Partly because its relative to an upcoming work project and partly because it’s just plain fun, I’m playing around with new vulnerability scanning tools this morning.
My focus at the moment is expanding my knowledge of web application scanners. I’m pretty well-versed with WebInspect but naturally I’m interested in open source tools, for cost and skill-building reasons.
For starters I needed a web platform to scan. Many moons ago, @NickITSec mentioned Damn Vulnerable Linux (DVL) to me. I’ve tried using it before and failed1 but at the time the DVL website was in transition, throwing 404’s and 500’s left and right, including the links to the documentation. I tried again last week and hit mostly the same brick wall. My best guess is that they’ve gone “closed source” with the documentation in their attempts to make official training courses and certifications.
That’s about the time I decided any easily available web server platform (preferably with pre-installed apps or other juicy targets) would suffice. I knew I wanted a virtual machine, for all the obvious reasons, and a quick search led me to an awesome LAMP2 Virtual Appliance. 15 minutes later I was successfully running credentialed and uncredentialed scans against the local apps. The ease of installation, excellent documentation, and the sheer happiness in probing my own network prompted this whole blog post (which has taken about 45 minutes of my time- d’oh!).
If anyone’s keeping track, this morning’s tools are:
- Websecurify | Verdict: Awesome so far
- DB Audit | Verdict: Haven’t tried it yet, and it’s a “free trial,” not open source
- Angry IP Scanner | Verdict: Seems to be perfect; lightweight, and it does just exactly what it purports to do, quickly
1 Apparently my ego can’t handle not including a footnote when mentioning failure- LOL. I installed it just fine, and was able to use the OS itself, but couldn’t figure out how to perform testing against it from another box on my LAN.
2 Linux, Apache, MySQL, Perl/PHP/Python