partners (versión Trial, hay que registrarse para descargarla)
    • The SecurityQA Toolbar is a testing product for web application security. During the QA phase of the SDLC, quality assurance groups can use the toolbar to perform security/regression testing. The toolbar allows both security and non-security professionals to test web applications. The product has been intuitively designed as a toolbar, allowing users to test each page of an application, similar to functional testing procedures used for large enterprise applications. The toolbar can execute several application security tests per page or per application, each resulting in an HTML report with identified security issues and mitigation strategies
  • Skipfish by Michal Zalewski
    • Skipfish: A fully automated, active web application security reconnaissance tool
  • W3AF by Andres Riancho
    • w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
  • Wapiti by Nicolas Surribas
    • Wapiti allows you to audit the security of your web applications.
      It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
  • Watcher by Casaba Security
    • Watcher: Web security testing tool and passive vulnerability scanner
  • Websecurify by GNUCITIZEN
    • Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.