Paros alternative

From: Paul Sebastian Ziegler (psz@observed.de)
Date: Wed Apr 11 2007 - 18:57:54 EDT

• Next message: Thomas W Shinder: "RE: publications concerning port forwarding"
• Previous message: Pretorius, Wynand (ZA - Johannesburg): "RE: Boot floppy"
• Next in thread: Jerome Athias: "Re: Paros alternative"
• Reply: Jerome Athias: "Re: Paros alternative"
• Reply: Serg B.: "Re: Paros alternative"
• Reply: Benny Tsai: "Re: Paros alternative"
• Maybe reply: krymson@gmail.com: "Re: Paros alternative"
• Reply: Frederic Charpentier: "Re: Paros alternative"
• Reply: killy: "Re: Paros alternative"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi all,

I stumbled across Paros quite a while ago.
It has been really nice to work with, providing an easy "click and run"
interface. However there are some limitations to it that are becoming
more and more obvious.

1) It has not been updated for half a year. (Ok, this is probably the
least significant problem.)

2) Java is great for platform independence and stuff - but its just
slow. You don't even have to scan across an intranet to find this out.
Even if you scan through a custom 2000/200 kbps line the limiting factor
will be your processor and not your bandwidth. (2Ghz Pentium M - results
may vary)

3) It lacks deep configurations. Of course you can set all your basic
stuff, but you have no access to the routines called afterwards unless
you hack up the source yourself. Now again this is normal for a click
and run tool.

4) The logs it creates are _huge_. 2GB and more are not seldom at all.
This sometimes raises startup and resume times to 30+ minutes.

5) some more. This is not a flame. I actually like Paros. Just wanted to
sketch what troubled my mind.

This is why I started searching for alternatives.
Now - as you might expect - asking google for "paros alternatives"
mostly turns up Greek villages. That's not really what I'm after.

I found a few good programs but they all lack some key features.
For example:

I) WebScarab
(http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
Really nice for packet-manipulation and manual fuzzing of webapps.
However it lacks standardized tests and automation.

II) Nikto (http://www.cirt.net/code/nikto.shtml)
Mostly pattern matching without strong generic tests for XSS, CRLF or
SQL-Injection

III) Burpsuite (http://portswigger.net/suite/)
Another really nice tool. Here you get all the options.
However automation is missing up until now.

So this is my question:
Does anybody (know|use|develop) a (tool|script|app) that carries out
partially or completely automated tests on webapplications, runs on
linux or bsd, is open source and copes with some of the points given above?

If so, please let me know.

Thanks in advance

Many Greetings
Paul

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGHWfyaHrXRd80sY8RCojjAJ0Qen53VyzyCATvWfqNYKYKT7lZ8QCfbIfd
GAACIut+KZRoAQ2vBZtGoz0=
=8zee
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Thomas W Shinder: "RE: publications concerning port forwarding"
• Previous message: Pretorius, Wynand (ZA - Johannesburg): "RE: Boot floppy"
• Next in thread: Jerome Athias: "Re: Paros alternative"
• Reply: Jerome Athias: "Re: Paros alternative"
• Reply: Serg B.: "Re: Paros alternative"
• Reply: Benny Tsai: "Re: Paros alternative"
• Maybe reply: krymson@gmail.com: "Re: Paros alternative"
• Reply: Frederic Charpentier: "Re: Paros alternative"
• Reply: killy: "Re: Paros alternative"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:43 EDT