It’s been almost 2 years since the last update on Nikto, which was version 2.
For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over [...]

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature enhancements [...]

The Web Security Gateway is a security-centric distribution of the Apache web server, bundled with additional security modules, and configured as a front-end (reverse) HTTP proxy. The goal is to mirror most of the features of commercial web application “firewalls”, with free and Open-Source software.
The Web Security Gateway provides a configurable caching, authentication, input validation, [...]

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that [...]

To follow on from Whitetrash which I posted about previously, here is another tool to secure your web site or web application. Essentially it’s a very comprehensive set of rules for mod_security.
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server [...]

Another one that has been a long time coming, but finally here it is! Nikto 2.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items [...]

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes.
The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.
This is a pretty nifty [...]

This Phenoelit tool called ObiWaN is written to carry out brute force security testing on Webservers.
The idea behind this is webservers with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. In fact this is the point to start from. Every user with a [...]