tags:

views:

165

answers:

3
+2  Q: 

URL Scanning tool

I am looking for a tool to scan a given URL for security vulnerabilities. I've googled around a bit and found a few but most of them require something that's publicly facing and my DEV environment isn't publicly facing, or they have some expensive solution that's more than I need for now. I don't need anything super powerful as I'm just doing lightweight testing for now, and the QA folk will run their more sophisticated battery of tests later.

EDIT: Use case for clarification

  1. I hand the tool a URL to scan, ie: http://www.host.com/path/to/page.asp
  2. It run a series of test on that pages to see if there are any possible security vulnerabilities it exposes. Examples include but are not limited to SQL injection, cross side scripting, etc.
A: 

Are you talking about scanning the URI that someone has requested from your site?

If so, you can use the .htaccess file to simply redirect to a 404 page any URI that doesn't exist or isn't found in the database (depending on how you're building the site).

You can therefore force requests to come in a specific way and anything that doesn't will automatically get canned.

Evernoob
+3  A: 

Assuming that you wish to scan your web application, by providing the 'base' URL of the application to a penetration testing tool, you will find the OWASP Live CD project to be useful. Grendel-Scan available on the CD might prove to be most useful, since it appears to be the most mature among the penetration testing tools in the list. Nikito and the OWASP Wapiti project are the other penetration testing tools on the Live CD.

Additionally, the Watcher plug-in for Fiddler is also capable of detecting certain vulnerabilities in the application, although it requires that the individual pages in the application be visited with Fiddler as the proxy.

Vineet Reynolds
+1  A: 

There are 2 forms of tools you will find for this, one type of tool has a list of known problems (bug in IIS version 5.34 or whatever) and goes through the list trying each issue. Tools of this kind also try common filenames like robots.txt and web.config etc. Nikito is an example of this type.

There is also the type that will look at all the querystring/cookie/form parameters and tweak them to try and trigger faults. I believe this is what would serve you best and for this I recommended burp proxy. http://portswigger.net/proxy/ There is a free version and a pro version. Also in this set of tools are expensive things like IBMs appscan and Hps webinspect.

Collin
i tried burp. but unless I'm missing something, it requires you to edit the requests yourself. I need something to run an automated scan. my company just got AppScan, so I've been using that now.
dharga
Whoops you are correct, "Fully fledged web vulnerability scanner. [Pro version only]". For what its worth I think burp, despite being $200 or so is the best scanner out there. It has very few false positives and finds a lot more xss issues then other scanners. Appscan is not terrible though, although it is slow. I would recommend turning off a lot of the rulepacks for appscan to make it faster and be sure to check each security issue manually (which I imagine you would be doing anyway :)
Collin