Hi all,

I saw some topics about vulnerability scanning, like fuzzing etc but I couldnt find any good sites for these programs on this forum. So I was thinking about posting some good sites where you can download vulnerability scanners like fuzzers, bruteforce exploit detectors etc etc.

Definition of a fuzzer:
Fuzzers try to use an automated approach to finding new bugs in software. They tend to work by sending what they assume to be unexpected input for the target application. fuzzers do more than simply send 8000 letter "A"s to the authentication piece of a network protocol,but unfortunatly, not a lot more (or you should build your own one and expand it). They are actually ideal for quickly checking for common, easy-to-find mistakes after writing an App, but not much more than that. The most promising in-development public fuzzer is SPIKE.

I listed some vulnerability scanners here which are quit good ones.

SPIKE
You can use SPIKE and Ollydbg to find new Vulnerabilities
When you need to analyze a new network protocol for buffer overflows or similar weaknesses, the SPIKE is the tool of choice for professionals. While it requires a strong knowledge of C to use, it produces results second to none in the field. SPIKE is available for the Linux platform only.

SPIKE

You can download SPIKE here

Bruteforce Exploit Detector
This is a collection of scripts to automatically test
implementations of different protocols for buffer overflows
and / or format string vulnerabilities, by sending a lot of
long strings to a server.

You can download BED here

screamingCobra
screamingCobra is an application for remote vulnerability discovery in ANY UNKNOWN web applications such as CGIs and PHP pages. Simply put, it attempts to find vulnerabilities in all web applications on a host without knowing anything about the applications. Modern CGI scanners scan a host for CGIs with known vulnerabilities. screamingCobra is able to 'find' the actual vulnerabilities in ANY CGI, whether it has been discovered before or not.

You can download screamingCobra here

envFuzz
Environment variable fuzzer

You can download envFuzz here

Also check this site out: www.nologin.org

It has some very nice tools on it and some other vulnerability scanners

I hope I informed you guys good enough

Regards,
Psychotec

nice stuff thanks...

Screaming Cobra is the best !! ive been a loyal user of the same.
I dont know why its not recieved much accredition...

I had never heard of screeming cobra. I was trying to use it on a different port rather then 80 following the man page example

screamingCobra.pl -s hxxp://testmachine.com:445/tets/

And I keep getting:



Any one else having a similar issue?

thats odd, because you are using it in the right way

check usage:
usage: screamingCobra.pl [-e] [-i] [-s|-v] <http://host.name>[:port][/start/page]

I will experiment with this tool also, i will let you know if i know more...

GSecur..


My one got it right..here: