3

I am looking into a web application vulnerability scanner for my organization. I would like a sample web application that is loaded with vulnerabilities (similar to metasploitable on the application side) to test various solutions on. Does anyone know of any?

I would like to compare the thoroughness of commercial solutions such as Accunetix with some of the free scanners such as darkmysqli, wapiti, w3af and the others that come with backtrack as well as my own manual testing in order to come up with hard numbers as well as get a feel for the tools.

EDIT: Yes I know I can install Wordpress 1.x, osCommerce (lol), or an old version of Joomla

user974896
  • 317
  • 4
  • 9
  • These might help: http://sourceforge.net/projects/null-gameover/ and http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html – pnp Oct 13 '12 at 12:04
  • Also OWASP holds a complete list of deliberately vulnerable applications: https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project – Ioanna Mar 03 '17 at 13:25

3 Answers3

3

I believe you're looking for webgoat

MCW
  • 2,572
  • 1
  • 15
  • 26
  • Thanks. Have an upvote. I'm new to using tools for web app scanning. I've always wrote pretty thorough code and had several people audit it, server configurations, and manually find vulnerabilities. There are so many of them out there. There's standalone scanners such as what I mentioned above. Then there's pen testing packages such as Nessus and Metasploit which have their own webapp plugins. Then theres plugins for those pentesting applications to interface with the standalone scanners (i.e. Nessus + Accunetix).... So many options. Any recommendations? – user974896 Oct 12 '12 at 16:44
  • Anything that is simply PHP\MySQL? – user974896 Oct 12 '12 at 16:48
  • I left the pentesting world some years ago, so you should take my advice with a grain of salt, but I believe you want to follow Webgoat to OWASP - I seem to recall that they have some active projects in that field that are pretty focused on what you're asking for. (focused on web, rather than on system) I'm also fond of nessus, but that's because I know people who work there - I think much of the rest of the world has gone metasploit. – MCW Oct 12 '12 at 16:51
  • Thanks. I found one called Mutillidae. So Metasploit is an alternative to Nessus? I've seen Nessus plugins that integrate Nessus with Metasploit. – user974896 Oct 12 '12 at 17:06
  • You've surpassed my current knowledge - like I said, I've been out of the field for a couple of years. – MCW Oct 12 '12 at 17:14
0

NOWASP (Mutillidae) is also an interesting alternative.

Injeniero Barsa
  • 123
  • 4
  • Could you provide some characteristics of it that make it a good choice? Otherwise, if the link goes dead the answer is not as meaningful. – jonsca Dec 09 '12 at 21:35
-1

In my opinion Human is better than any scanner. They only find predefined web vulnerabilities. I recommend you to interfere scanning process, consider using firefox extentions like TamperData. Burp suite is a chepaer but semiautomatized tool.

For SQL injection test SQLMap is free and Havij a paid alternative.

nsumer
  • 157
  • 3