Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

[BabelWeb] NEW web scanner/analyzer/forcer

From: Stephane Aubert <Stephane.Aubert () hsc-labs com>
Date: Mon, 13 Aug 2001 12:36:07 +0200

BabelWeb v1.0

Stephane Aubert <Stephane.Aubert () hsc-labs com>
kotao <kotao () kotao org>
HSC security research labs
Hervé Schauer Consultants

Download: http://www.hsc-labs.com/tools/babelweb/


babelweb is born from the from the lack of a powerful tools to achieve
penetration tests against e-commerce servers. Applications on web servers
usually are increasingly complex without being increasingly secured. It
becomes interesting to have a tool allowing to approach human in the test
the web applications.

babelweb is a program which allows to automate tests on a HTTP server. It is
able to follow the links and the HTTP redirect but it is programmed to
remain on the original server.

The main goal of babelweb is to obtain informations about a remote web
server and to sort these informations. It is thus possible to draw up
the list of the accessible pages, the cgi scripts met, the various files
found like .zip, .pdf...

A summary of these informations is proposed in a HTML file whose name can be
fixed with the option --out-HTML.


The tests/functionalities are:

  . try to identify the server
    (http fingerprint will be available in the next version)
  . test server for proxying
  . scan for links usually vulnerable, those links are read
    from the file common_vuln_cgi.txt
  . scan for vulnerable cgi babelweb can exploit
    (only well known vuln. for the public version)
  . web spider
  . analyze spider results
  . show the summary
  . handle cookies
  . follow http redirection


Three additional functionalities are available:

  . transform babelweb into a TCP port scanner by HTTP proxying
  . transform babelweb into a HTTP brute forcer
  . transform babelweb into a generic generator of requests


Babelweb can run in different modes:

  . aggressive mode (ie. run exploit when possible)
  . interactive mode (during exploits)
  . crash mode (not public)
  . anti-IDS mode (a la wisker)


Greetings:
  HSC security research labs and more notably:
  . Denis Ducamp for the documentation and the cleverness of his inputs
  . Frédéric Lavecot for his ideas and tests
  . Yann Berthier et Nicolas Jombart for read proofing and their passion


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: