Home

1. Introduction to Acunetix Web Vulnerability Scanner

Contents

1. Number of websites left to scan 1 Screenshot 24 Grouping of vulnerabilities If the same vulnerability is detected on multiple pages the scanner will group them under one alert node Expandingthe alert node will reveal the vulnerable pages You can expand further to find the vulnerable parameters for that page Grouping of vulnerabilities makes it easier to keep track of vulnerable pages and which vulnerabilities need to be fixed Vulnerability data can also be grouped in reports by selectingthe Vulnerability Report template in the reporting application Saving a Scan Result When a scan is completed you can save the scan results to an external file for analysis and comparison at a laterstage The saved file will contain all the scansfrom the current session including alert information and site structure To save the scan results click the File menu and select Save Scan Results To load the scan results click the File menu and select Load Scan Results 36 5 Generating a Report from the results Introduction to the Reporter Acunetix WVS Reporter Screenshot 25 The Reporter Application The Reporter Application isaseparate tool that allows you to generate reports from security scans performed The results of acompleted scan can be used to launch the Reporter directly fromthe Acunetix WVS orfrom the Acunetix WVS program group The following groups of reports can be produced 37
2. cor Console This parameter may be used only for compliance type reports Infact such parameter should only be used whenthe ror Report switches are set to WVSComplianceReport rep CWE xml HIPAA xml NIST SP800_53 xml OWASP Top 10 2004 xml OWASP_Top_ 10 2007 xml OWASP_Top_ 10 2010 xml DC vm PCI12 xml PCI20 xml Sarbanes Oxley xml STIG_DISA xml WASC Threat _Classification xml To see a list of compliance templates available run the following command reporter_console exe inthe command prompt Syntax Ir WVSComplianceReport rep k compliance type template Example Ir WVSComplianceReport rep k PCl12 xml Application password if userinterface password isenabled Password can be enabled fromthe Application settings gt General node Syntax lp password Do not load Acunetix Reporter user interface If thisoption isnot specified by default the user interface of the Acunetix Reporter will automatically pop up Syntax c aor Action p or Parameters tor Target Specify the file type in which the generated report should be exported to File types available PDF RTF HTML REP AcunetixWVS proprietary format Syntax a format type Example aPDF For each type or reporttemplate there are different parameters If no parameters are specified the default parameter settings will be used To specify the parametersto be passed to the reporter usthe name value form
3. Web Scanner nd See Y Ge e L ai Toole e Te EE y Proxy settings for the scan G Site Crawler si Parameter Exclusions 4 Target Finder GHDB M HTTP Proxy V Use an HTTP proxy server 3 Blind SQL Injector Crawling options HTTP Editor File Extension Filters Hostname 192 168 0 1 Port soso e HTTP Sniffer G Directory and File Filters Es a HTTP Fuzzer URL Rewrite Username jacx yobert amp Authentication Tester E Compare Results 4 HTTP Options Password Web Services 4 LAN Settings 47 Web Services Scanner 3 Custom Cookies M SOCKS Proxy ml Input Fields Use a SOCKS proxy server Application Settings m AcuSensor Hostname 192 168 0 1 Port 31 28 Scan Settings Port Scanner 2 Scanning Profiles si Custom 404 Protocol Socks4 sl A Program Updates Username Version Information ig Licensing Support Center Purch l User Manual html El User Manual pdf s AcuSensor i Settings changed Click Apply to save changes Cancel Screenshot 8 LAN HTTP Proxy Settings If your machine islocated behind a proxy server the AcunetixProxy server settings must be configured forthescannerto connectto the target application Navigate to the Configuration gt Scan Settings gt LAN Settings node to accessthe HTTP Proxy and SOCKS proxy settings page shown inthe above screenshot HTTP Proxy Settings e Usean HTTP proxy ser
4. scan Scans a single website Syntax scan url Example scanhttp testohp vulnweb com crawl Crawlsa single website Syntax crawl url Example crawl http testphp vulnweb com scanfromcraw Starts a scan froma saved crawl Syntax scanfromcraw path and file name Example scanfromcraw ci crawlisitecrawl cwl scanlist Scans a group of websites defined in atext Syntax 63 scanwsdl profile loginseq savefolder 64 scanlist path and file name Example scanlist c lists sites txt Starts a web servicesscan Syntax scanwsdl wsdlurl Example scanwsdl http testaspnet vulnweb com acuservice service asmx W SDL Uses specified scanning profile duringthe scan Syntax profile profile name Example profile default Uses specified scan settings template duringthe scan Syntax settings Template name Example settings test Uses specified login sequence during the scan Syntax loginseg filename Example loginseqtestphp seq Saves scan once scan Isfinished The file will be saved in the location specified by the savefolder switch Syntax save Specify the folder were all the scans and other scan related files will be saved Syntax savefolder directory Eege EH savefolderc Acunetix Scans Compress all the saved scan data into a zipfile Syntax GenerateZIP exportxml Exports scan results to XML file The file will b
5. Editing a Login Sequence The login sequence can be reviewed by clickingon the Edit sequence button E Edit login sequence sequence Name tesiphp vulnweb com_login Login Actions el GET http MHestphp wulnweb Com e GET http HtestphAp vulnweb corilogin php ER POST http testphp vulnweb comuserinfo php H GET http festpAp vulnweb corvicart php Al GET http HestpAp vulnweb cormlogin php el POST httptestphp vulniweb comuserinfo php EP GET http Restphp vulnweb corvartists php Logout Actions Al GET http Htestphp vulnweb corilogout php Session Detection ll Detection URL http Hestphp vulnweb corm Screenshot 50 Login Sequence Editing You can change the request priority by highlightingthe URL and clickingthe up or down arrow inthe top right hand side of the window 80 Marking Pages for M anual Intervention human input is required If Some pages in your web application require manual intervention such as pages with CAPTCHA One Time password or Two Factor authentication use the Login Sequence Recorder to configure the crawler to wait for user input when crawlingsuch page To marka page for manual intervention 1 Launch the Login Sequence Recorder and enter the web application URLin the first step 2 Inthe second step of the wizard Record Login Sequence clickonthe Pause button to pause the recording and enter the URL of the page which requires human input in the URL input field W Manual Interve
6. In the case of Compliance report select the type of report you want to generate Click Next 3 Configure the scan filterto lista number of specificsaved scans or leave the default selection to display all scan results Click Next to proceed and select the specificscan for which to generate a report 4 Select what properties and details should the report include Click Generate button to finalize the wizard and generate the report 5 Oncethe report isgenerated it can be exported to various formats including PDF and HTML Affected Items Report The Affected Items Report groups scan results based on affected files and includes both the request and response HTTP Headers Included is also a coverage report which isa list of all the URLs that have been automatically scanned Developer Report The Developer Report groups scan results by effected pages and files allowing developers to quickly identify and resolve vulnerabilities This report also features detailed remediation examples and best practice recommendations for fixingthe vulnerabilities 38 Executive Report The Executive Report creates a summary of the total number of vulnerabilities found in every vulnerability class This makes itidealformanagementto get an overview of the security of the site without needingto review technical details Quick Report The Quick Report lists the individual vulnerabilities and the affected items without any type of group
7. J Keep Alive timeout 15 max 100 Y Content Type text html charset UTF 8 v Proxy Connection Keep Alive Look for ehn Re Ag Plain text lt DOCTYPE HTML PUBLIC W3C DID HTML 4 01 Transitional EN 2 http ww w3 org TR html14 1loose dtd gt 3 lt html gt lt InstanceBegin template Templates main dynamic template dwt php codeOutsideHTMLIsLocked false gt 4 lt nead 5 lt meta http equiv Content Type content text html charset iso 8859 2 gt 7 lt InstanceBeginEditable name document title ronn gt 8 lt title gt Home of Acunetix Art lt title gt 9 lt InstanceEndEditable gt 10 lt link rel stylesheet href style css type text css gt TE InstanceBeginEditable name headers ronn gt 12 lt here goes headers headers gt 13 lt InstanceEndEditable gt E aa e e zm P e EE E Drop Sox x Cancel Screenshot 36 HTTP Sniffer Trap form When an HTTP request or a response istrapped by the HTTP Sniffer the HTTP Trap window will automatically appearto allow you to edit the captured data Similarly to the HTTP Editor the Trap Form editor allows you to edit headers cookies queries and post variables Click OKto allow the HTTP request orresponse through 54 Editing a HTTP Request without a Trap If you wantto edita HTTP request without settingup an HTTP trap right clickon a request ora response and select Edit with the HTTP Editor Clic
8. gt racunetix Mia home categories artists disclaimer yourcart guestbook AJAX Demo Setup restricted links Setup in session detection detection of invalidated sessions Review login sequence D search art If you are already registered please enter your login information below _ Browse categories Usemame AEAEE Password Your cart Signup Your profile Our guestbook You can also signup here AJAX Demo Links Security art Fractal Explorer i Macunetix Screenshot 16 Login Sequence Recorder 26 3 On the second page of the wizard browse the website slogin page and submitthe 27 authentication credentialsin the login formin orderto login Wait for the page to fully load indicatingthat you are logged in Click Nextto proceed a Login Sequence Recorder e BER u Sal e St fr 1110 172 0 127facuart artists ph E Set start URL to define a gt da adk 9 al Ge El login sequence for e Mtp 110 172 0 127 acuartart sts ph A Record login actions m Setup restricted links cunetix a G U a rt Setup in session detection detection of invalidated Sessions pido tegories artists disclaimer your cart guestbook AJAX Demo Logout acuart r w8173 comment on this artist Blad3 comment on this artist lyzae comment on this artist oacunetix Screenshot 17 Specify an excluded link Once logged in you also need to identify the log
