14,953
edits
Vulnerability scanning tools: Difference between revisions
Jump to navigation
Jump to search
m
Text replacement - ": Image:Owl icon.jpg " to "{{Tips}} "
No edit summary |
m (Text replacement - ": Image:Owl icon.jpg " to "{{Tips}} ") |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
== 建議/可用 == | == 建議/可用 == | ||
{{Gd}} [https:// | {{Gd}} [https://www.zaproxy.org/ ZAP] v. 2.15.0 掃描報告內容包含 Cross-site scripting (XSS), SQL Injection 等部分 OWASP 項目。報告內容有標示漏洞[https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAlerts 嚴重程度]。 | ||
* 公司/維護者: [https:// | * 公司/維護者: [https://www.owasp.org/index.php/Main_Page OWASP] | ||
* 作業系統: | * 作業系統: {{Win}}, {{Linux}} & {{Mac}} | ||
* 授權: | * 授權: [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Apache 2 License] | ||
* 試用版限制: | * 試用版限制: | ||
* 檔案掃毒: | * 檔案掃毒: VirusTotal 掃描結果 [https://www.virustotal.com/zh-tw/file/e3243792525306731ae9eba0cc4697d289e54a58ac529da0c021f2c1ca109246/analysis/ Win 版] ok | ||
* 掃描對象: | * 掃描對象: | ||
* 掃描報告內容: | * 掃描報告內容: 內容包含 X-Frame-Options header not set, Cross-Domain javascript source file inclusion, Cross-site scripting (XSS), SQL Injection, X-content-type-options header missing | ||
* 填寫個資申請: 不用 | * 填寫個資申請: 不用 | ||
| Line 22: | Line 22: | ||
* 掃描對象: | * 掃描對象: | ||
* 掃描報告內容: | * 掃描報告內容: | ||
* 填寫個資申請: 不用 | * 填寫個資申請: 不用 | ||
| Line 90: | Line 80: | ||
* 試用版限制: | * 試用版限制: | ||
* 檔案掃毒: Eset 掃毒 ok | * 檔案掃毒: Eset 掃毒 ok | ||
* 掃描對象: | |||
* 掃描報告內容: | |||
* 填寫個資申請: 要 | |||
[https://portswigger.net/burp/communitydownload Download Burp Suite Community Edition - PortSwigger] | |||
* 公司/維護者: | |||
* 作業系統: {{Win}}, {{Linux}} & {{Mac}} | |||
* 授權: 商業 | |||
* 試用版限制: | |||
* 檔案掃毒: | |||
* 掃描對象: | * 掃描對象: | ||
* 掃描報告內容: | * 掃描報告內容: | ||
| Line 156: | Line 156: | ||
== 不建議使用試用版 == | == 不建議使用試用版 == | ||
{{Tips}} 由於試用版功能限制或者是安裝檔的 VirusTotal 掃毒結果有疑慮,所以不推薦。 | |||
[http://www.acunetix.com/ Website security with Acunetix] v.11 產生報表可區分 ISO 27001, NIST SP800 53, OWASP Top 10 2013, PCI DSS 3.2, Sarbanes Oxley, STIG DISA, WASC Threat Classification 等類型。報告內容有標示漏洞嚴重程度。 | [http://www.acunetix.com/ Website security with Acunetix] v.11 產生報表可區分 ISO 27001, NIST SP800 53, OWASP Top 10 2013, PCI DSS 3.2, Sarbanes Oxley, STIG DISA, WASC Threat Classification 等類型。報告內容有標示漏洞嚴重程度。 | ||
| Line 250: | Line 250: | ||
</pre> | </pre> | ||
References | |||
== Related pages == | |||
* [[Web_Ping#SSL_Server_Test | SSL Server Test]] | |||
* [https://errerrors.blogspot.com/2024/03/free-wordpress-vulnerability-scan-tool.html 免費 WordPress 網站弱點掃描工具] | |||
== References == | |||
* [https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools Category:Vulnerability Scanning Tools - OWASP] | * [https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools Category:Vulnerability Scanning Tools - OWASP] | ||
* [http://www.networkworld.com/article/2176429/security/security-6-free-network-vulnerability-scanners.html 6 free network vulnerability scanners | Network World] | * [http://www.networkworld.com/article/2176429/security/security-6-free-network-vulnerability-scanners.html 6 free network vulnerability scanners | Network World] | ||