Mar 162015
 
Screenshot of psecio-parse scan

I used rips for many years to help with auditing source code.  Lets face it, anytime you can automate a mundane task such as source code auditing, you free up time for other things to be done…..plus if you have ever stared at source code for 14+ hours straight reading line by line by line ….. you know how well automation helps save your vision.

Anyways, today I found a new project at github and wanted to document how I set it up.  One thing to keep in mind is that this is a relatively new project, and with any new project of this size and scope … we can generally expect a few things …. lots of development changes and false positives.  Even with this being known, I still love the direction the project is already moving … so lets begin.

Continue reading »

Feb 262014
 

I generally do most everything from a shell. I also generally script things when I can. However, I wanted to see changes made to arachni web interface and it had been a while since I used it. I’m not sure if this is automated via the links included in kali linux or not, I just know that when I went to fire up arachni_web it failed and this is how I fixed it.
Continue reading »

Dec 042013
 

I often review various vulnerability scanners.  When I review them, I look at several different things:

  • were they able to find a vulnerability I previously missed?
  • are they accurate in their findings?
  • how quickly do they complete an audit compared to “insert some other vulnerability scanner here”?
  • sometimes I will also grab the tcpdumps of the audits for even further analysis
  • how accessible and easy are they to use by “skiddies”?
  • based on the tcpdumps + noise generated on the server logs, are the audit signatures of wapiti easy to detect?

Continue reading »