Đang tải... (xem toàn văn)
webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide webcruiser web vulnerability scanner user guide
WebCruiser Web Vulnerability Scanner User Guide Content Software Introduction 2 Key Features 2.1 POST Data Resend 2.2 Vulnerability Scanner 2.3 SQL Injection .8 2.3.1 POST SQL Injection 2.3.2 Cookie SQL Injection Demo 10 2.3.3 Cross Site SQL Injection 13 2.4 Cross Site Scripting 13 2.5 XPath Injection 15 2.6 Multi-functional Web Browser 17 2.6.1 POST Web Browser 17 2.6.2 Cookie Web Browser 19 2.7 Fill in Forms .21 2.8 Report 22 2.9 Escape Special Character Filter .24 Order/Registration .26 FAQ .26 V2.5 by Janus Security http://www.janusec.com/ http://sec4app.com Software Introduction WebCruiser - Web Vulnerability Scanner WebCruiser - Web Vulnerability Scanner, it is a powerful web security penetration test software that will aid you in auditing your site! It has a Vulnerability Scanner and a series of security tools It can support scanning website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc So, WebCruiser is also an automatic SQL injection tool, an XPath injection tool, and a Cross Site Scripting tool! Key Features: * Crawler(Site Directories And Files); * Vulnerability Scanner: SQL Injection, Cross Site Scripting, XPath Injection etc.; * SQL Injection Scanner; * SQL Injection Tool: GET/Post/Cookie Injection POC(Proof of Concept); * SQL Injection for SQL Server: PlainText/Union/Blind Injection; * SQL Injection for MySQL: PlainText/Union/Blind Injection; * SQL Injection for Oracle: PlainText/Union/Blind/CrossSite Injection; * SQL Injection for DB2: Union/Blind Injection; * SQL Injection for Access: Union/Blind Injection; * Post Data Resend; * Cross Site Scripting Scanner and POC; * XPath Injection Scanner and POC; * Auto Get Cookie From Web Browser For Authentication; * Report Output System Requirement: Net Framework 2.0 or higher Software Disclaimer: * Authorization must be obtained from the web application owner; * This program will try to get each link and post any data when scanning; * Backup the database before scanning so as to avoid disaster * Using this software at your own risk E-mail: janusecurity@gmail.com http://sec4app.com http://www.janusec.com Key Features 2.1 POST Data Resend When you Post any data, WebCruiser will capture the Post data automatically First, let's login a demo application: Switch to tabpage "Resend", the Post data has been captured here : Now, you can modify the post data and resend them Let's try to use it for SQL Injection: First, modify the value of username to admin' and '1'='1 Second, modify the value of username to admin' and '1'='2 We got different response It means that this application has a vulnerability of SQL Injection 2.2 Vulnerability Scanner Scan your web application for vulnerabilities Open Web application and click “Scan Site" for whole site scanning or "Scan URL" only for current URL Or, select "Vulnerability Scanner" tool, and click "Scan Current Site": Scan Result(Above is Site Structure, and the following table is vulnerabilities): Right click each vulnerabilities, then you can launch SQL Injection or Cross Site Scripting POC( Proof of Concept): 2.3 SQL Injection Scanning is not necessary for SQL Injection POC, you can launch POC by input the URL directly, or launch from the Scanner WebCruiser support: * GET/Post/Cookie Injection; * SQL Server: PlainText/FieldEcho(Union)/Blind Injection; * MySQL/DB2/Access: FieldEcho(Union)/Blind Injection; * Oracle: FieldEcho(Union)/Blind/CrossSite Injection; 2.3.1 POST SQL Injection Take the above scanner for example, right click a Vulnerability, select SQL Injection POC It will launch the SQL Injection POC tool and fill the relevant information This is a POST SQL Injection Demo Click “Get Environment Information” If you need more information, switch to “DataBase”: 2.3.2 Cookie SQL Injection Demo * Similar to POST, Now you know this application has a user which username=admin, Input username=admin and press "Enter" key to navigate it : 2.3.3 Cross Site SQL Injection WebCruiser support Cross Site SQL Injection for Oracle 2.4 Cross Site Scripting There are two types of XSS: * Cross Site Scripting(URL); * Cross Site Scripting(Form); Scanning is not necessary for XSS, you can use this function directly Take launching XSS from the scanner for example: Right Click a Vulnerability in Scanner, select “Cross Site Scripting(Form) POC” or “Cross Site Scripting(URL) POC” : Replace XSS code and Click "Manual XSS Test" Usually your input will occur in the Response Code or in the refer page: 2.5 XPath Injection Similar to SQL Injection, XPath Injection attacks occur when a web site uses usersupplied information to construct an XPath query for XML data By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured, or access data that he may not normally have