[Snort-users] Snort IIS Signature Tester for Windowz

Hicks, John JHicks at ...5857...
Thu Jul 11 10:11:14 EDT 2002


Cool idea, though i'm not sure why ... both Whisker and Nikto (based on lib
whisker) are very well supported and include a wealth of attack strings for
almost every O/S, and are mostly regarded as the defacto standard for web
server testing.

whisker: http://www.wiretrip.net/rfp/p/doc.asp/i7/d21.htm
nikto: http://www.cirt.net/code/nikto.shtml

As for the problem with some signatures ... have you tried using netcat to
connect to the server insteaad of wget?


just some thoughts,

John

-----Original Message-----
From: Scot Scot [mailto:scotw at ...125...]
Sent: Thursday, July 11, 2002 12:40 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort IIS Signature Tester for Windowz


Alrighty folks, a little testing tool that runs on the windows platform to
share here. Its just something I threw together real quick.

You will need to re-name httpattack to httpattack.bat. Also you will need
wget.exe (ported to Windows). You can get it from:
http://unxutils.sourceforge.net/

*nix~ers, you should be able to run this bad-boy as well; direct from your
shell of choice.

CAUTION!! This tool will trigger alerts in Snort and several other IDS's. Do
NOT use without
authorization.

Read the ReadMe.txt for a description and instructions.

Any feedback or ideas for improvements are welcome.

Thank~Ya,

Scot Wiedenfeld

"It's All About The Pentium"     -Weird Al






More information about the Snort-users mailing list