[Novalug] jikto

gregory pryzby greg at pryzby.org
Sun Apr 1 08:51:42 EDT 2007 

Sounds interesting and maybe someone can give a talk on it at a LUG
meeting.

So, it is a 'grey hat' tool? 

I have mixed feelings about something that makes it easy for
script-kiddies to exploit sites. I like some barrier of entrance so
the user has to have some intelligence to use the tool. If it
exploits web stuff, then require some web programming knowledge. 

Of course my knowledge is this post only. Maybe I will read the link
and do some research.

Thanks

On Sat, Mar 31, 2007 at 04:42:51PM -0500, Matt Ahrens wrote:
> http://www.grc.com/securitynow.htm
> 
> The latest security now podcast has an explanation of this tool for those who
> don't know what it is/how it works. 
> 
> The short version for those who don't want to listen through an hour long
> podcast is:
> 
> Jikto is a web application security tool released by Spi Dynamics which
> exploits cross site scripting vulnerabilities and executes a web application
> vulnerability scanner from compromised clients of the targeted web site.
> 
> I haven't used it and missed the ShmooCon presentation on it.  Eventually, the
> Shmoo Group will post the video of the presentation, and you can see a demo
> from the author of what it does how it works. 
> 
> To the OP, it can be a very powerful tool, I wasn't a huge fan of Nikto (the
> scanner used for Jikto) as it generally had excessive false positives.  I
> haven't used it, so I can't tell you if its effective or not, i suspect it
> would make a nice demo for programmers and other technical people.
> 
> Thanks,
> Matt
> 
> On 3/31/07, gregory pryzby <greg at pryzby.org> wrote:
> 
>     Maybe because I have no idea what it is and there was no link?
> 
>     Some people are too connected (ssh on a treo) but can't move to a
>     browser at the same time or spell the word correctly.
> 
>     I don't think anything about it because I don't know anything about it
>     :)
-- 
greg pryzby                              greg at pryzby dot org
fingerprint: 8A1A DB90 869F 5DD1 D6E9 EEB6 C156 6B04 849F A86F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://calypso.tux.org/pipermail/novalug/attachments/20070401/fcd12e1c/attachment.pgp

More information about the Novalug mailing list