access to He may even be able to elevate his privileges on the web site if the XML data is being used for authentication (such as an XML based user file) Querying XML is done with XPath, a type of simple descriptive statement that allows the XML query to locate a piece of information Like SQL, you can specify certain attributes to find, and patterns to match When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data XPath is a standard language; its notation/syntax is always implementation independent, which means the attack may be automated There are no different dialects as it takes place in requests to the SQL databeses Because there is no level access control it's possible to get the entire document We won't encounter any limitations as we may know from SQL injection attacks Example: More information about XPath Injection, please refer to: http://sec4app.com/download/XPathInjection.pdf 2.6 Multi-functional Web Browser 2.6.1 POST Web Browser Specify the POST data for web browser, just input the URL and POST data, and press "Enter" key 2.6.2 Cookie Web Browser You can specify the cookie simply as follow: You can modify the cookie at yourself 2.7 Fill in Forms WebCruiser can fill in a form according to your input even the field is read only Switch the request type to "POST", input the expression in the data input box[1], and click the Fill button[2], then it will fill the form[3] Usually, it is not necessary to so It is useful for these scenarios: A Input box is read only; B Copy and paste is disabled; C Hidden or invisible input box; And so on 2.8 Report You can get the scan report by the report tool: Here is part style of report: 2.9 Escape Special Character Filter When operating SQL Injection, you will find some web application will escape single quotes, for example, the Oracle SQL is: Select COLUMN_NAME FROM user_tab_columns WHERE table_name='admin' Because there is single quotes in the SQL, so common injection will not work Escape Filter can help you test the application, WebCruiser has a string tool which can encode the string SQL Server: MySQL: Oracle: The above SQL can be instead by: Select COLUMN_NAME FROM user_tab_columns WHERE table_name= chr(97)|| chr(100)||chr(109)||chr(105)||chr(110) Order/Registration WebCruiser - Web Vulnerability Scanner Order page: http://sec4app.com/order.htm (Pay by RegNow) http://www.janusec.com/ (Pay by PayPal) If you like it, you can order it from RegNow or PayPal: Personal Edition (Non-Commercial License): https://www.regnow.com/softsell/nph-softsell.cgi?item=25854-1 Enterprise Edition (Commercial License): https://www.regnow.com/softsell/nph-softsell.cgi?item=25854-2 RegNow will send you the Registration Code Alternative Payment by PayPal: http://www.janusec.com/ Thank you for choosing WebCruiser FAQ Q: Why I can not run WebCruiser on my computer? A: It need Windows with Net Framework 2.0 or above, if you have not installed Net Framework, please download it from Microsoft web site Usually, Windows XP and earlier has not Net Framework installed, but Windows Vista and Windows has Net Framework Integrated already The URL for Net Framework 2.0 is: http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D8EDD-AAB15C5E04F5&displaylang=en Q: What is the difference between the Professional and Enterprise Edition? A: They are different in License type Personal Edition is for security professionals, masters of individual websites etc., non-commercial purpose, 12-month update and support service; Enterprise Edition is for enterprises, institution, or commercial organizations, 12month update and support service with top priority Function \ Edition Commercial License Personal No Enterprise Yes Directories Crawler Vulnerabilities Scanning Yes Yes Yes Yes SQL Server Injection MySQL Injection Yes Yes Yes Yes Oracle Injection DB2 Injection Yes Yes Yes Yes Advanced Injection Yes Yes Access Injection Access Dictionary Edit Yes Yes Yes Yes Cross-Site Scripting XPath Injection Yes Yes Yes Yes Post Resend Multi-Site Scanning Yes Yes Yes Yes Sensitive WebSites Scanning Cookie Tool Yes Yes Yes Yes Yes 12-month Yes 12-month Report Technical Support Support Web Site: http://sec4app.com/ http://www.janusec.com/ E-mail: janusecurity@gmail.com ... Introduction WebCruiser - Web Vulnerability Scanner WebCruiser - Web Vulnerability Scanner, it is a powerful web security penetration test software that will aid you in auditing your site! It has a Vulnerability. .. Vulnerability Scanner Scan your web application for vulnerabilities Open Web application and click “Scan Site" for whole site scanning or "Scan URL" only for current URL Or, select "Vulnerability Scanner" ... table_name= chr(97)|| chr(100)||chr(109)||chr(105)||chr(110) Order/Registration WebCruiser - Web Vulnerability Scanner Order page: http://sec4app.com/order.htm (Pay by RegNow) http://www.janusec.com/