9. node 47 2 48 Click the Add Ruleset button to open up the URL rewrite editor window and enterthe host name of the target website for which the rule will be used Click onthe button to open upthe Add rule dialogue xi Rule Properties This rule will apply to General rule Directory rule Ka This rule will apply to Regular expression artist php subsectiony d details d Replace with artist php Y subsecton 1 tdetalls 42 Rule options w Last rule Match on the full URI HS URL Rewrite rule Screenshot 33 URL Rewrite Rule Specify if the rule setisgenericforthe whole website by ticking General rule If fora specific directory only tick Directory rule and specify the directory name In the Regular Expression input field specify a part of the URL includingregular expressions or a group of Regular expressions which Acunetix WVSshould use to recognize a rewritten URL E g Details d indicates that everything must be matched after the Details directory as well assubsequent strings beginningwith digits In the Replace with input field specify the URLAcunetix WVSshould request instead of the rewritten URL E g Mod Rewrite Shop details ohp id 1 The 1 will be replaced with the value retrieved from the first regular expression group specified in the Regular Expression input field inthis case d Forexample if Acunetix finds this URL Mod_Rewrite_Shop Details network storage d l
10. or amp artists php 1 i to execute shell commands on the underlying operating system E artist 1 3 i E Certain SQL Servers such as Microsoft SQL Server contain stored and extended a procedures database server functions If an attacker can obtain access to these e E rbd procedures it may be possible to compromise the entire machine E product php 1 Apache 2 x version older than 2 0 61 1 Attack details a On A EES URL encoded GET input artist was setto 1 Backup files 1 Error message found E O Application error message 5 PHPinfo page found 1 supplied argument is not a valid MySQL result TRACE method is enabled 1 Possible sensitive directories 3 Login page password guessing attack 1 wt o Password type input with autocomplete enabled 3 Mi ew HTTP headers z Broken links 1 Y View HTML response e GHDB Generic MySQL error me 4 Launch the attack with HTTP Editor ssage e da o Email address fi 13 Mark this alert as a false positive saw Network Alerts How to fix this vulnerability E iG Port Scanner 2 Open Port 22 ssh 83 Open Port 80 http T Knowledge Base Detailed information A A Y Click here for more detailed information about this vulnerability Your script should filter metacharacters from user input Check detailed information for more information about fixing this vulnerability Activity Window Web Scanner Scanning 1 website s
11. 1848r editc text html charset utf 8 i 200 OK 23 Kb a GET https erp acunetix com 443 scripts feedback js application x javascript V 3 200 OK 2Kb 1 GET panel editcustomer aspx lang entop edit id 184 r key aspx33flang33den326id33d3439326f33dp3253d1325260 3253dCreatedon32526d3253ddesc325261 43253dregular32526f5 253da HTTP 1 1 2 Host erp acunetix com 443 3 User Agent Mozilla 5 0 Windows U Windows NT 6 1 en US rv 1 9 2 8 Gecko 20100722 Firefox 3 6 8 4 Accept text html application xhtml xml application xml q 0 9 q 0 8 5 Accept Language en us en q 0 5 6 Accept Encoding gzip deffiate T Accept Charset 1SO 8859 1 utf 8 aq 0 7 q 0 7 v Look for 8 fay Re Ag Plain text e Activity Window Ready Screenshot 34 The HTTP Sniffer The HTTP Snifferisaproxyserverthatenablesyouto capture and edit HTTP requests and responses exchanged between a web client browser orother http application and aweb server The HTTP Sniffer can be used to manually crawl sections of a website that cannot be crawled automatically by AcunetixWVS Usingthe HTTP Sniffer sections of the website that cannot be crawled automatically can be loaded in a web browserfor HTTP trafficto be captured in real time as various objects are clicked The captured data can then be loaded into the Crawler and used to launch a scan To capture live traffic your web browser must be configured to proxy through the HTTP Snifferand then exportthe logsto
12. Affected Items Organized by affected items on the website with detailed specifics of vulnerabilities found on each item DeveloperReport Used by developers of the websiteto easily fixdiscovered security Issues Executive Report Useful fora managementteamto review asummary of a website s security status Quick Report A basiclistingof single vulnerabilities per vulnerablefile or affected parameter Compliance Standard Report Vulnerability reports designed to comply with regulatory and other standards bodies such as PCI DSS OWASP and WASC Scan Comparison Report Allow acomparison with previous scansto easily determine if issues were fixed or not Monthly vulnerabilities Report Statistical report of vulnerabilitiesfound in scansfrom a given month Generating a Report from the Scan Results To generate areport click on the ui Report button on the Acunetixtoolbaratthe top This will start the Acunetix WVS Reporter Acuneti ix WVS Reporter 10l x sua Je Gaiem ra Blind SQL Injectior f CRLF injection HTTP response splitting AS Cross Site Scripting Directory Traversal AS Scan of http testphp vulnweb com Macromedia Dreamweaver Remote Database Scripts PHP HTML Entity Encoder Heap Overflow Vulnerability PHP version older than 5 2 1 PHP version older than 5 2 3 PHP version older than 5 2 5 Scan information PHP version older than 5 2 6 Starttime 21 10 2011 16 48 08 PHP Zend_Hash_Del al Or_Index vuinerabiity Finish tim T
13. Credentials will be saved and applied automatically to any path that 12 below the path you have defined here If the path is a sub directory and not a file add the trailing slash Username robert MM Password Applies to Hast testphp vulnweb com Path admin ha Screenshot 14 HTTP Authentication 24 3 Enter the Username and Password In the Host text box field specify the main website URL e g testphp vulnweb com Inthe Path text box specify the path for where the credentials should be used e g protected Do not specify a path if the credentials are used site wide HTTP authentication options 25 Don t ask for authentication automatically By default when atarget website requires HTTP authentication during acrawl and scan a window will automatically pop up allowing you to enter credentials If thisoptionis switched off AcunetixWVSwill continue crawling and scanningthe website without authenticating therefore protected website parts will not be crawled and scanned Save new credentialsto settings With thisoption enabled new credentials and their URL used duringa scan are automatically saved in the Acunetix WVSscanner settings for future use Scanninga form based password protected area 1 Click New Login Sequence to launch the Login Sequence Recorder co i f Login Sequence Recorder 7 Set start URL to define a This wizard will guide you in creating a lo
14. Displays target site information fetched by the crawler e g cookies robots files and directories e Detailswindow right hand side Displays general information about afile selected in the site structure window e g filename file path etc A seriesoftabsatthe bottom of the Details window display further information about the selected object It isalso possible to load the results of a previously saved crawl or save the results of a completed crawl If you use the option choose filesto be scanned to select deselect anumber of these changes will also be saved alongwith the crawl results 43 Starting a Website Crawl d 2 Click on the Tools gt Site Crawler node Enter the URL of the target website from where the crawler should start crawling e g http testphp vulnweb com If you want to use a recorded login sequence duringthe crawl select it from the Login Sequence drop down menu Click on the start button to start the crawling process If the website or any parts of it require HTTP authentication to be accessed a pop up window will automatically appear for you to enter the correct credentials unless they were already configured inthe HTTP Authentication settings node The site structure will be displayed onthe left hand side For each directory found anode will be created together with sub nodesforeachfile The site Crawler will also create a Cookies node which displays information about the cooki
15. If you are scanninga large number of websites it is suggested to increase the number of parallel scans so their schedule doesnot overlap Maximum number of parallel scansis of 10 if you have the x10 instances license Configuring Email notifications Email Notifications Y Send email notifications when scans are finished SMTP server to be used for sending email notifications Server ip hostname 172 16 180 106 Iw The SMTP server requires authentication Username robert Password rre Email address where you will receive the email notifications ra acunetix com cd acunetix coml Click Here to Verify Settings Screenshot 42 Scheduler email notifications In thissection you can specify the settings for email notifications such as SMTP server IP or FQDN port SMTP server authentication optional and the email address wherenotifications will be sent Excluded hours templates Exduded Hours Templates Define time intervals when scanning is allowed disallowed Running scans will be paused and resumed accordingly Add Nine to five No weekends Except working hours Remove Selected B Edit Screenshot 43 Excluded Hours Templates In the Excluded Hours Templates section you can specify a range of hours to pause on goingscans E g if you do not want to scan your website duringtimes of high traffic 74 Excluded Hours Template X Template Mame Hew template Mon BRR Sun OO S MN Allo
16. Scan single website Website URL MR atts ster If you saved the site structure using the site crawler tool you can use the saved results here The scan will load this data from the file instead of crawling the site again C Scan using saved crawling results Filename ha S r If you want to scan a list of websites use the Acunetix Scheduler You can access the scheduler interface by clicking the link below acunetix http localhost 8181 wen Screenshot 10 Scan Wizard Select Scan Type 2 Specifythe website s to be scanned The scan target options are e Scan single website Enterthe URL of a target website e g http testphp vulnweb com e Scan usingsaved crawlingresults If you previously performed a crawl on a website you can use the saved results to launch a scan instead of havingto crawl the website again Note The Acunetix WVS Scheduler can be used to scan multiple websites at the same time since Itlaunchesan instance of Acunetix WVS per each simultaneous scan You can read more about the Acunetix WVSschedulerin page 73 of this manual 3 Click Nextto continue 21 Step 2 Specify Scanning Profile Scan Settings Template and Crawling Options xi Ei Scan Type O ption S Options Adjust crawling scanning options from this page M Select Targets Wd mM Finish M Scanning options oy Scanning profile will enable disable different tests or gr
