This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP HA Vulnerability Scanner Project

Jump to: navigation, search

OWASP Inactive Banner.jpg


If you wish to be a part of this Project Team , contact Project Leader

Spider Module Completed.Added Random time interval between requests and proxy. --Dhruv Jain (talk) 03:59, 8 September 2013 (CDT)


Note: Some of these features maybe scraped off depending on the feasibility of application

»Web Spider Module

»Custom Design Errors

Cross-site Script Injection Module

Database Tampering – SQL Injection Module, including:

- Direct mode

- Blind mode

Buffer & Integer Overflow attack Module

Format String attack Module

File & Directories Tampering Module, including:

- Backup Files Discovery

- Configuration Files Discovery

- Password Files Discovery

- Information Leakage Discovery

Parameter Tampering Module, including:

- Special Parameter Addition attacks

- Boolean Parameter Tampering attacks

- Hidden Parameter Discovery

- Parameter Deletion attacks

- Remote Execution attacks

- File & Directory traversal attacks

- Header Splitting & CRLF Injection attacks

- Remote File Include PHP-based attacks

Check for Suspicious Values in Web Form Hidden Fields

Custom Signature Check (via Signature Editor)

»Web Server Exposure

Web Server structure Analysis Module, including:

- Web Server & Platform version vulnerabilities

- SSL encryption and X.509 certificate vulnerabilities

- HTTP Method Discovery Module

- HTTP Fingerprint Module, including:

- Web Server Fingerprint Module

- Web Server technology Discovery Module

- Directory Brute-Force

- HTTP Protocol vulnerabilities

»Web Signature Attacks

Web Attack Signatures Module, including:

- IIS CGI Decode Test

- IIS Extended Unicode Test

- IIS File Parsing Test

- FrontPage Security Test

- Lotus Domino Security Test

- General CGI Security Test

- HTTP Devices Security Test (routers, switches)

- Windows-based CGI Security Test

- Windows-based CGI Security Test

- PHP Web Application Security Test

- ASP Web Application Security Test

- J2EE Web Application Security Test

- Coldfusion Web Application Security Test

Attack templates such as:

- Complete, SANS/FBI Top10, Top20

»Confidentiality Exposure Checks

Look for Web forms vulnerabilities, including:

- Password cache feature

- Insecure method for sending data

- Lack of Encryption for sensitive data

- Insecure location to send data (leakage)

- Find directory listing

- Find available objects to download

- Find meta-tag leakage

- Find sensitive keywords in comments and scripts

Compliance analysis, including:

- Find Copyright statements

- Find content rating statements

- Find custom content on web pages and forms

»Cookie Exposure Checks

Cookie Security Analysis Module, including:

- Find weakness in cookie information

- Find cookies sent without encryption

- Find information leakage in cookie information

- Find cookies vulnerable to malicious client-side script

»File & Directory Exposure Checks

Search for backup files

Search for information leakage files

Search for configuration files

Search for password files

--Dhruv Jain (talk) 19:45, 17 August 2013 (CDT)

Project About

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP HA Vulnerability Scanner Project (home page)
Purpose: It is a vulnerability scanner written in PHP. It is able to scan URLs requested and run variety of tests to find security flaws.
License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?
Project Leader(s):
  • Dhruv Jain @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Dhruv Jain @ to contribute to this project
  • Contact Dhruv Jain @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases