SCRT Webshag--Python写的web服务器审计工具

    [晴 October 15, 2008 08:56 | by !4p47hy ]
SCRT Webshag
IntroductionWebshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.



Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).

It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames (in addition to common list-based fuzzing).

Webshag URL scanner and file fuzzer are aimed at reducing the number of false positives and thus producing cleaner result sets. For this purpose, webshag implements a web page fingerprinting mechanism resistant to content changes. This fingerprinting mechanism is then used in a false positive removal algorithm specially aimed at dealing with "soft 404" server responses. Webshag provides a full featured and intuitive graphical user interface as well as a text-based command line interface and is available for Linux and Windows platforms, under GPL license.

Requirements
To be fully functional, webshag requires the following elements:

- Python 2.5 or ActivePython 2.5
- wxPython GUI toolkit
- Nmap port scanner (for port scanning module only)
- A valid Live Search AppID (for domain information module only)

Note that Windows installer does not require Python or wxPython.
Downloads
version 1.00
Linux (tarball)

ws100_linux.tar.gz
Windows (installer)

ws100_win.exe
Source only (no database)

ws100_src.tar.gz
User Manual (EN)

ws100_manual.pdf
FeedbackPlease report bugs and comments to
//www.scrt.ch/imagesite/mail_webshag.jpg

CreditsWebshag is distributed with Nikto vulnerability database.
Windows installer built using py2exe and Inno Setup.
Tools | Comments(2) | Trackbacks(0) | Reads(29395)
nike
June 2, 2015 10:10
[emot]zan[/emot][emot]zan[/emot][emot]zan[/emot][emot]zan[/emot]
無名部落格 Email Homepage
October 15, 2008 17:13
全英文,看不太懂。
Pages: 1/1 First page 1 Final page
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive
 
  • 夺取新时代中国特色社会主义伟大胜利 2019-06-23
  • 个税法迎第七次大修 起征点调至每年6万元 2019-06-23
  • 【专栏】中国城市学年会·2017 2019-06-23
  • 鸡肋变抢手货 短债基金发行提速 2019-06-20
  • 端午假期广州铁路运客640.5万人次 创历史新高 2019-06-16
  • 福特翼虎购车指南 降价后推荐豪翼型 2019-06-11
  • 【学习时刻】人民大学张杰:谋划和推进改革既要“脚踏实地”也要“仰望天空” 2019-06-11
  • 爱心暑托班为何要面试? 所有报名者需面试筛选 2019-06-09
  • 网络智库:人才争夺战 山西输不起 2019-06-04
  • 丰田致炫优惠1.0万元 到店有礼优惠不断 2019-06-03
  • 看了看某同事放长线的账户,居然赔掉了三分之二的本金[可怜] 2019-06-02
  • 由进口至出口再至走向世界,这一路着实不易,其中少不了无数位科研人员的奉献与牺牲。 2019-06-02
  • 5次足球先生,4次欧冠冠军,如今世界欠他一座大力神杯! 2019-06-01
  • 【理上网来·辉煌十九大】认识把握习近平新时代中国特色社会主义思想的内在逻辑结构 2019-05-28
  • 十九大精神进机关:原原本本吃透精神 学懂弄通昂扬斗志 2019-05-28
  • 最新码报资料大全 捕鱼船员生活记录 pk10倍投表 山西11选5开奖5结果 彩客网触屏版 极速十一选五赔率 四川快乐12任5推荐高手 排列三走势图500期带连线 广西十一选五开奖结果走势图百度乐彩 牌九大小 3d组选284出现前后关系 黑白小姐演唱会 手机话费买彩票 足彩胜负彩任选场预测 35选7开奖号