17. WVS applications such asthe Reporter To create a new password enter the password in the fields New Password and Confirm New Password To remove password protection enterthe current password in the field Current Password and leave the other 2 fields blank 86 Scan Settings Templates Scan Settings can be configured exclusively for a specific URL and saved as Scan Settings Templates If you frequently need to scan multiple websites that require different settings Scan Settings Templates can be recalled quickly and easily without the need of any reconfiguration j Sl i Ows B Be Ble ela alala a Tools Explorer E Default Ox E EE Scanmnin g Option Is Web Scanner E SS Configure the Acunetix scanning engine DL Tools mi Headers and Cookies Y Site Crawler Cl Parameter Exclusions gt ero em GHDB Scanning options a omain Scanner i f Disable alerts generated by crawler e g broken links file inputs 3 Blind SQL Injector G Crawling Options i HTTP Editor G File Extension Filters Scanning mode heuristic x Help HTP Sniffer Y Directory and File Filters HTTP Fuzzer gt URL Rewrite Limit crawl recursion to D iterations use O to disable crawl recursion Authentication Tester E ES Cl Compare Results 4 TP Options Enable port scanning GEN Web Services Z LAN Settings Collect uncommon HTTP requests HTTP status code 500 no headers e Web Serv
18. about the vulnerability such as source code line number stack trace affected SQLquery etc Significantly reduces false positives when scanninga website because it understands the behavior of the web application better Can alert you of web application configuration problems which could resultina vulnerable application or expose sensitive information E g If custom errors are enabledin NET this could expose sensitive application details to a malicious user It can advise you how to better secure your web application and web server settings e g if write accessis enabled onthe web server Detects many more SQL injection vulnerabilities Previously SQLinjection vulnerabilities could only be found if database errors were reported or viaother common techniques Ability to detect SQLInjection vulnerabilities in all SQLstatements includingin SQL INSERT statements With a black box scanner such SQL injection vulnerabilities cannot be found Ability to know aboutall the files present and accessible through the web server If an attacker will gain access to the website and create a backdoorfile inthe application directory the file will be found and scanned when usingthe AcuSensor Technology and you will be alerted AcuSensor Technology is able to intercept all web application inputs and build a comprehensive list with all possibleinputsin the website andtest them No need to write URLrewrite rules when scanning web applications which
19. all possible options you might be presented with e lftherean error isencountered while connectingto the target server you will be alerted with the complete details of the error e lfthe target website is using Custom 404 error pages they will be detected automatically thereforeno further action is required If Acunetix WVSis unable to automatically detect acustom 404 error page and a pattern to recognize it automatically you will have to configure a custom 404 error page rule by clickingthe Customize button You can read more about Custom 404 error pagesfrom page 91 of the manual e Ifthe target serverisusingCASEinsensitive URLs you will also be alerted withthe option to force case insensitive crawling e lfAcuSensor Technology is enabled and the target serveris PHP or NET you will be prompted with the option to configure AcuSensor technology Click the Customize button to install AcuSensor on the target server You can read more about AcuSensor on page 13 of this manual e AcunetixWVSwill also alert you if additional hosts have been discovered i e other websites which your websitelinksto By default Acunetix WVSwillnot crawl and scan additional hosts FQDN s which are linked from your website Tick the host s which Acunetix WVS should automatically crawl and scan e fyou have made changesto the Scan Settings template you can also save the modifications to the existingornew template Referto page 87 of this user manual to read
20. dir Nn ntms Yes Screenshot 31 Directory and File Filter rules To add a directory or file rule 1 Clickthe Add URL button and specify the address of the website where the directory orfile is located 2 Clickthe Add Filterbutton and specify the directory orfilename awild card ora regular expression When specifyinga directory do not add a slash infront of the directory name A trailingslash is automatically added to the end of the website URL Note Directory and file filters specified forthe root or any other directory of a website are not inherited by their sub directories therefore afilters must be specified separately for sub directories asshownin the screen shot above URL Rewrite rules Many web applications such as shoppingcarts and off the shelf applications such as WordPress and Joomla use URL rewrite rules Acunetix needs to understand these rewrite rulesin orderto navigate and understand the website structure and actual files better and to avoid crawling of inexistent objects el URL Rewrite Editor y Edda AE up Py Test Rules Rule Regular Expression Replace Options 5 A Hostname http testphp vulnweb com 1 global rules Fm artist php subsection d details d artist php subsection 1 amp details 2 LINC Screenshot 32 URL Rewrite Configuration Adding a URLrewrite rule manually 1 Navigate to the Configuration gt Scan Settings gt Crawling Options gt URL rewrite
21. for current context In M acunetix documents ma WAN WAITING Network script basic lt 55 seript finished in 28 ms Request count 0 0 WAITING oo WAITING 0 WAITING WAITING WAITING No running scripts Screenshot 3 WVS Scripting tool The WVS Scriptingtool allows you to create new custom web vulnerability checks These checks must be written in JavaScript and require installation of the SDK You can read more about writing custom web security checks from the following URL http www acunetix com blog docs creating vul nerability checks You can download the scripting SDK from http w www acunetix com download tools Acunetix_ SDK zip Reporter The Reporter allows you to generate reports of scan resultsin a printable format Various report templates are available includingsummary detailed reports and compliance reporting The Consultant Version of the WVSallows customization of the generated report Scan of http orig 160 0 2 ESA pr Teoh A ra Sr ee pay 1E a Screenshot 4 Typical WVS Report including Chart of alerts New to Version 8 of Acunetix WVS e Newtest method manipulation of input parameters from URLs e AutomaticllS7 rewrite rule interpretation e Supportfor custom HTTP headers e ImpervaWeb Application Firewall integration e Detection of new vulnerability class HTTP Parameter Pollution e Supportfor multipleinstances of AcunetixWVSonthe same workstation e Web based scheduler for e
22. instances of Acunetix WVSonthe same computer Therefore this edition gives you the ability to scan up to 10 websites simultaneously Consultant Edition The Consultant edition license allows you to install one copy of Acunetix on one computer to scan an unlimited number of sites orservers including 3 party sites provided that you have obtained permission from the respectivesite owners Thisisthe correct edition to use if you are a consultant who provides web security testing services hosting provider or ISP The consultant edition also includesthe capability of modifyingthe reportsto include yourown company logo This edition does not leave any trailin the logfiles of the scanned server Additional licenses are required for separate installs onto different workstations Consultant Edition x10 instances The ONLY difference between the Consultant Edition and the Consultant Edition x10 instances isthat this edition of the Acunetix WVS Consultant allows you to run up to 10 instances of Acunetix WVSonthe same computer Therefore this edition gives you the ability to scan up to 10 websites simultaneously Limitations of Evaluation Edition The evaluation version of WVS downloadablefrom the Acunetixwebsite is practically identical to the full version in functionality and features but contains the followinglimitations e Websites willbescanned only for Cross Site Scripting XSS vulnerabilities only the Acunetix test websites willbe scanned fora
23. path of the web application web config file that contains the URL rewrite rules 2 Selectthe IISURLRrewrite web config node and specify the hostnameof the website e g www acunetix com and webserver directory e g sales on which the URL rewrite configuration isset Note Every Scan Settings template can have different crawler settings Refer to page 87 of this user manual to read more on how to modify or create new Scan Settings templates Custom Cookies You can create a custom cookie which can be used duringa website crawl to emulate auseror to automatically login to asection of the website without requiringthe login recorder To add a custom cookie 1 Navigate to Configuration gt Scan Settings gt Custom cookies node 2 Clickonthe Add Cookie button to add anew blank cookie to the list Enter the URL of the site for which the cookie will be used in the left hand URLcolumn 4 Enter the customstringthat will be sent with the cookie E g if cookie name is Cookie Name and contentis XYZ enter Cookie Name xYZ 5 Click Applyto save the changes Traversing Web Form pages Many websitesinclude web formsthat capture visitor data like download forms Acunetix WVScan be configured to automatically submit random data or specificvaluesto web forms duringthe crawl and scan stages of a security audit Note By default Acunetix WVSusesagenericsubmit rule that willsubmit genericand random valuesto any kind of web
24. referto page 17 of this manual Custom Cookies For more details on configuring custom cookies referto page 49 of this manual Input Fields For more details on configuringinput fields refer to page 49 of this manual AcuSensor For more details on configuringAcuSensor refer to page 13 of this manual Port Scanner While scanningawebsite you can also choose to launch a port scan against the web server hostingthe site The port scanner will scan the web server usingaspecificlist of ports If a port is found to be open the port scanner will identify what network service isrunningon that port and will launch anumber of security checks specifically targeting the discovered network service Therefore if a DNS serveris discovered tests such as DNS open zone transfer and DNSopen recursion tests are run against the network service The Port Scanner configuration options are e Numberof sockets used for scanning Specify the amount of network sockets to be used by the Port Scanner module The largerthe number the faster the scan will be but it will also increase the load onthe webserver e Connection timeout in seconds Specify the timeoutin seconds lei thereisno response when tryingto connect to a port within the specified amount of seconds the port will be considered as closed e List of scanned ports The list of specified ports for which the Port Scanner will check Use the button to adda port anda description and use the button to
25. remove selected portsfrom the list 90 A listof open portson the server will be displayed in the scan results under Knowledge Base gt List of open TCP Ports inthe Scan results window pane Note The Network Alert Scripts Network security checks are fully scriptable thereby allowing you to write new ones The Acunetix Web Vulnerability Scanner Network Alert scripting reference is available fromthe following URL http www acunetix com vulnerability scanner scriptingreference index html Custom 404 Error Pages A 404 error page is the page that appears when a requested page Is not found In many cases rather than returningan HTTP Status Code 404 Not Found websites return an HTTP Status Code of 200 Success and show a page formatted accordingto the look and feel of the websiteto inform the user that the page requested does not exist Custom 404 error pages do not necessarily represent aserver 404 error Page not found and therefore Acunetix WVS must be able to automatically identify these pages to detect the difference between anon existent URLand a valid web page By default Acunetix WVS will automatically detect custom 404 pages and patternsto match them therefore you do not need to configure Custom 404 Error Pages rules manually In case you want to override the AcunetixWVS automaticdetection you can configure a custom error page rule by completingthe followingsteps BER UAL to match on http testasp ulnweb C
26. testing tool that audits yourweb applications by checkingfor vulnerabilities like SQLInjections Cross site scripting and other exploitable hacking vulnerabilities In general AcunetixWVSscans any website or web application that is accessible viaaweb browser and usesthe HTTP HTTPS protocol Besides automatically scanningfor exploitable vulnerabilities WVS offers astrongand unique solution for analyzing off the shelf and custom web applications includingthose relying on client scripts such as JavaScript AJAX and Web 2 0 web applications Acunetix WVSis suitable for any small medium sized and large organizations with intranets extranets and websites aimed at exchanging and or deliveringinformation with to customers vendors employees and other stakeholders How Acunetix WVS Works Acunetix WVSworksin the following manner 1 The Crawler analyzes the entire website by followingall the linksonthe site andinthe robots txt file and sitemap xml if available WVSwillthen map out the website structure and display detailed information about every file If AcunetixAcuSensor Technology is enabled the sensor will retrieve alisting of all the files present in the web application directory and add the filesnotfound by the crawlerto the crawler output Such files usually are not discovered by the crawleras they are not accessible from the web server ornot linked through the website It also analyses hidden application files such as web config 2 Afte
27. the Site Crawler You can read more about this processfrom the following URL http www acunetix com blog docs manual crawling http sniffer The HTTP Sniffer can also be used to analyze HTTP trafficand to trap particular POST or GET requests that can be changed on the fly manually or automatically to emulate a man in the middle attack Configuring the HTTP Sniffer To start capturingtraffic you must first configure your browserto use the Acunetix HTTP Snifferas proxy server Mozilla Firefox 1 From the Toolsdrop down menu select Internet Options 2 Select Lan Settingsfromthe Connectionstab 51 3 Inthe Connection section click on Settings and tick M anual proxy configuration 4 Set HTTP Proxy to 127 0 0 1 and Port to 8080 5 Ifyou alsoneedto capture SSL traffic configure the SSLProxy to 127 0 0 1 and Port to 8080 6 Click OKto save all options and close all configuration windows Internet Explorer ia K Automatic configuration Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration Automatically detect settings Use automatic configuration script Proxy server 7 Use a proxy server for your LAN These settings will not apply to dial up or VPN connections Address 127 0 0 1 Port 8080 1 Advanced Bypass proxy server for local addresses Click on the Connectionstab and then click LAN Settings button Ti
28. the crawler will ignoreany case difference inthe linksfound onthe website E g Admin will be considered the same as admin Enable CSA analyze and execute J avaScript AJAX The Client Script Analyzer CSA Is enabled by default during crawling This will execute J avaScript AJ AX code onthe website to gather a more complete site structure Fetch external scripts With thisoption enabled the CSA engine will fetch all external resources linked through client scripts running on the target The external resources will only be crawled and will not be scanned If thisoption isnot enabled and aclient script uses external resources the CSA engine will not be able to analyze the client script correctly which might result in an incomplete crawl Fetch default index files index php Default asp If thisoptionis enabled the crawler will try to fetch common default indexfilenames such asindex php Default asp for every folder even if not directlylinked Try to prevent infinite directory recursion In certain website structures there isan uncommon probability that the scanner will start loopingwhen tryingto fetch the same directory recursively e g images images images images Enablingthis setting will instruct the scanner to try to prevent this situation by identifying repeated directory namesinrecursion Warn user if URL rewrite isdetected Enable this option to be notified if URLrewrite is detected duringthe crawl
29. use for this scan Options available are Quick Heuristic or extensive Syntax scanningM ode 3Quick Heuristic Extensive TestWebAppsinAllDirs Testsfor well known web applications vulnerabilitiesin all directories Enable only if popular web applications are installed on the target website such as Wordpress 67 Joomlaetc Syntax TestWebAppsinAllDirssTrue False ManipHTTPHeaders Manipulate HTTP headers duringscan Syntax ManipHTTPHeadersS True False UseAcuSensor Enable AcuSensortechnology forthis scan AcuSensor Technology sensor files must be installed on the target website Syntax UseAcuSensor True False EnablePortScanning Port scan target and run network alerts tests against target duringweb security scan Syntax EnablePortScanningSTrue False UseSensorDataFromCraw You can specify to use the AcuSensor data froma saved crawl to proceed with scan or to re crawl the target Syntax UseSensorDataFromCraw l4Yes No Revalidate Note The only mandatory parameter isthe scan URL If no parameter is specified the default graphical user interface settings will be used forthe scan If the target website uses HTTP authentication HTTP credentials have to be specified in the Configuration gt Settings gt Application Settings gt HTTP Authentication node inthe AcunetixWVSuser interface Since with every set of HTTP credentials you also have to specify the URL such crede
30. Acunetix Web Vulnerability Scanner Web Vulnerability Scanner v8 User Manual v 1 2012 Information inthisdocument issubjectto change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part of this document may be reproduced or transmitted in any form or by any means electronicor mechanical forany purpose without the express written permission of Acunetix Ltd AcunetixWVSis copyright of Acunetix Ltd 2004 2012 Acunetix Ltd All rights reserved http www acunetix com info acunetix com Document version 8 Last updated 15 February 2012 Contents 1 INTRODUCTION TO ACUNETIX WEB VULNERABILITY SCANNER osncaccinatnncniatnzcatazezcarazcasarezcarazos 1 WHY YOU NEED TO SECURE YOUR WEB APPLICATIONS conocieran 1 The need for automated web application security Scanning 2 ACUNETIX WEB VULNERABLE SCANNER EE 2 FHOW eet WVS WOKS dd O e a ao 2 ACUNETIAGUSENSOR TECANOLO O cesar dl 3 Advantages of using AcuSensor Technology ssssssssssrsssrssernnennnennnennnennnnnnnnnnnnnnnnnnnnnnrnnnrnnnennnennnennnnnns 4 ACUNETIX WVS PROGRAM OVER VIEW egen 6 EE D AcuSensor Technology AGO Nt vvssecssessssecssesssecssessssssesssessesseessssssessseesnsesnsesssesssesssesssesssesssesnsessserssenssenssensensenseenssenn 6 POE SCANNEF e NOT WOK Al EN 6 Ee ie TEE 1 Subdomain SCS Maa ai 7 Seier e d e RER AAA a a tote RE OR SOE Ee a A 7 e RR Ee 7 E O A A A an ea 7 K re ere 8 Web SEIVICES oca M
31. Blind SQL Injection Blind SQLinjection vulnerability checks only CSRF Cross site request forgery vulnerability checks only Directory_and_ File checks A number of security checks related to files such as text search and backup file checks and directory checks such as directory listingetc empty This profile may be used as a clean base to create other profiles 92 File Upload File upload form vulnerabilities only GHDB Google hacking database security checks only High Risk Alerts Web and network vulnerability checks which are considered as High Risk such as SQL Injection and XSS Network Scripts Network security checks only If you would like to check if the network services are secured properly on the web server use this scanning profile Tests included are DNS cache poisoning telnet brute force and much more parameter manipulation All parameter manipulation attacks such as SQL injection XSS Crosssite scripting Command execution etc SQL injection vulnerability checks only Wordpress security checks 93 Creating ModifyingScanningProfiles Creating a new Scanning Profile 4 Selectthe Empty scanningprofile from the Profile drop down menu 5 Checkall the vulnerability checks security checks you would like to include in the scanning profile 6 Clickon save lal button to save the profile Modifying a Scanning Profile 7 Selectthe scanning profile you would liketo edit from the Profile dro
