[23812] in bugtraq
cgiaudit release information
daemon@ATHENA.MIT.EDU (Derek Callaway)
Thu Jan 10 23:43:46 2002
Date: Thu, 10 Jan 2002 20:53:52 -0500 (EST)
From: Derek Callaway <super@udel.edu>
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.10.10201102051290.9650-100000@pager.ce.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I am pleased to announce the release of a new security tool that will
assist programmers and system administrators in increasing CGI security. This
tool, aptly named cgiaudit, is a black-box debugging tool; it automatically
audits CGI entities with only an interface specification, the HTML form.
Attack types that a CGI script or program become subject to are
configurable, as well as server replies that denote a possible penetration
success. Other features include a built-in spider, proxy support, and
hexadecimal encoding of requests.
A tarball source tree is available at
http://www.innu.org/~super/cgiaudit-1.0.tar.gz.
- S
