Hi guys,
This is just to let you know that there's a new version of Arachni.
It's mainly a bugfixing release without many shiny new things which
means that it probably is the most stable version to date.
Arachni is a high-performance (Open Source) Web Application Security
Scanner Framework written in Ruby.
Details at: http://arachni.segfault.gr/latest
ChangeLog: http://arachni.segfault.gr/latest#v0.2.2.2
Homepage: http://arachni.segfault.gr
Github page: http://github.com/zapotek/arachni
Documentation: http://github.com/Zapotek/arachni/wiki
Google Group: http://groups.google.com/group/arachni
Author: Tasos "Zapotek" Laskos
Twitter: http://twitter.com/Zap0tek
Copyright: 2010-2011
License: GNU General Public License v2
All available installation options and usage instructions can be found
in the homepage and the GitHub page.
I hope that you find it useful.
If you run into any problems or want to make a suggestion or feature
request the following pages will allow you to do so:
https://github.com/Zapotek/arachni/issues
http://groups.google.com/group/arachni
Cheers,
Tasos Laskos.
Hi guys,
Sorry
I look for a method of scan vulnerability 3rd party application (Adobe,
Flash, Java ..) I used OpenVAS but I don't find the plugin, do you know any
free method with openVAs or other soft?
Best regards,
dhia eddine
-----Message d'origine-----
De : listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] De
la part de Tasos Laskos
Envoyé : mercredi 23 mars 2011 03:19
À : arachni@googlegroups.com
Cc : websecurity@webappsec.org; pen-test@securityfocus.com;
webappsec@securityfocus.com
Objet : Arachni v0.2.2.2 has been released (Open Source Web Application
Security Scanner Framework)
Hi guys,
This is just to let you know that there's a new version of Arachni.
It's mainly a bugfixing release without many shiny new things which means
that it probably is the most stable version to date.
Arachni is a high-performance (Open Source) Web Application Security Scanner
Framework written in Ruby.
Details at: http://arachni.segfault.gr/latest
ChangeLog: http://arachni.segfault.gr/latest#v0.2.2.2
Homepage: http://arachni.segfault.gr
Github page: http://github.com/zapotek/arachni
Documentation: http://github.com/Zapotek/arachni/wiki
Google Group: http://groups.google.com/group/arachni
Author: Tasos "Zapotek" Laskos
Twitter: http://twitter.com/Zap0tek
Copyright: 2010-2011
License: GNU General Public License v2
All available installation options and usage instructions can be found in
the homepage and the GitHub page.
I hope that you find it useful.
If you run into any problems or want to make a suggestion or feature request
the following pages will allow you to do so:
https://github.com/Zapotek/arachni/issues
http://groups.google.com/group/arachni
Cheers,
Tasos Laskos.
I have downloaded the OWASP Joomla scanner and seems to be fine. However It reports some SQL injection vulnerabilities that when I try to run the URL provided by the scanner get caught by Joomla as a 404 error so I'm not sure how polished this scanner is and how the vulnerability is determined.
Apparently the previous admin setup some security modules in Joomla.
Does anyone know any other Joomla scanner?
Regards,
Miguel
Hi Miguel,
I wrote one for fun (in Python) but it is far from finished, and it was merely just a part of a PoC but feel free to check it out and adapt it to your needs.
You can find it in the blog section over at www.Exploit-DB.com (completely free and open source), and it is possible to extend but I suggest you work a bit on the code as it may not live up to your expectations without some modifications.
Best regards,
MaXe
Founder of InterN0T
Blogger on Exploit-DB (about Web App Sec)
----- Original meddelelse -----
I have downloaded the OWASP Joomla scanner and seems to be fine. However
It reports some SQL injection vulnerabilities that when I try to run the
URL provided by the scanner get caught by Joomla as a 404 error so I'm
not sure how polished this scanner is and how the vulnerability is
determined.
Apparently the previous admin setup some security modules in Joomla.
Does anyone know any other Joomla scanner?
Regards,
Miguel
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Miguel,
I'd suggest you post any questions you have to the project's mail list:
https://lists.owasp.org/mailman/listinfo/owasp-joomla-vulnerability-scanner
Every OWASP project gets a mail list to handle these kind of inquiries.
If the mail list fails, you can try contacting the author directly:
http://www.owasp.org/index.php/User:D0ubl3_h3lix
For the benefit of this list, any OWASP project should have a
"Project Information" tab on the main page for that project. It will have
general information like project lead, license, mail list link, etc.
Hope that helps.
--
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
On Wed, Mar 23, 2011 at 9:40 AM, Miguel Gonzalez <miguel_3_gonzalez@yahoo.es
wrote:
I have downloaded the OWASP Joomla scanner and seems to be fine. However It
reports some SQL injection vulnerabilities that when I try to run the URL
provided by the scanner get caught by Joomla as a 404 error so I'm not sure
how polished this scanner is and how the vulnerability is determined.
Apparently the previous admin setup some security modules in Joomla.
Does anyone know any other Joomla scanner?
Regards,
Miguel
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org