We don’t allow questions seeking recommendations for software libraries, tutorials, tools, books, or other off-site resources. You can edit the question so it can be answered with facts and citations.
Closed 9 years ago.
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
接受
或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
发布评论
评论(3)
有一些用于自动发现漏洞的免费工具。
Skipfish - 开源自动化 Web 应用程序扫描仪
http://code.google.com/p/skipfish/
积极开发和维护
GrendelScan - 开源自动化 Web 应用程序扫描仪
http://grendel-scan.com/
Netsparker 社区版
http://www.mavitunasecurity.com/communityedition/
免费的有限版本
Netsparker RatProxy
执行漏洞发现的非拦截代理
http://code.google.com/p/ratproxy/
以下是一些可以获取的内容你开始了。
最好的方法是执行手动测试并使用自动化测试来覆盖“容易实现的目标”场景。
There are a few free tools for automated vulnerability discovery.
Skipfish - open source automated web application scanner
http://code.google.com/p/skipfish/
Actively developed and maintained
GrendelScan - open source automated web application scanner
http://grendel-scan.com/
Netsparker Community Edition
http://www.mavitunasecurity.com/communityedition/
Free, limited version of Netsparker
RatProxy
Non-intercepting proxy that performs vuln discovery
http://code.google.com/p/ratproxy/
Here are a few to get you started.
The best approach is to perform manual testing and use automated testing to cover 'low-hanging fruit' scenarios.
尝试一下 Skipfish。在 Windows 上安装它需要一些额外的努力(你必须使用 Cygwin),但它是一个相当可靠的工具。
Give Skipfish a try. It takes a little bit extra effort to install it on windows (you have to use Cygwin), but it's a pretty solid tool.
CAT.NET 是有帮助,但仅当作为大型应用程序的命令行运行时。使用 Visual Studio 插件,我也无法让它在更大的项目上运行。
CAT.NET is helpful, but only when run as a command line for large applications. Using the Visual Studio plugin, I can't get it to run on larger projects either.