How to find a vulnerable website?

Website security is a major problem today and should be a priority in any organization or a webmaster.

Now a days Hackers are concentrating alot of their efforts to find holes in a web application.

If you are a website owner and having a High Page rank and High Traffic then there is a chance that you might be a victim of these hackers.

Few years back their existed no proper tools search for vulnerability, but now a days there are tons of tools available through which even a newbie can find a vulnerable site and start hacking.

There are lots of methods that can be used to hack a website but most common ones are as follows:

1. SQL Injection
2. XSS (Cross Site Scripting)
3. Remote File Inclusion (RFI)
4. Directory Traversal attack
5. Local File inclusion (LFI)
6. DDOS attack

Tools commonly used to find a vulnerable website are:--

Acunetix

Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.

[You must be registered and logged in to see this link.]

Nessus

Nessus is the best unix venerability testing tool and among the best to run on windows. Key features of this software include Remote and local file security checks and client/server architecture with a GTK graphical interface etc.

Download Nessus from the link below
[You must be registered and logged in to see this link.]

Retina

Retina is another Vulnerability assessment tool,It scans all the hosts on a network and report on any vulnerabilities found.

Download Retina from the link below
[You must be registered and logged in to see this link.]
Scanner.aspx

Metasploit Framework

The Metasploit Framework is the open source penetration testing framework with the world's largest database of public and tested exploits.

Download Metasploit (For Windows users) from the link below
[You must be registered and logged in to see this link.]

Download Metaspolit (For Linux users) from the link below
[You must be registered and logged in to see this link.]

Feel free to ask your doubts.

bro that was good but ways to work around with these...I mean,I am not asking for any particular tool to be explianed but the logic , the approach that we need to have what we should go for what are the common options that we need to have an eye on in these softwares,etc.Cause even didnt return efficient result these days...

Dude, please give the cracked download links of all of these.. :D

arjunchauhan24 wrote:

Dude, please give the cracked download links of all of these.. :D

dude these are free software under the GPL,u can freely download & use them.So no need to crack these.

can anyone tell me how to use this sites

Dude these are s\w sites you need to get these s\w & then use those s\w

whats s/w???

i have dorks list but not sites

s\w = software

& bro Listen these are vulnerability finding automated or semi-automated software's site address given here which you can use to test a particular site for vulnerabilities ok.....& btw dorks are special query universal strings that are used to find a similar type of sites.So if you have the right dorks you will have the right sites . :-) got that !!!