.

Open Source Web Application Poll

<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Thu Dec 03, 2009 2:15 pm

Open Source Web Application Poll

Hello all,
I am trying to gather some info on which is the most used/favorite open source web application scanner out there. Would be grateful if you could spare 2secs to answer 3-4 questions.

http://spreadsheets.google.com/viewform?formkey=dFNpQmNfUWx4UEFicW0wQXlZTFQyV0E6MA

Thank you!
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Fri Dec 04, 2009 4:39 pm

Re: Open Source Web Application Poll

I hope you relaese the results back here.  Good luck with the survey.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Mon Dec 07, 2009 8:12 am

Re: Open Source Web Application Poll

Thanks to everyone who submitted responses!  :)

Here are the results:
http://www.ethicalhack3r.co.uk/2009/12/ ... l-results/

Thanks again!
<<

LSOChris

Post Mon Dec 07, 2009 9:33 am

Re: Open Source Web Application Poll

surprised msf/wmap faired that well above other tools.
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Mon Dec 07, 2009 1:52 pm

Re: Open Source Web Application Poll

Also, i see no Grendel Scan, which is my fav now. Has its own tests plus incorporates the Nikto DB.
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Mon Dec 07, 2009 1:58 pm

Re: Open Source Web Application Poll

Also Paros provides functionality to scan for input validation, its should be considered as well. Burp is much better but not open source =(
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Mon Dec 07, 2009 3:03 pm

Re: Open Source Web Application Poll

@ChrisG - I was surprised too, judging from some of the 'additional comments' they were voting for the Metasploit Framework itself and not the web application modules which was what was intended.

@Jhaddix - Grendel and Paros completely slipped my mind. I added an 'other' option which some people did vote for other applications which weren't on the list.

I think in future I am going to leave the poll run for longer and try to spread the word a little more to get more submissions.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Dec 07, 2009 5:15 pm

Re: Open Source Web Application Poll

Jhaddix, just out of curiosity, why do you like Grendel Scan the best?    I thought that the best feature about Grendel is its ability to easily pass authentication to the app your are scanning.  W3AF is a complete pain when it comes to that.  I tend to use Grendel (actually from your recommendation a while back) when I need to scan content only available to authenticated users.

I still fall back to w3af for most of everything else.  It seems to have more scans and interfaces with BEEF and others, which I like. 
~~~~~~~~~~~~~~
Ketchup
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Mon Dec 07, 2009 5:21 pm

Re: Open Source Web Application Poll

To be honest I have never used Grendel, I have seen it installed in BackTrack but never had a play. I agree that w3af's authentication settings do need improving, from the top of my head I think w3af uses a cookie jar file from an old version of Firefox?!

Off to play with Grendel.  :)
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Dec 08, 2009 6:42 am

Re: Open Source Web Application Poll

Yep, cookiejar it is.  It's clunky. 
~~~~~~~~~~~~~~
Ketchup

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software