This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP HA Vulnerability Scanner Project
| |
|
|---|---|
|
Main
If you wish to be a part of this Project Team , contact Project Leader
Spider Module Completed.Added Random time interval between requests and proxy.
--Dhruv Jain (talk) 03:59, 8 September 2013 (CDT)
EXPECTED FEATURES:
Note: Some of these features maybe scraped off depending on the feasibility of application
»Web Spider Module
»Custom Design Errors
Cross-site Script Injection Module
Database Tampering – SQL Injection Module, including:
- Direct mode
- Blind mode
Buffer & Integer Overflow attack Module
Format String attack Module
File & Directories Tampering Module, including:
- Backup Files Discovery
- Configuration Files Discovery
- Password Files Discovery
- Information Leakage Discovery
Parameter Tampering Module, including:
- Special Parameter Addition attacks
- Boolean Parameter Tampering attacks
- Hidden Parameter Discovery
- Parameter Deletion attacks
- Remote Execution attacks
- File & Directory traversal attacks
- Header Splitting & CRLF Injection attacks
- Remote File Include PHP-based attacks
Check for Suspicious Values in Web Form Hidden Fields
Custom Signature Check (via Signature Editor)
»Web Server Exposure
Web Server structure Analysis Module, including:
- Web Server & Platform version vulnerabilities
- SSL encryption and X.509 certificate vulnerabilities
- HTTP Method Discovery Module
- HTTP Fingerprint Module, including:
- Web Server Fingerprint Module
- Web Server technology Discovery Module
- Directory Brute-Force
- HTTP Protocol vulnerabilities
»Web Signature Attacks
Web Attack Signatures Module, including:
- IIS CGI Decode Test
- IIS Extended Unicode Test
- IIS File Parsing Test
- FrontPage Security Test
- Lotus Domino Security Test
- General CGI Security Test
- HTTP Devices Security Test (routers, switches)
- Windows-based CGI Security Test
- Windows-based CGI Security Test
- PHP Web Application Security Test
- ASP Web Application Security Test
- J2EE Web Application Security Test
- Coldfusion Web Application Security Test
Attack templates such as:
- Complete, SANS/FBI Top10, Top20
»Confidentiality Exposure Checks
Look for Web forms vulnerabilities, including:
- Password cache feature
- Insecure method for sending data
- Lack of Encryption for sensitive data
- Insecure location to send data (leakage)
- Find directory listing
- Find available objects to download
- Find meta-tag leakage
- Find sensitive keywords in comments and scripts
Compliance analysis, including:
- Find Copyright statements
- Find content rating statements
- Find custom content on web pages and forms
»Cookie Exposure Checks
Cookie Security Analysis Module, including:
- Find weakness in cookie information
- Find cookies sent without encryption
- Find information leakage in cookie information
- Find cookies vulnerable to malicious client-side script
»File & Directory Exposure Checks
Search for backup files
Search for information leakage files
Search for configuration files
Search for password files
--Dhruv Jain (talk) 19:45, 17 August 2013 (CDT)
Project About
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