32. EIMS TO SCAN an 21 DE 22 STEP 2 SPECIFY SCANNING PROFILE SCAN SETTINGS TEMPLATE AND CRAWLING OPTIONS 22 SCI ONO 22 Wee e ee e 22 DAV ESCA POS US aii aci 22 lee oie cme rE eS CE RC E CR TTT 22 STEP 3 CONFIRM TARGETS AND TECHNOLOGIES DETECTED ENEE 23 STEP 4 CONFIGURE LOGIN FOR PASSWORD PROTECTED AREAS EEN 23 Scanning a HTTP password protected are ee 24 STEP 6 FINAL WIZARD OPTIONS ed a 29 STEP CONPLE MNG THE SCAN emaa e ere 29 STEP 8 SELECT THE FILES AND DIRECTORIES TO SCAN NENNEN 30 AN ALY ZING THE SCAN RESULTS iii 31 NRODDU HO kona EON TET NE Ee PE a PSR ee eA 31 WEBALER TS NODE e EE 31 Marking an Alert as a False Positive ENNEN EEN EEN 32 NETWORK ALERTS NODE EA 32 PORT SCANNER NODE eer po aa do a at A sera do ad Wan aA de o e leo Macks 33 KNOWCEDGE BASE NODE nda 33 SITE ent ao dota 34 GrOUDING OF VNS da 36 AVN ASCII TA CSN a ld crea eae 36 GENERATING A REPORT FROM THE RESULTS wssssssssssssssvsvsnsssevsvsnsosersvsnsosevevsuensevsvsnsosorsvsueavevevsuensevevens 37 INTRODUCTION TO THE REPORTER e aa ees 37 GENERATING A REPORT FROM THE SCAN RESULTS vassssssssssssssssesesesscscscsssesssesesasececacscesscsssssavacevasesesscnensnaravacecesess 38 AFFECTED ITEMS REPORT di 38 DEVELOPER REPORT a o 38 EXECUTIVE PREROR do 39 QUO RETOR T O rn pet Rett Ea II er oer CP ene mE eee ay 39 SOMA GE REPOR e 39 SCAN GOMPARISON REPO Fa e o bn o ed a at 40 MONTHEY VULNERABLES REPOR e lao 40 CUSTOMIZING THE REP
33. Enter the host name or IP address of the domain to be included ina crawl scan and clickthe buttonto addthe entry E g when scanningtestphp vulnweb com there are links which link to www acunetix com Note Hostnames can be specified using wildcards e g domain com which includes all websites with a suffix of domain com such as sales domain com A question mark can also be used as a wildcard e g host domain com would include all websites with one character added after host such as host1 domain com Headers and Cookies In thisnode you can configure all the options related to manipulation of HTTP Headers and Cookies The optionsare 88 e Test cookiesfor all files By default Acunetix WVSwill only tryto manipulate cookie data and use it against filesthat contain GET and POST parameters If thisoptionis enabled AcunetixWVSwill also try to use manipulated cookie data against staticfiles e Manipulate the HTTP headers below A number of Acunetix WVSsecurity checks try to manipulate HTTP headers This section lists the HTTP headers Acunetix WVSwill try to manipulate duringascan If you are testingaweb application that uses other custom HTTP headers that you would like to test you can add them to thislist by clickingon the button Use the button to remove the highlighted header from the list By un ticking the Manipulate the HTTP headers listed below option you will disable all HTTP headers manipulation tests Pa
34. Information 3 2 8 LA http eatphe vulweeb lt com R iy En shows general information about the selected file Right dick on items for more d gt 9 OK Home of Acune e 9 AJAX OK ajax test 9 Flash Forbidden Access forbidden Bl Filename artists php o add swf OK E Page title artists E E images Forbidden Access forbidden O Filepath artists php A G Ou http testphp vulnweb com arti 0 HTP Result Ok 200 o Length 4 Kb g tt OK SES O Fie will be scanned True E o Content type text html charset UTF 8 wee artist 2 OK artists o Expected conten i S Fe cart php x fou cat O status File was processed addcart 2 price 800 OK you cart addcart 1 price 500 OK you cart addcart 3 price 986 OK you cart Le categories php OK picture categories Le disclaimer php OK disclaimer favicon ico OK E 9 guestbook php OK i guestbook name anony submit add OK guestbook Le index php OK Home of Acune E 9 listproducts php OK 2 pictures EA login php OK login page Le privac y php Not Found E Le product php OK 1 picture details redir php Found 1 robots txt OK Le search php OK 1 search EA showimage php OK 2 9 signup php OK signup 9 style css OK S Pee ae ON ow En F BEE i Info 4 Referrers Se HTTP Headers 7 Inputs L 1 View Source EY View Activity Window Screenshot 29 The crawler tool interface The interface of the Crawlertool consists of e Site structure window left hand side
35. NEE 66 THE ACUNETIX WVS CONSOLE REPORTER cual 68 THE ACUNETIX WVS CONSOLE REPORTER COMMAND LINE OPTIONS ENEE 69 11 THE SCHEDULER a 73 INTRODUC MON asen crac aire il io nose tin Dedica 73 CONFIGURING THE SCHEDULER SERVICE sitiada dit 73 Configuring the Scheduler web INTCSFACE secsesssssssscssessesseesssesnsesssesssesnsesssesssesnsesnsesssesssessseessenseeesseessenaes 13 SON e ol 13 Kiefldligiefllfrel Ee TT 74 Configuring Email NOTIFICATIONS escsessssssessesssssssssssssssssssssssssssesssssssssssssessssssssnsssnssusssseasesessaessssasesnssessasessesasessesnsesses 14 Excluded Nours tempale stars 14 CREATING A SCHEDULED CAN o e e a EEN 75 Scheduled Scan Basic Optons een 76 Scheduled scan AQV ANC EO ODIOS sardinas 11 Scheduled scan results and reportS cicninmmmmmmmmmmmmmmmmmmmmnmimninrnrnenrnrrree 11 12 OTHER ACUNETIX WVS TOO Sai 79 THE TAR CE TADEO 79 THE SUBDOMAIN SCANNER aid iia 79 THE AUTHENTICATION TESTER iaa 79 LOGIN SEQUENCE RECORDER a de ee e da ls a a al 79 Creating or editing login SEQUENCES siriani a aaan 80 THEFT E pega FOZZ E 82 THE ATIPEDTOR E 83 OR Glen TE enke E E A AA 84 13 ADVANCED CONFIGURATION lt lt 85 AIS BT Re En Kl Te 85 ADPIC QUOI re E a 85 LOGO O EE 85 METAR CIC taladros 85 ES EE 86 MUISCONANCO US ee Ee 86 SCAN SETTINGS TEMPLATES in da ceda 87 Creating modifying or deleting Scan Settings templates nsss 87 EE 87 el eege kee el EE 88 SE e EXCIUSIONS SS aa 89 GHDB Google Hacking D
36. NFR Evaluation Edition File Actions Tools Configuration Help New Scan 2 Pda a Zz a e Start El Encoder Tool Gi Request Text Only El El 4 method POST Protocol HTTP 1 1 URL search php test query X Edit Request Variables Request Headers Request Data Header Name Header Value 1 goButton gos searchFor 1 3cScRiPt320 3eprompt32893389 Y Content Length 71 7 29 3c 2fScRiPtt3e lt script gt alert hello Focus lt scr Content Type application x www form urlencoded ipt gt v Cookie mycookie 3 di Host testphp vulnweb com 80 V Connection Keep alive Y Accept Encoding gzip deflate Y User Agent Mozilla 4 0 compatible MSIE 6 0 Windows NT 5 Response Headers Response Data view Page HTML Structure Analysis Look for 1 lt ScRiPt gt prompt 933897 lt O fa R 4 E Hm lt td align right gt lt td gt lt tr gt lt table gt lt div gt lt div gt lt end masthead gt lt begin content gt lt InstanceBeginEditable name content_rgn gt lt div id content gt lt h2 id pageName gt searched for 1 lt ScRiPt gt prompt 933897 lt ScRiPt gt lt hn2 gt lt div gt io TneranrcreRndiidirahla gt Activity Window Ready Screenshot 53 The HTTP Editor The HTTP Editor allows youto create analyze and edit client HTTP requests and server responses This allows you to further fine tune attacks and confirm if vulnerabilities
37. ORT LAYOUT dias 40 RODO ab 40 FAO EE 41 THE REPORT Soa S Rae re aera 41 UNS MUERO a o a 41 J SITE GRAWEER DOE TONOS ai 43 INTRODUCTION aL 43 STARTNG AWEBSITE GRAW E dina 44 CRAWLER O NS e 44 BI TEIN SION ir VEE aiii 46 DIRECTORY AND FLE FILTER Sussie 47 URL FE WRITE RULES a e be 47 CUSTOMS OOKIE Siriaco aan O 49 TRAVERSING WEB FORM PAGES it a 49 7 MANU AL CRAWLING WITH THE HTTP SNIFFER sssssssssansnannnannnannnnnnnnnnnnnnnnnnannnnnnnnnnnnnnnnnnnnnnannnannnnnnnnnnnnnnn 51 INTRODUCTION A a 51 GONFIGURING THE HTTPS NIFFE R ido 51 MOZNA ICI OX as 51 mernet TE INCAS AAA Na 52 Cfo ole A ei 52 CAPTURING HTTP TRAFFIC unreal aca 52 PSNI REPS TRATE Seo 53 le AFTER Snert I ap PO iaa SE PE AO TF O T ter ereerineeten ere enrmrrrtr errr stir ee tamer rater ectee rt eart tate eet eee See nret eee ee eee 54 EDITING AA TP REQUEST WITHOUT A KE 55 8 COMPARE RESULTS TOOL RE 57 Inge Ri a o de od 57 COMPARAR ESA o el 57 ANALYZING THE RESULTS COMPARISON e a a kde tae 57 9 SCANNING WEB SERVICES cinc ii 59 INTRODUCTION dl cad 59 STARTING A WEB SERVICE SCAN a 59 WEB SERVICES EDITOR cach isaac e dl 60 Importing WDSL and Sending Hecduest ee 60 A A annie 60 EE TAD ais 60 WSDESTUCIUre Taba ds 61 ESO A SAE 61 SUR enke H E NEE 61 10 COMMAND LINE OPERAT I N ienniconinim 63 Niue eect cea cece K E E EA A deen oe cee cette nage E T A TEE 63 WVS CONSOLE SCANNER COMMAND LINE PARAMETERS ENEE 63 WVS CONSOLE SCANNER COMMAND LINE OPTIONS E
38. TP headersof the requestsenttothe web serverto retrieve the selected file andthe HTTP response headers received e Inputs Possible input parameters and valuesforthe file e View Source The source HTML of the page 34 View Page The page is displayed asitis shown ina web browser Most client side scripts are disabled inthistabto avoid launching vulnerabilities against the computer on which Acunetix WVSisrunning HTM L Structure Analysis HTML structure information such as A list of links discovered onthe file Comments discovered in the selected object The information contained in the comments cannot be automatically analyzed but may reveal interesting information about the construction and codingof the website Any client side scripts JavaScript VBscript etc and their source code discovered inthe selected object The client web browser willexecute these scripts Such information might reveal information about the logicof the web application Any forms discovered in the selected object are shown inthe top window A list of parameters and their possible values are shown inthe middle and bottom window A listof META tags discovered inthe selected object META tags contain information about the website e g the description and keywords META tags used by search engines META tags with an HTTP EQUIV attribute are equivalent to HTTP headers Typically such META tags control the action of browsers and may be used to refine the i
39. The Basic Options allow you to specify what target sto scan as well asthe scan recursion The recursion option gives you the option to configure the Schedulerto run a scan Once Every Day Every Week Every Month or Continuous Set aspecificday number if scheduleisset to weekly or monthly e g 2 day of the weekor21 day of the month 76 Scheduled Scan Advanced Options gt Basic options Advanced options Scanning profile Defaut O d Login sequence nns S d Scan settings Default d Scan mode Heuristic d Excluded hours none d gt Crawling options gt Scan results and reports oK Cancel 4 Screenshot 47 Acunetix Scheduler Advanced options The Advanced Optionsallow you to configure e ScanningProfile e Login Sequence e Scan Settingstemplate e Scan Mode e Excluded Hours Template Scheduled scan results and reports gt Basic options Advanced options gt Crawling options Scan results and reports M Save scan results to database I Save scan logs l Generate report Report format REP DI Extra parameters for reporter OK Cancel 4 screenshot 48 Acunetix Scheduler Scan results and Reports In this section you can specify to save the scan resultstothe reporting database save the scan logs and generate areport You can also specify in which format you want the reportto be generated 77 In addition the Extra parameters for reporter field allows you
40. agement Tools gt IIS6 Management Compatibility gt IIS 6 Metabase Compatibility to able listing of all NET applications runningon server 14 fRACU netix Acunetix WVS NET AcuSensor Installer Installation details Installation directory C Program Files Acunetix AcuS ensorlnjector eS Y Create shortcut on Desktop v Create shortcut on Start Menu Programs folder Y Start application after the installation is completed Screenshot 6 Acunetix NET AcuSensor Injector installation 1 Double click Setup exe to install Acunetix NET AcuSensor and specify the installation path The application will start automatically once the installation isready If the application isnot set to start automatically click on Acunetix NET AcuSensor Technology Injectorfrom the program group menu fal Acunetix NET AcuSensor Injector Select the applications you want to injecttunimject from the list bellow Retresh UI A acuforum SEIN acublog Target Runtime NET Framework version 2 0 Inject Selected Uninject Selected Screenshot 7 Acunetix NEI AcuSensor Technology Injector 2 On start up the Acunetix NET AcuSensor Technology Injector will retrievealist of NET applications installed on your server Select which applications you would liketo inject with AcuSensor Technology and select the Framework version from the drop down menu Clickon Inject Selected to inject the AcuSensor Technology code inthe
41. ane contains the results of the second scan The middle column showsicons indicatingthe comparison result for the items in that line based onthe following indicators 57 There are no changes Thisitem was added in the new version Thisitem was deleted from the new version E Thisitem was changed in the new version Clickon the resulticon inthe middle column to display the details in the window below the comparison These details show the changes detected between the two scans such as the number of items detected and the itemsthat have been added or deleted 58 9 Scanning Web Services Introduction Web Services like any other internet dependent systems present new exploit possibilities and increase the need for security audits The Web Services Scanner performs automated vulnerability scans for Web Services and generates a detailed security report of the results r A Acunetix Web Vulnerability Scanner NFR Evaluation Edition File Actions Tools Configuration Help ES 9 a eat 2 New Scan le gt a e a 1 LS lA di Report WSDL URL http testaspnet vulnweb com acuservice service asmx WSDL iih Alerts summary E Bl http testaspnet vulnweb com acuservice servic 9 variant i a Service ServiceSoap12 GetUserInfo usernam E 0 Service ServiceSoap GetUserInfo username 1 4 alerts A acunetix threat level Level 3 High Acunetix Threat Leve
42. applications are custom made and therefore involve alesser degree of testingthan off the shelf software Consequently custom applications are more susceptibleto attack e Various high profile hacking attacks have proven that web application security remains the most critical If your web applications are compromised hackers will have complete access to your backend data even though yourfirewallis configured correctly and your operatingsystem and applications are patched repeatedly Network security defense provides no protection against web application attacks since these are launched on port 80 default for websites which hasto remain open to allow regular operation of the business For the most comprehensivesecurity strategy itistherefore imperative that you regularly and consistently audit yourweb applications for exploitable vulnerabilities The need for automated web application security scanning Manual vulnerability auditing of all yourweb applications is complex and time consuming It also demandsa high level of expertise and the ability to keep track of considerable volumes of code and of all the latest tricks of the hacker s trade Automated vulnerability scanning allows you to focus onthe more challengingissue of securing your web applicationsfrom any exploitable vulnerability that jeopardizes your data Acunetix Web Vulnerability Scanner Acunetix Web Vulnerability Scanner WVS is an automated web application security
43. asy access of scan results on any workstation laptop or smartphone e Automaticcustom 404 error page recognition and detection e Scan Settings Templates e Simplified Scan Wizard e Smart memory management options e Real time Crawler status update e Scan termination status included in report e Webapplication coverage report e Logfile retention settings Acunetix training and Support Acunetix publishes anumber of web security and Acunetix how to technical documents on the AcunetixWeb Application Security Blog http www acunetix com blog You can also find a number of support related documents such as FAQ sin the Acunetix WVSsupport page http w www acunetix com support Licensing Acunetix Acunetix Web Vulnerability Scanner WVS is available in 5 editions Small Business Enterprise Enterprise x10 instances Consultant and Consultant x10 instances Ordering and pricing information can be found here http www acunetix com ordering pricing Atm Perpetual or Time Based Licenses Acunetix WVS Enterprise and Consultant editions are sold asa one year or perpetual license The 1 year license expires after 1 year from the date of activation The perpetual licensedoes not expire The Small Business version is available as a perpetual license only If you purchase the perpetual license you must buy a maintenance agreement to get free support and upgrades beyond the first month after purchase The maintenance agreement enti
44. at delimited by To find out what parameters are available for each type report template use the followingsyntax Reporter _console exe r ReportTemplate Syntax r reporttemplate p parameter True False Usage Example r WVSSingleScan rep p ShowHTTP False Scan identifiers from the database to use asa report source From the Acunetix WVS reporter inthe Configuration gt WVS Database node you can find the ID for each scan stored inthe reporting database The identifier can be one integerforsingle target template two integers for comparison templates delimited by Can also be omitted forreports without specificscan target For single scantemplates youcan use last as target to indicate the last Saved scan from the database Syntax t report D Example t24 72 11 The Scheduler Introduction The Scheduler application allows you to schedule scans at a convenient time without requiringAcunetix WVSor the Acunetix WVS Scheduler Interface to be running Configuring the Scheduler service The Acunetix Scheduler has aweb based interface that can be configured through the Acunetix WVS application settings To access the Scheduler service settings navigate to Configuration gt Application Settings gt Schedulernode Configuring the Scheduler web interface Web Interface Listen on port 8181 http localhost 8181 Allow remote computers to connect Use HTTPS Change administra
45. atabase CUptons ee 89 EE 89 OR Eelere 89 ANSeS rio iio oa 90 CUSO COOK IO EE 90 PORE e aa 90 ASS ted 90 E lee aun it cid 90 CUSTIONT 404 el sidad 91 SCI MIMO MOS aos 92 ETAT Scanning F rOle SAA 92 RE 93 Creating Modifying Scanning ee 94 CREATING CUSTOM NERT N A 94 14 TROUBLESHOOTING lt a user peesSav cece cee aacusstanabanneceaoces 95 OBTAINING SUPPORT siecrsttoa Grete EE 95 ATI eis ia NS as EE 95 SUPPO Esa fenet iat cette cccha tartans ias 95 TAG ACUC SUDDO C is 95 AA e Ct eI 95 REQUEST SUPROR TD VIA EE 95 FAN ei Et NK e a een rn OPS taa 95 ACUNET FACE e 95 KNOWLEDGE BASE HELP GUPPORTBAGE AAA 95 PAGE LEFT BLANK INTENTIONALLY 1 Introduction to Acunetix Web Vulnerability Scanner Why You Need To Secure Your Web Applications Website security is possibly today s most overlooked aspect of securingthe enterprise and should be a priority in any organization Increasingly hackers are concentratingtheir efforts on web based applications shoppingcarts forms login pages dynamiccontent etc Accessible 24 7 from anywhere in the world insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities usingthe attacked sites A victim s websitecan be used to launch criminal activities such as hosting phishingsites orto transferillicit content while abusing the website s bandwidth and making itsowner liable forthese unlawful acts Hackers alr
46. ath C Program Fies x86 Acunetix Web Vulnerabiity Scanner 7 Data General passist bt me Screenshot 49 Authentication Tester More information about the Authentication tester can be found here http www acunetix com blog docs authentication tester Login Sequence Recorder The Login Sequence Recorder can be used to perform a number of tasks duringa crawl and a scan e To configure AcunetixWVSto access a form based password protected section e Tocreate a pre defined crawlingsequence such asa shoppingcart e To mark pagesthat require human manual intervention each time they are accessed such as pages with CAPTCHA One Time password Two Factor authentication etc 79 Creatingor editinglogin sequences 1 Navigate to Configuration gt Application Settings gt Login Sequence M anager 2 Inthisconfiguration screen you can create or edit the login sequences used by Acunetix WVSto access website areas protected by form based authentication Login sequences allow Acunetix WVSto replicate all events that are manually performed to access the area secured by a login page 3 Clickon the button to open up the Login Sequence Recorder Enter the URLof the website and clickon Next One can also click CheckURLto confirm that the URL entered is reachable fromthe Acunetix Login Sequence Recorder 4 Recordthe login sequence For more information referto the section Scanning aform based password protected area on page 26 in this user manual
47. attern can be found inthe body of the custom error page e Result The defined pattern can be found in both the header and body of the custom error page You can also generate such pattern automatically 1 Enterthe website s URLin the Browse URL inputfield and click GO The browser will request non existing URL sto triggerthe Custom 404 error page 2 Highlightthe unique text from the custom error page 3 Click Generate pattern from selection Scanning Profiles The scanning profiles enable you to specify which type of vulnerability checks e g XSS SQLInjection you would like to run on your website From the Configuration gt Scanning Profiles node inthe Tools Explorer window pane you can create or edit scanning profiles includingthe default set Default Scanning Profiles A number of default scanning profiles are included with Acunetix WVS Below isalist of all the scanning profiles and asummary of the security checksthey perform Fora detailed list of the vulnerability checks that are included in each scanning profile navigate to the Configuration gt Scanning Profiles node inthe Tools Explorer and select the profile name fromthe Profile drop down menu The tests selected with acheckbox willbe launched when the scanning profile is used Profile Description S default All vulnerability types AcuSensor Security checks related to AcuSensor Technology such as directory traversal filetempering etc
