OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dave Aitel (dave_at_immunitysec.com)
Date: Thu Sep 26 2002 - 12:35:49 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Immunity, Inc. is proud to announce the release of SPIKE Proxy version
    1.3. SPIKE Proxy is an award winning web application auditing tool that
    can perform the following important checks for a web developer:
    o SQL Injection
    o Directory scanning
    o File Scanning
    o Crawling
    o Overflows and format strings

    In addition, SPIKE Proxy provides the application auditor or developer a
    powerful form rewriting utility for manual analysis, and a complete data
    store of all web analysis activity.

    SPIKE Proxy is an Open Source (GPL) contribution to the community.

    Download now from http://www.immunitysec.com/spike.html

    Dave Aitel
    Media and Public Relations
    Immunity, Inc.

    Changelog below is also available from
    http://www.immunitysec.com/SPIKEPROXYCHANGELOG.txt
    1.3
    Sep 26, 2002
    Crawling
       o added form parser
       o added rawparser for when SGML parser fails
       o caught SGML parser failing exception nicely
       o removed If- headers when crawling
       o revitalized core logic to work better against various test pages
       o don't forget that crawling MUST start from a page - so to initiate
         it go to a page and then you'll see the crawl option
    Core engine
       o handles chunked responses much better
       o handles all responses better in general - many fixes to spkproxy.py
         If a page doesn't work now, I'd like to know about it
       o Fixed servers that close sockets even if I have keep-alive on
       o added deletion of headers to header API
    UI
       o Added stop-all-actions and start-actions to enable a user to stop a
    runaway argscan or dirscan or overflow or crawl
         To use this, just click on stop while the action is happening, and
    then later click on start again to enable
         automatic functionality
       o Added dirscan - to use this go to the root of where you want to
    start your scan
         o file extention scan looks for file.bak, file~, etc
         o directory scan looks for common directories. I have a long list
    in words, and if this is
           too long for you, replace words with shortwords and retry your
    dirscan

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQA9k0V1B8JNm+PA+iURApj5AJ4uEpZ7NxXIprjGiMjcZFqOyDN0IgCggb2R
    v9pDehmSBSvw+xD7Qe+2aYc=
    =oI8v
    -----END PGP SIGNATURE-----