Open Source Web Application Poll

Viewing 9 reply threads
  • Author
    Posts
    • #4462
      ethicalhack3r
      Participant

      Hello all,
      I am trying to gather some info on which is the most used/favorite open source web application scanner out there. Would be grateful if you could spare 2secs to answer 3-4 questions.

      http://spreadsheets.google.com/viewform?formkey=dFNpQmNfUWx4UEFicW0wQXlZTFQyV0E6MA

      Thank you!

    • #28042
      Michael J. Conway
      Participant

      I hope you relaese the results back here.  Good luck with the survey.

    • #28043
      ethicalhack3r
      Participant

      Thanks to everyone who submitted responses!  🙂

      Here are the results:
      http://www.ethicalhack3r.co.uk/2009/12/07/open-source-web-application-scanner-poll-results/

      Thanks again!

    • #28044
      Anonymous
      Participant

      surprised msf/wmap faired that well above other tools.

    • #28045
      Jhaddix
      Participant

      Also, i see no Grendel Scan, which is my fav now. Has its own tests plus incorporates the Nikto DB.

    • #28046
      Jhaddix
      Participant

      Also Paros provides functionality to scan for input validation, its should be considered as well. Burp is much better but not open source =(

    • #28047
      ethicalhack3r
      Participant

      @ChrisG – I was surprised too, judging from some of the ‘additional comments’ they were voting for the Metasploit Framework itself and not the web application modules which was what was intended.

      @Jhaddix – Grendel and Paros completely slipped my mind. I added an ‘other’ option which some people did vote for other applications which weren’t on the list.

      I think in future I am going to leave the poll run for longer and try to spread the word a little more to get more submissions.

    • #28048
      Ketchup
      Participant

      Jhaddix, just out of curiosity, why do you like Grendel Scan the best?    I thought that the best feature about Grendel is its ability to easily pass authentication to the app your are scanning.  W3AF is a complete pain when it comes to that.  I tend to use Grendel (actually from your recommendation a while back) when I need to scan content only available to authenticated users.

      I still fall back to w3af for most of everything else.  It seems to have more scans and interfaces with BEEF and others, which I like. 

    • #28049
      ethicalhack3r
      Participant

      To be honest I have never used Grendel, I have seen it installed in BackTrack but never had a play. I agree that w3af’s authentication settings do need improving, from the top of my head I think w3af uses a cookie jar file from an old version of Firefox?!

      Off to play with Grendel.  🙂

    • #28050
      Ketchup
      Participant

      Yep, cookiejar it is.  It’s clunky. 

Viewing 9 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?