48. cart php oK addcart 6 price 10000 oK addcart 1 price 500 oK 9 categories php OK 9 cb13d9011f1f3268749349e7647 OK 9 dearguestbook php Unauthorized EI 4 comment php Object moved ww aid 2 OK ww pid 4 comment 1 name 3cy OK ole K y H i Info 4 Referrers 23 HTTP Headers 2 Inputs _ View Source g 4 gt Scanning 1 website s Number of websites left to scan 1 A Screenshot 23 Scan Result and Information window In the Crawler results Site Structure node color codes are used to show different file statuses The filename color codingisas follows e Green These files will be tested with AcuSensor Technology resultingin more advanced security checks and less false positive alerts From the AcuSensor datatab the user can see what data related to these filesis beingreturned from the AcuSensor Such information is usefulifauserwantsto know what SQL queries were executed or ifthe file in question isusingsome functions which are monitored e Blue File wasdetected duringa vulnerability test and not by the crawler Most probably such files are not linked from anywhereon the target website e Black Filesdiscovered by the crawler For every discovered item more detailed information is available in the information pane on the right hand side e Info Genericinformation such asfile name page title path length URLetc e Referrers The filesor pagesthat linked to the tested file e HTTP Headers The HT
49. ck the option Use a proxy server for your LAN In the Addressinput field enter 127 0 0 1 and enter 8080 in the Port inputfield If you also need to capture SSL traffic click on the Advanced button and inthe Secure Input field enter 127 0 0 0 as proxy address and 8080 as port number 6 Clickon OKto save all settings and close all configuration windows St qe et Ye Google Chrome Google Chrome uses Internet Explorer s proxy server settings Therefore to use Google Chrome follow the procedure above and configure Internet Explorer Note By default the HTTP Sniffer proxy server listens on localhost 127 0 0 1 and port 8080 Thislimits the capturing of trafficto web clients runningonthe same machine The HTTP Sniffer optionsin AcunetixWVScan be accessed from the Configuration gt Application Settings gt HTTP Sniffernode You can set the HTTP Snifferto listen on all interfaces so web client applications runningon other machines can proxy trafficthrough the HTTP Sniffer for analysis The HTTP Sniffer port can also be configured Capturing HTTP traffic To capture HTTP traffic 7 Goto the Tools gt HTTP sniffernode 8 Clickon the Start button to enable the HTTP Sniffer All HTTP requests and responses will be listed in the main window 52 10 11 12 13 Click on a request or response to view the complete details All the requests responses will be displayed inthe lower window pane Click Stop when browsingis c
50. e saved in the location specified by the savefolder switch Syntax exportxml exportavdl Exports results as AVDL format The file will be saved in the location specified by the savefolder switch Syntax exportavdl savetodatabase Saves scan results to reporting database If this option isnot specified reports cannot be generated afterthe scan unlessscan results are manually imported to reporting database Syntax Savetodatabase savelogs Saves scan logfilesto the non default location The file will be saved in the location specified by the savefolder switch Syntax savelogs generatereport Generates and savesthe scan reportto adirectory The file will be saved inthe location specified by the savefolder switch Syntax generatereport ReportFormat Generates the report in one of the specified formats REP PDF RTF HTML etc Syntax ReportFormat format 65 Example ReportFormat PDF ReportExtraParams Here you can specify extra parameters forthe Reporter such as report template compliance type etc See the section Acunetix Reporter CLI reference on page 68 for more information on this parameter or else type reporter_console exe for more information Syntax ReportExtraParams parameter value Example ReportExtraParams r WVSComplianceReport rep k PCI12 xml sendmail Sends an email alert that the scan is finished to the user using the details c
51. e the local WSDLfile is stored Click Importto import all WSDL information 2 From the dropdown menusinthe toolbar select the Service Port and Operation that must be tested 3 Specify avalue forthe operation and click Send to pass the SOAP request to the web service The web server response can then be viewed in a structured or XML view type inthe lower window pane Response Tab Displays the response sent back from the web service in raw XML format Structured Data Tab Presents the XML data received from the web service response by showingthe elements in ahierarchy of nodesthat show the value foreach element 60 W SDL Structure Tab Presents adetailed view of the web service data as provided by the WSDL Structure The WSDL information Is structured in the form of nodes and sub nodes and the main nodes of the tree structure are XML Schemaand Services The XML Schemanode lists all the ComplexTypes and the Elements of the web service The Services node lists all the web service ports and theirrespective operations together with the resource details of the source of the SOAP data A more detailed WSDLstructure can also be shown by ticking the Show detailed W SDL structure at the bottom of the screen This will provide extensiveinformation for each sub node of the Services node structure such as input messages and parameters WSDLTab Thistab showsthe actual WDSL data in the form of XMLtags Usingthe toolbar provided atthe bottom
52. e the scanner will launch an extensive amount of security checks against the website This scanning mode should only be used for specialized security audits since it can take a considerable amount of time to finish e Limit crawl recursionsto X iterations After a site is crawled and vulnerability scanning has started the scanner can still discover new objects for which a new craw will be started Thisis called iteration Configurethe maximum number of crawl iterations that can happen duringa website scan e Enable Port Scanning Enable this option to port scan the web server on which the target website ishosted duringaweb security scan by default Formore information about the Port Scanner and Network Alerts refer to page 6 of this manual e Collectuncommon HTTP Requests Acunetix WVScan report any uncommon server response that might include sensitive data such as internal server errors These alerts are reported under the Knowledge Base node in the Scan Results window e Abort Scan ifthe serverstops responding Configure the maximum number of network errorsthe scanner must encounter before completely abortingthe scan e List of hosts allowed By default AcunetixWVSwill not crawl links outside the target URL However some links on some websites link to external locations outside the target URL and may require beingincluded inthe scan Configure Acunetix WVSto include and follow these linksin the list of hosts allowed field
53. eady have a wide repertoire of attacks that they regularly launch against organizations including SQLInjection Cross Site Scripting Directory Traversal Attacks Parameter Manipulation e g URL Cookie HTTP headers web forms Authentication Attacks Directory Enumeration and other exploits Moreover the hacker community is very close knit newly discovered web application intrusions are posted on a numberof forums and websites known only to members of that exclusive group These are called Zero Day exploits Postings are updated daily and are used to propagate and facilitate further hacking Web applications shopping carts forms login pages dynamiccontent and other bespoke applications are designed to allow your website visitors to retrieve and submit dynamiccontent including varying levels of personal and sensitive data If these web applications are not secure then your entire database of sensitive information is at serious risk A Gartner Group study reveals that 75 of cyber attacks are done at the web application level Why doesthishappen e Websites and web applications are easily available viathe internet 24 hours a day 7 daysa week to customers employees suppliers and therefore also hackers e FirewallsandSSLprovide no protection against web application hacking simply because access to the website has to be made public e Web applications often have direct access to backend data such as customer databases e Most web
54. enshot 54 SQL Injector The Blind SQL injectorisan automated database data extraction tool By importing SQLinjections discovered when scanninga website you can testthe impactan SQL injection can have onthe website With the Blind SQLInjectortool you can also run manual tests to check for different variants of SQL injection You will also be able to enumerate databases tables dump data and also read specificfiles on the file system of the web server dependingon the severity of the vulnerability Usingthistool you can also run custom SQL Select queries against the database More information about the blind SQLinjector can be found here http www acunetix com blog docs blind sql injector tool 84 13 Advanced Configuration Application Settings AcunetixWVS configuration settings can be accessed from the Configuration gt Application Settings node inthe Tools Explorer window pane EI Acunetix Web Vulnerability Scanner Consultant Edition iol xj File Actions Tools Configuration Help LJ Ei e Seeerei 9 Application Updates 74 Configure the updater and it s network settings Scanner Updates Check for updates When Check for updates is dicked D E Client Certificates EC Login Sequence Manager HTTP Proxy for program updates False Positives If your company is using different settings for acessing the internet web and intranet below the used fo
55. ere it failsto do so automatically The crawler willupdate the website structure with the newly discovered links and pages 45 Getfirst URL only Scan only the indexorfirst page of the target site and do not crawl any links Do not fetch anything above start folder By enablingthisoptionthe crawler will not traverse any links that point to a location above the base link E g if http testphp vulnweb com wvs is the base URL the crawler will not crawl to links which pointto a location above the base URL like http testphp vulnweb com Fetch files below base folder By enablingthisoptionthe crawlerwillfollow linksthat pointto locations outside the base folder E g if http testphp vulnweb com isthe base URL it will still traverse the links which pointto an object which residesin asub directory below the base folder like http testphp acunetix com wvs With thisoption disabled the crawler will not crawl any objectsfrom the root s sub directories Fetch directory indexeseven if not linked When enabled the crawler will try to request the directory index for every discovered directory even if the directory indexis not directly linked from another source Retrieve and process robots txt sitemap xml By enablingthis option the crawler will search for a robots txt or sitemap xml file in the target website and follow all the links specified if robots or sitemap are detected Ignore CASE differencesin paths By enablingthis option
