Skipfish – New Web Security Scanner By Google !
On Mar 19, on Friday morning, Michal Zalewski announced on Google Security Blog : "Meet skipfish, our automated web security scanner" and this had to be taken seriously.
Recently I've seen a lot of free "web malware scanners", some of them released by prestigious security vendors , *cough* Qualys *cough* and some of them released by unknown -to me at least – developers of WP-Secure Plugin for WordPress SiteSecurityMonitor.com .
Google developers took a different approach and they built an ol' school console application written in pure C which is lighting fast and thanks to it's asynchronous processing is able to inject hundreds of HTTP requests / second.
The source code is released under Apache license and it's available for download here.
I don't have a Linux box available right now to make it and test it myself but the documentation surely fires up your interest on the features implemented in skipfish: Server-side SQL injection, Integer overflow vulnerabilities, Stored and reflected XSS, MIME Manipulation, HTTP credentials in URLs, Unexpected response variations and many many others.
We owe a big thanks to the Google security team and I hope skipfish will be developed further.
Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Sunday, March 21st, 2010 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: SC Magazine 2010 Awards Winners »
Next Post: My Twitter Notes on 2010-05-02 »
Read More
Related Reading:- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!
- My Twitter Notes on 2010-07-18
May 26th, 2010 00:16
WebCruiser – Web Vulnerability Scanner
WebCruiser – Web Vulnerability Scanner, a compact but powerful web security scanning tool! It has a Crawler and a Vulnerability Scanner(SQL Injection, Cross Site Scripting, XPath Injection etc. ).
It can support scanning website as well as POC( Prooving of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, a XPath injection tool, and a Cross Site Scripting tool!
Function:
* Crawler(Site Directories And Files);
* Vulnerability Scanner(SQL Injection, Cross Site Scripting, XPath Injection etc.);
* POC(Proof of Concept): SQL Injection, Cross Site Scripting, XPath Injection etc.;
* GET/Post/Cookie Injection;
* SQL Server: PlainText/Union/Blind Injection;
* MySQL/DB2/Access: Union/Blind Injection;
* Oracle: Union/Blind/CrossSite Injection;
* Post Data Resend;
* Administration Entrance Search;
* Time Delay For Search Injection;
* Auto Get Cookie From Web Browser For Authentication;
* Report Output.
http://sec4app.com