OWASP FOSBBWAS (code name Beretta)

Download: http://www.devcafe.co.uk/beretta/downloads.htm

This project aims to create a: OWASP PenTesting Checklist
 * Commercial quality open source black box web application scanner that is:
 * Extensible
 * Customizable
 * Scaleable
 * Robust
 * User Friendly
 * Methodical
 * The objective is to:
 * Help developers to create secure and robust Web applications
 * Help System administrators and professional Pen-Tester to identify vulnerable Web Applications
 * Create tests for the OASIS WAS database, OWASP Testing Guide and

Installation
Username: admin Password: pass
 * Unzip the downloaded files (duh..!)
 * Restore the Beretta Db file to your SQL 2000 database server and create a user to access this database
 * Move the unzipped Beretta application directory to somewhere in your web server root
 * Set the necessary NTFS permissions
 * Create a virtual directory in IIS to this newly created directory
 * Modify the Web.config keys databaseConnection, and siteRoot to the relevant values.
 * Modify the Web.config key "outputDir" to be the physical path of the "output" directory beneath the web application root. XML scan reports will be created here
 * Make sure ~/output/ has write permissions for the user ASP.net is running under
 * Open up an internet browser and browse to the virtual directory you created
 * Enter login details (defaults below)
 * You should now be logged into the application. Foundstones hacme bank is a good place to start experimenting with Beretta.