Site evaluation Mini-Howto
Intro
- You often stumble across web sites where you're interested in doing an evaluation of different site characteristics. Having done this a couple of times, I've developed a couple of different techniques and tools to create a comprehensive picture of the site under evaluation.
- This text is definitely beta.
Connectivity
- traceroute
- who is the internet provider (Arin/ripe IP databases)
- where is the server physically located (country, town, company)
- bandwidth
- throughput testing or ISP records
- latency
- ping, traceroute
- compare to hosts closer to the internet
Server location:
- Colocated. The server is located at an ISP or somesuch.
- Dedicated connection. Usually, this happens when the company behind the site has their own line to the internet.
- Shared server (there are other web sites on the same server).
Network topology
- traceroute: firewall?
- ping: firewall?
- nmap: other live servers
- nsscan
- nslookup: axfr
- other servers
- netscan: is network an ICMP "smurf" amplifier
Server
- OS, distribution, patch levels
- queso, netcraft, nmap or observing other sw packages
- services - find out by nmap/telnet or client(such as web browser)
- web
- email
- db
- dns
- ftp
- db
- finger
- sun rpc
- nfs
- smb
- installed software packages
- web - netcraft
- iis
- apache
- other
- web application packages
- frontpage extensions
- cold fusion
- php
- asp
- web apps
- input validation
- sql overflow
- email
- nslookup set type=MX. Multiple hosts? connectivity of these?
- software
- telnet: EHLO
- sendmail
- exchange
- open relay
- orbs / rbl
- db
- mysql
- oracle
- mssql
- dns
- nslookup set type=ns
- domain info
- nic handles / contact info
- nfs
- showinfo
- finger
- find out logged on users on unix systems
- smb
- nbtstat
- list shares
- samba
- win machine
- vulnerabilities
- orbs
The site:
- bandwidth. Dynamic content generation capability
- ab, wget
- page size
- bobby, wget, manual inspection
- accessibility
- bobby, lynx
- standards compliance
- w3c validation
- browser lockout
- plugin lockout
- navigation
- manual inspection
- updatedness
- how well is the site updated?
- link analysis
- broken internal links?
- broken external links?
- popularity
- linked from other sites?
Tools:
nmap
queso
netcraft
bobby
nslookup (standard unix or windows tool)
ab (apache bench - source comes with Apache)
wget
telnet (standard unix tool)
showinfo (standard unix tool)
lynx
finger (standard unix tool)
netscan
traceroute (standard unix, tracert under windows)
nsscan:
#!/bin/bash
baseip=$1
cnt=1
cntend=256
while [ $cnt != $cntend ]
do
ip=$baseip.$cnt
name=`/usr/bin/nslookup $ip 2> /dev/null |grep Name`
if test -n "$name"
then
name=`echo $name|cut -d: -f 2`
echo "$ip:$name"
fi
cnt=`expr $cnt + 1`
done
More stuff:
- Go up to more links.