HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 43 guests and 2 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow Open Source Web Application Poll
EH-Net
May 19, 2013, 02:13:46 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Open Source Web Application Poll  (Read 9080 times)
0 Members and 1 Guest are viewing this topic.
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« on: December 03, 2009, 01:15:59 PM »
Hello all,
I am trying to gather some info on which is the most used/favorite open source web application scanner out there. Would be grateful if you could spare 2secs to answer 3-4 questions.

http://spreadsheets.google.com/viewform?formkey=dFNpQmNfUWx4UEFicW0wQXlZTFQyV0E6MA

Thank you!
Logged
sgt_mjc
Sr. Member
****
Offline Offline

Posts: 294


View Profile
« Reply #1 on: December 04, 2009, 03:39:10 PM »
I hope you relaese the results back here.  Good luck with the survey.
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« Reply #2 on: December 07, 2009, 07:12:42 AM »
Thanks to everyone who submitted responses!  Smiley

Here are the results:
http://www.ethicalhack3r.co.uk/2009/12/07/open-source-web-application-scanner-poll-results/

Thanks again!
Logged
LSOChris
Guest
« Reply #3 on: December 07, 2009, 08:33:12 AM »
surprised msf/wmap faired that well above other tools.
Logged
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #4 on: December 07, 2009, 12:52:24 PM »
Also, i see no Grendel Scan, which is my fav now. Has its own tests plus incorporates the Nikto DB.
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #5 on: December 07, 2009, 12:58:58 PM »
Also Paros provides functionality to scan for input validation, its should be considered as well. Burp is much better but not open source =(
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« Reply #6 on: December 07, 2009, 02:03:16 PM »
@ChrisG - I was surprised too, judging from some of the 'additional comments' they were voting for the Metasploit Framework itself and not the web application modules which was what was intended.

@Jhaddix - Grendel and Paros completely slipped my mind. I added an 'other' option which some people did vote for other applications which weren't on the list.

I think in future I am going to leave the poll run for longer and try to spread the word a little more to get more submissions.
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #7 on: December 07, 2009, 04:15:04 PM »
Jhaddix, just out of curiosity, why do you like Grendel Scan the best?    I thought that the best feature about Grendel is its ability to easily pass authentication to the app your are scanning.  W3AF is a complete pain when it comes to that.   I tend to use Grendel (actually from your recommendation a while back) when I need to scan content only available to authenticated users.

I still fall back to w3af for most of everything else.  It seems to have more scans and interfaces with BEEF and others, which I like. 

Logged
~~~~~~~~~~~~~~
Ketchup
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« Reply #8 on: December 07, 2009, 04:21:51 PM »
To be honest I have never used Grendel, I have seen it installed in BackTrack but never had a play. I agree that w3af's authentication settings do need improving, from the top of my head I think w3af uses a cookie jar file from an old version of Firefox?!

Off to play with Grendel.  Smiley
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #9 on: December 08, 2009, 05:42:50 AM »
Yep, cookiejar it is.  It's clunky. 
Logged
~~~~~~~~~~~~~~
Ketchup
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.097 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.