Twwwscan

Twwwscan

Category: Vulnerability Scanners
Website: http://archive.devx.com/security/articles/WebServices/partII/MS0102-3.asp
Manufacturer: unknown
Operating System: Windows, Unix and Linux

4
Security Threat Rating

Description:
Twwwscan is the application for Windows systems. Arirang is the Unix version. These tools allow the user to specify hosts, networks, and IP address ranges, and to easily customize the CGI checks (through configuration text files). Twwwscan checks specific and known server vulnerabilities; but it also has an extensive list of security checks for common misconfigurations that might apply to any homegrown Web server.

Strengths:
This is an easily scriptable command line tool that can scan for multiple vulnerabilities quickly.

Weaknesses:
Difficult to use, need knowledge of their scripting language and the vulnerability

Target:
any server

Mitigation/Recommendation:
updated and patched server

Price:
Price

Penetration (6):
Medium-high

Simplicity (3):
High Knowledge of the remote system, scripting language, and vulnerabilities difficult to get working otherwise

Damage Potential (4):
Medium Data Gathering only out of the box, but with proper scripting knowledge this tool could be used to possibly crash a server.