Penetration Testing mailing list archives

Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept

From: Alex Butcher <alex () S3 INTEGRALIS CO UK>
Date: Fri, 15 Dec 2000 10:07:05 +0000

Philip Stoev wrote:


Hello,

I am not certain if this is the proper list to post to, however I would like
to bring about to your attention an idea of mine (no code yet). Any
feedback, including yells like "We already did something like that!" are
highly appreciated.


"Someone already did something like that!" :)

Achilles, from Digizen-Security
<http://www.digizen-security.com/downloads.html> does most of what you
describe. It doesn't attempt to find vulnerabilities automatically
though. AppScan from Sanctum Inc. <http://www.sanctuminc.com/> does
purport to find vulnerabilities automatically, but I haven't seen it in
Real Life yet.

But hey, don't let me put you off; I found Achilles a little flakey,
plus it only runs on Win32, which I find to be a source of pain. An Open
Source UNIX-workalike-but-better would truly rock. :)

http://www.stoev.org/proxy/preliminary-concept.html

Philip Stoev


Best Regards,
Alex.
--
Alex Butcher                                      PGP/GnuPG Key IDs:
Consultant, S3 Systems Security Services          alex@s3       B7709088
PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp  alex.butcher@ 885BA6CE

Attachment: alex.vcf
Description: Card for Alex Butcher

Current thread:

[PEN-TEST] Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 15)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Glenn Williamson (Dec 15)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Alex Butcher (Dec 16)
  - Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 16)
- <Possible follow-ups>
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept vort-fu (Dec 15)