.

Testing IPS/IDS tools

<<

tnoob

User avatar

Newbie
Newbie

Posts: 1

Joined: Wed Jun 12, 2013 2:43 pm

Post Wed Jun 12, 2013 2:55 pm

Testing IPS/IDS tools

Hello all,

I would like to test a IPS/IDS/WAF.
To do this I need some tools to generate some sql injection, XSS Attacks, Others Windows/Linux Exploits

For XSS , I use Xsser to generate about 90 xss attacks and I count the number of attacks that the WAF match. I can use also evasion with xsser to be sure it detects also theses attacks.

I need a tool to generate sql injection attacks , or another xss with more attacks ( like grabber?)

Can you tell me which tools can i use to do theses attacks automatization?

The goal is not to test a web application but to test the Purcentage of detection attacks with this ips/ids/waf.

Thanks for your feedback
Best Regards
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Mon Jun 17, 2013 8:39 am

Re: Testing IPS/IDS tools

I'm no expert on this - but for SQLi try "sqlmap".

That's the standard 'go-to' tool for SQLi injection, and I'd expect the WAF/IDS to pick up at some least some of the strings it sends over.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software