lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: booger at unixclan.net (security snot)
Subject: RE: Vuln scan tool for web

Ron,

I keep reading over your post, but I fail to see you say anything.

php "coding", as you say, is something that should be left only to the
security experts on these lists - to this I agree.  I suggest you move
back to exploiting zenomorph styled SSI bugs in web statistic packages,
and leave the complex arena of XSS/php bugs to those of us with a clue.

Thanks.

-----------------------------------------------------------
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
-----------------------------------------------------------

On Tue, 15 Jul 2003, R. DuFresne wrote:

>
> Of course, php coding is not for the weak at heart, and should be done
> carefully, with strong/strict filtering of in and output to help limit sec
> related code issues.  PHP seems to be the language of choice for xss these
> days.
>
> Thanks,
>
> Ron DuFresne
>
> On Tue, 15 Jul 2003 lockdown@...geekzone.com wrote:
>
> > I think you're looking for a combination of these two PHP pages.  They use Nmap to scan.
> >
> > http://www.davidquintana.com/projects/nmapwebfe/nmapwebfe.html
> >
> > The second site is now down so e-mail me directly for the code.  The code is for scanning yourself but with only the basic flags.  It's also complete.
> >
> > I can't get them to work on servers with the latest version of PHP, and don't know why, so if you get them working could you please let me know.  The problem is with the exec() statement.
> >
> > Ben
> >
> > -----Original Message-----
> > From: Domingos Costa [mailto:domingos@...rolink.com.br]
> > Sent: Tuesday, July 15, 2003 12:00 PM
> > To: pen-test@...urityfocus.com
> > Subject: Vuln scan tool for web
> >
> > Hello,
> >
> > I'm looking for a web tool that allow a user connected to my lan scan his own computer for
> > vulnerabilities. It's something similar to ShieldsUP! at grc.com, but i wanna put it inside my lan,
> > at a web server and the user can just click on to start probbing his ports. Do you know some tool??
> > I'm working with linux slackware.
> >
> > Thanks.
> >
> >
> >
> > ---------------------------------------------------------------------------
> > Your network Firewall and IDS products do not prevent Web application
> > exploits - the most common form of online attack - resulting in Web
> > defacement, data theft, sabotage and fraud.
> >
> > KaVaDo is the first and only company that provides a complete and an
> > integrated suite of Web application security products, allowing you to
> > assess your entire environment, automatically set positive security
> > policies and maintain??it without compromising business performance.
> >
> > For more information on KaVaDo and to download a FREE white paper on Web
> > applications - security policy automation, please visit:
> > http://www.kavado.com/ad.htm
> > ----------------------------------------------------------------------------
> >
> > ---------------------------------------------------------------------------
> > Your network Firewall and IDS products do not prevent Web application
> > exploits - the most common form of online attack - resulting in Web
> > defacement, data theft, sabotage and fraud.
> >
> > KaVaDo is the first and only company that provides a complete and an
> > integrated suite of Web application security products, allowing you to
> > assess your entire environment, automatically set positive security
> > policies and maintain??it without compromising business performance.
> >
> > For more information on KaVaDo and to download a FREE white paper on Web
> > applications - security policy automation, please visit:
> > http://www.kavado.com/ad.htm
> > ----------------------------------------------------------------------------
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         admin & senior security consultant:  sysinfo.com
>                         http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
>                 -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
>
> ---------------------------------------------------------------------------
> Your network Firewall and IDS products do not prevent Web application
> exploits - the most common form of online attack - resulting in Web
> defacement, data theft, sabotage and fraud.
>
> KaVaDo is the first and only company that provides a complete and an
> integrated suite of Web application security products, allowing you to
> assess your entire environment, automatically set positive security
> policies and maintain??it without compromising business performance.
>
> For more information on KaVaDo and to download a FREE white paper on Web
> applications - security policy automation, please visit:
> http://www.kavado.com/ad.htm
> ----------------------------------------------------------------------------
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