Darknet - The Darkside » spike http://www.darknet.org.uk Ethical Hacking, Penetration Testing & Computer Security Tue, 07 Feb 2012 18:34:17 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 SPIKE Proxy – Application Level Security Assessment http://www.darknet.org.uk/2007/01/spike-proxy-application-level-security-assessment/ http://www.darknet.org.uk/2007/01/spike-proxy-application-level-security-assessment/#comments Mon, 15 Jan 2007 04:57:20 +0000 Darknet http://www.darknet.org.uk/2007/01/spike-proxy-application-level-security-assessment/

SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include:

  • Automated SQL Injection Detection
  • Web Site Crawling (guaranteed not to crawl sites other than the one being tested)
  • Login form brute forcing
  • Automated overflow detection
  • Automated directory traversal detection

Not all web applications are built in the same ways, and hence, many must be analyzed individually. SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it’s completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on. SPIKE Proxy is available for Linux and Windows.

Note: that SPIKE Proxy requires a working install of Python and pyOpenSSL on Linux. This is included in the Windows distribution.

SPIKE is a fairly mature tool having been around since about 2003, we at Darknet use Spike Proxy along with the Burp Suite for web application security analysis.

You can download SPIKE here:

Download for Linux | Download for Windows

Limited information can be found here:

Immunity Free Software

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

]]> http://www.darknet.org.uk/2007/01/spike-proxy-application-level-security-assessment/feed/ 1 SpikeSource Spike PHP Security Audit Tool http://www.darknet.org.uk/2006/08/spikesource-spike-php-security-audit-tool/ http://www.darknet.org.uk/2006/08/spikesource-spike-php-security-audit-tool/#comments Tue, 01 Aug 2006 03:13:49 +0000 Darknet http://www.darknet.org.uk/2006/08/spikesource-spike-php-security-audit-tool/

Spike is an Open Source tool based on the popular RATS C based auditing tool implemented for PHP.

The tool Spike basically does static analysis of php code for security exploits, PHP5 and call-time pass-by-reference are currently required, but a PHP4 version is coming out this week.

This tool is especially welcomed by Darknet as there aren’t many static analysis tools out there that are free, and there are very few tools for auditing PHP code..which as we all known tends to be coded quite insecurely at times (just look at phpBB and PhpNUKE).

You can find the latest version here:

Spike PHP Audit Tool

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

]]> http://www.darknet.org.uk/2006/08/spikesource-spike-php-security-audit-tool/feed/ 3