-
I have submitted some new vulnerability checks to
whisker's database and these have been included in the
latest Debian package. I would appreciate it if these
were included in the main distribution too. I don't
know if the database format has changed in whisker 2.0
though (seems to have changed in nikto...)
For more information check:
Bug #13424...
2002-06-17 11:18:20 UTC by javifs
-
There are two critical bugs in whisker. The first is a problem with the md5_perl_generated function--to get around this install the MD5 perl module from CPAN. The other is a messed-up 'bang' line at the top of whisker; instead, run whisker by calling it by "perl whisker.pl ..."
There also appears to be a bug in the handling of the '$^O=~/Win32/' line on various platforms--still...
2002-05-06 01:42:04 UTC by rfp
-
Latest versions and associated resources are hosted on www.wiretrip.net; click the 'Homepage' link on the project summary page to surf to the appropriate URL.
2002-05-05 08:50:47 UTC by rfp
-
The latest libwhisker and whisker releases were added to SourceForge.
2002-05-05 08:48:07 UTC by rfp
-
The official whisker 2.0 development effort was kicked off at BlackHat Asia. You can view my design goals and ideas in my presentation, available at:
http://www.wiretrip.net/rfp/blackhat-asia/.
2001-05-04 19:03:28 UTC by rfp
-
I know that if I use the -L to brute force the login/password I have to set -a for username and -p for my password file. What I want to know is how to I set the switch to use a 'username ' file along with the 'password' file for a combined login/password brute force attempt?.
2000-11-14 15:44:39 UTC by mcdonnelld
-
When whisker asks a Nescape-Enterprise/4.0 server for
a directory, it will respond a 404 wether it exists or not.
This way whisker gets fooled into thinking the real CGI
directory doesnt exist, and the most vulnerable stuff
gets protected.
I think a simple solution would be adding an option to
let the user select the cgi directory wanted.
2000-11-03 22:58:51 UTC by zeratul2
-
Welp, I was coding a www scanner when someone told me of whisker I checked it out and saw all the great ideas it had so I thought it would be cool just to incoporate those in my code and call it whisker I have coded a very basic scanner, in C for linux multithreaded which can scan a host for about 250 checks in 2-3 seconds, I dunno if there is any current development in a C project I know it...
2000-10-31 09:30:17 UTC by phriction
-
I guess the scripting will be improved in v2.0, just in case a couple of requests:
- It would be nice if there was an option to scan an array of scripts, something like:
array @roots = /cgi-bin, /cgi
array @scripts = this.pl, that.pl
scan() @roots >> @scripts
Which at the moment works with directories, but not with scripts.
- More control of the scan() function, say...
2000-10-03 21:06:42 UTC by jfs
-
What about a TK GUI?? Give it a bit of the Nessus feel. I know GUIs are a bit lame, and it might make it easier for the hordes of kiddies out there :( , but they sure are nice.. A previous message talked of using the DBI module. Configuring database drivers at the console might be a bit troublesome, as opposed to just hittin a radio button to tell whisker which driver to use.
Scratch that..
2000-09-15 15:51:08 UTC by jasonmace