[Owasp-delhi] Tools for Web Server V A

Gautam Kapoor kapoorgautam at gmail.com
Thu Feb 18 09:56:29 EST 2010


a good starting point would be

http://cirt.net/nikto2
windows based vrsion
http://www.sensepost.com/research/wikto/

for IIS checklist you can start here.

http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=98

Regards
Gautam

On 18 February 2010 17:39, suresh tiwary <sureshtiwary at rediffmail.com>wrote:

> Dear OWASP Delhi,
>
> Thank you all for the good information. but i am still confused whether
> "NESSUS" is a web server vulnerability assessment tool or a Network
> Assessment tool.
>
> Please suggest.
>
> The situation is: I have to perform the V.A of IIS using a tool. So how do
> I start, Use NESSES and proceed or use any commercial tool. If commercial
> tool, then which is the widely accepted commercial tool. A organization cant
> have multiple commerical tool, so suggest A few commercial tools that can
> perform web server V.A.
>
> Also any checklist for IIS V.A ?
>
> Thanks & regards,
> Suresh
>
> Note: Forwarded message attached
>
> -- Original Message --
>
> From: "Vinodh Kiran S" vinodh.kiran at teaqtech.com
> To: sureshtiwary at rediffmail.com
> Cc: neelu.tripathy at tcs.com, ra.shrivastava08 at gmail.com
> Subject: FW: [Owasp-delhi] Tools for Web Server V A
>
> <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/[email protected]?>
>
> ---------- Forwarded message ----------
> From: "Vinodh Kiran S" <vinodh.kiran at teaqtech.com>
> To: <sureshtiwary at rediffmail.com>
> Date:
> Subject: FW: [Owasp-delhi] Tools for Web Server V A
>
> Dear Suresh,
>
>
>
> In continuation of the below recommendations from Rahul and Neelu, I just
> wanted to let you know that we represent Core Security (Providers of Core
> Impact), here in India.  The attached datasheet will give you a quick
> overview. I would like to know your thoughts on this. Please do contact me
> for any further assistance.
>
>
>
> Good Day!
>
>
>
> Regards,
>
>
>
> Vinodh Kiran S |Sr. Manager – ECM | Cell: +91 (0) 9900247424
>
>
>
> *[image: cid:image001.png at 01C9A3D8.C1AE5160]***
>
> *[image: Teaq]***
>
> * *
>
> *Teaq Technologies Pvt. Ltd.*
>
> #320, 6c Cross, OMBR Layout | Bangalore 560 043, INDIA |Telefax: +91 (80)
> 4161 2610
>
>
>
>
>
>
>
> *From:* owasp-delhi-bounces at lists.owasp.org [mailto:
> owasp-delhi-bounces at lists.owasp.org] *On Behalf Of *Neelu Tripathy
> *Sent:* Wednesday, February 17, 2010 4:11 PM
> *To:* suresh tiwary
> *Cc:* owasp-delhi at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org
> *Subject:* Re: [Owasp-delhi] Tools for Web Server V A
>
>
>
>
> Hi Suresh,
>
>      Apart from what Rahul suggested, you can also for GFI Languard or Core
> Impact (both proprietary). For a better hands-on and/or manual assessment,
> try using Metasploit (Opensource), though that might be more on the PT side.
>
>
> Regards,
> Neelu Tripathy
> Security Analyst,  TEG
> Tata Consultancy Services
> Mailto: neelu.tripathy at tcs.com
>
>   From:
>
> "suresh tiwary" <sureshtiwary at rediffmail.com>
>
> To:
>
> <owasp-delhi at lists.owasp.org>
>
> Date:
>
> 02/17/2010 11:46 AM
>
> Subject:
>
> [Owasp-delhi] Tools for Web Server V A
>
> Sent by:
>
> owasp-delhi-bounces at lists.owasp.org
>
>
>  ------------------------------
>
>
>
>
> Issue: Tools for web server V A for IIS, Apache etc ?
>
> Dear OWASP Delhi,
>
> Can anyone provide complete and comprehensive information, sites of web
> server vulnerability assessment by manual method and by automated tools.
>
> 1. What are the free tools / open source tools actually and
> practically used for web serv V A ?
>
> 2. What are the commercial tools used for automated web server V A ?
>
> 3. How a manual web server v a is conducted ? Any checklist and the
> practical process.
>
> 4. People can share their web server v a experience.
>
> Thanks & regards,
> Suresh
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
> =====-----=====-----=====
>
> Notice: The information contained in this e-mail
>
> message and/or attachments to it may contain
>
> confidential or privileged information. If you are
>
> not the intended recipient, any dissemination, use,
>
> review, distribution, printing or copying of the
>
> information contained in this e-mail message
>
> and/or attachments to it are strictly prohibited. If
>
> you have received this communication in error,
>
> please notify us by reply e-mail or telephone and
>
> immediately and permanently delete the message
>
> and any attachments. Thank you
>
>
>
>
>
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100218/b55182ff/attachment.html 


More information about the Owasp-delhi mailing list