DAVTest v1.0 - WebDAV Application

In: Attack , DAVTest , Exploitation , Penetration testing & Ethical Hacking

1 May 2010

DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

DAVTest supports:

Automatically send exploit files
Automatic randomization of directory to help hide files
Send text files and try MOVE to executable name
Basic and Digest authorization
Automatic clean-up of uploaded files
Send an arbitrary file

DAVTest is written in PERL and licensed under the GPLv3.

More information: here

Post scriptum

Download DAVTest v1.0

Compliance Mandates

Penetration testing & Ethical Hacking :
PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

Attack	1 May 2010 : DAVTest v1.0 - WebDAV Application 29 April 2010 : Fuzzdb v1.07 released 26 April 2010 : Bruter v1.0 - parallel network login brute-forcer 25 April 2010 : Fuzzdb updated to v1.06 19 April 2010 : fuzzdb v1.05 - Attack and Discovery Pattern Database
DAVTest
Exploitation	13 April 2010 : x5s Beta released - Automated XSS security testing assistant 12 April 2010 : Windows Autopwn (winAUTOPWN) v2.2 released 10 April 2010 : pvefindaddr v1.30 released 30 March 2010 : pvefindaddr updated to v1.27 29 March 2010 : Vicnum v1.4 released
Penetration testing & Ethical Hacking	10 May 2010 : SQLNinja v0.2.5 released! 25 April 2010 : (Paper) Pentesting Adobe Flex Applications (introducing new tool Blazentoo) 25 April 2010 : SIP Inspector v1.10 released 15 April 2010 : Ubuntu Pentest Edition v2.03 released 7 April 2010 : SFX-SQLi v1.1.3.2 available