56. es used Once a crawl is complete you can specify which of the crawled files should be scanned for vulnerabilities By default all files are scanned Crawler options n Site Crawler yw Here you can set the default crawler settings The Site Crawler is working with these settings For scans you can override them from Scan Wizard Crawling options These options will define the behaviour of the crawler Start HTTP Sniffer for manual crawling at the end of the process Get first URL only Y Do not fetch anything above start folder Y Fetch files below base folder Fetch directory indexes even if not linked Y Retrieve and process robots txt sitemap xml Ignore CASE differences in paths Y Submit forms Y Enable CSA analyze and execute JavaScript AJAX Y Fetch external scripts wv Fetch default index files index php Default asp Try to prevent infinite directory recursion Screenshot 30 Site crawler options Crawler configuration settings can be modified by navigatingto Configuration gt Scan Settings gt Crawling The following Site Crawler options are available e Start HTTP Snifferformanual crawlingat the end of the scan process This option will 44 start the HTTP Sniffer atthe end of the craw to allow manual crawling by enablingthe userto browse to partsof the site that were not discovered by the crawler Typically the AcunetixWVScrawleris able to crawl every web application though there are some specificscenarios w
57. following compliance bodies 39 The Health Insurance Portability and Accountability Act HIPAA OWASP Top10 Payment Card Industry PCI standards Sarbanes Oxley Act of 2002 Web Application Security Consortium WASC Threat Classification NIST Special Publication 800 53 DISA STIG Web Security Scan Comparison Report Ma di ds der pri aisg ds Lene pica a ka a lols pares Screenshot 28 Comparison Report The Scan Comparison Report allowsthe userto track the changes between two scan resultsforthe same application Thisreport will document resolved and unchanged vulnerabilities and new vulnerability details with astyle that makes it easy to periodically track development changes foraweb application Monthly Vulnerabilities Report These reportsallow youto gather vulnerability information fromthe results database and present periodical vulnerability statistics allowing developers and management to track security changes and to compile trend analysis reports Customizing the Report Layout The Reporter settings allow you to configure the layout and style of the generated reports To access the report settings navigate to the Configuration gt Settings node inthe Reporter Tools Explorer Report Options This configuration node consists of 2sectionsthat can be used to customize the layout titles and imagesinthe headers of the report General Settings Configure the default report template for generatingareport Report O
58. form encountered duringacraw or scan 49 To specify alist of pre defined values that must be automatically entered on aweb form or web service 1 Navigate to the Configuration gt Scan Settings gt Input Fieldsnode 2 Enter the URL of the webpage or web service containingthe specificform orlist of operationsto which pre defined values must be passed and click Parse from URL button 3 Theresultinglist will then be automatically completed with the form fields found inthe given URL 4 Enter the valuesforthe required fields by double clickingthe respective value column Click Apply to save changes 5 Inputfields also support wildcardsto match a broad range of data Below you can finda number of examples e cus is used to match any number of characters before and after the pattern cus e cus is used to match any number of characters before the pattern CUS e cus is used to match any number of characters after the pattern cus e cusis used to match a single character before the pattern cus e c usis used to match a single character as a second character in the pattern specified 6 Alternatively you can configure Acunetix WVSto automatically randomize the valuesfor each input field by enteringthe bolded variable names below in the parameter s valuefield e f alpharand Automatically submit random alphabetical characters a z e numbrand Automatically submit random numericcharacters 0 9 e fal
59. gin sequence which the Crawler will use to successfully log in to your web login sequence for application and craw it Record login actions Setup restricted links application s URL below 27 acuart el Check URL Setup in session detection detection of invalidated e ns Review login sequence Please note that in order to record a successful login sequence the wizard has to delete any cookies associated with the website or web application you specified in the URL field above If you do not want that such cookies to be deleted press Cancel to exit this wizard now The Login Sequence Recorder can also be used to configure the crawler to crawl a web application in a pre defined manner such as a shopping cart To configure the crawler to crawl a web application in a pre defined manner craw the web application in the second step of this wizard Record Login Actions and do not configure In session details in the fourth step of this wizard Macunetix AZ Aart gi Screenshot 15 Login Sequence Wizard 2 Enter the URL of the website for which you would like to record a login sequence By default the URL of the target website is automatically populated Click Nextto proceed mo i f Login Sequence Recorder i wyle sz ola http1710 172 0 127 acuartogin php Set start URL to define a SE Ss RE ogin sequence fo Y login sequence for 5 J 3 Sai m Record login actions
60. hat contribute to the auditing process E Web Services Tools for auditing web services Configuration nformation and licensing techical support and purchasing information Common Tasks New Scan 9 Sample Scan e New WS Scan ih Reporter Scheduler AcuSensor Acunetix Web Application Security Blog Acunetix to Be Exhibited at Globaltech 2011 VIDEO How Cross Site Scripting XSS Works Improving Web Security by Working With What You ve Got Acunetix Web Vulnerability Scanner Version 7 build 20111005 released Explaining the why of Web application security rame Config XML leb Vulnerability Scanner version 8 0 build 20111017 jon menus WET ae XML ps v e Application Log Error Log Screenshot 2 Acunetix Web Vulnerability Scanner Web Scanner The Web Scanner launches an automatic security audit of a website A website security scan typically consists of two phases 1 Crawling the Crawler automatically crawls and analyzes the websiteand then buildsasite structure 2 Scanning AcunetixWVSlaunches aseries of web vulnerability checks against the website or web application in effect emulating ahacker The results of a scan are displayed inthe Alert Node tree and include comprehensive details on all the vulnerabilities found within the website AcuSensor Technology Agent Acunetix AcuSensor Technology isa unique technology that allows yo
61. he scan was aborted by the user n Scan details a 0 Apache 2x version older than 2 0 63 Apache httpd Remote Denial of Service Application error message Res mee Backup files Seras eg SEN 2 0 55 Ubuntu mod_python 3 1 4 Python 2 4 3 PHP 5 1 2 mod_ssl 2 0 55 Error message on page opar nSSL 0 9 8a mod_perl 2 0 2 Perl v5 8 7 HTML Fom found in redirect page Server OS PHPinfo page found iS Server technologies gt d_ssl mod_perl mod_python OpenSSL Perl Hidden form input named price was found User credentials are sent in clear text Threat level Broken li Email address found acunetix threat level Acunetix Threat Level 3 GHDB Default phpinfo page Level 3 High ne or more sie sai seve rd type e vulnerabilitie Ao been ven red by th ies GHDB Generic MySQL error message malic can explo demo abilities and compro ake Seng et de ta ges GHDE phpinfo par oe a has elen ze te GHDE SQL error messag Password type input with autocomplete enabled Possible intemal IP address disclosure Alerts distribution Possible server path disclosure Unix Possible usemame or password disclosure Total alerts found 147 Scanned items coverage report O High 51 E WE AA 4 2 86 KH Screenshot 26 Default Generated Report from Scan Results To generate areport 1 Selectthe type of report template you would liketo generate and click on Report Wizard to launch a wizard to assist you in generatingthe report
62. ices Scanner 3 Custom Cookies 4 Web Services Editor p Input Fields Abort scan if the server stops responding Abort after 25 Gi network errors E Configuration Application Settings BEE m List of hosts allowed 14 Scan a O Part cer Some websites may link to files on other hosts ex img domain com You should indude 2 Scanning Profiles s Custom 404 here all the hosts that you want to be scanned AC General The hostname can be specified using wildcards 2 Program Updates ex domain com or host domain com xo Version Information een 9 Licensing Support Center Purchase ici E User Manual html e Aiet a SI User Manual pdf si AcuSensor Cancel activity Window j Ready y Screenshot 56 Scan Settings templates Creating modifying or deleting Scan Settings templates To create a new Scan Settings template click the amp button and specify aname for the New Scan Settings template To delete an existing Scan Settings template select it from the Template drop down menu and click the amp button To modify an existing Scan Settings template select it from the Templates drop downmenu make the necessary changes and then click Apply Below isa detailed list of all the options available for each Scan Settings template Scanning Options e Disable Alerts generated by crawler Select this option to disable crawlerrelated alerts suchas broken links file inputs and files which thei
63. ielDocuments Acunetix WVS amp AcuSensor e Generate PHP AcuSensor e Generate NET Acusensor Copy password hash to dipboard IT Also set password in currently selected settings template Use the below button to generate the files you need to deploy AcuSensor to a server Generate AcuSensor Installation Files Screenshot 5 AcuSensor Deployment settings node 1 Navigate to the Configuration gt Settings node inthe Tools Explorer Click on the AcuSensor Deployment node 2 Entera password or clickon the padlock iconto randomly generate a password unique to the AcuSensorfile Specify the path where you want the AcuSensorfilesto be generated 4 Furthermore you can choose to generate filesforaPHP website NET website or both by tickingthe options available By default an AcuSensor file will be generated for both PHP and NET 5 Clickon Generate AcuSensor Installation Files and an explorer window will automatically open showingthe generated AcuSensor files Installing AcuSensoragent for NET 1 Locate the AcuSensor installation filesforthe website wherethe AcuSensor will be injected Copy Setup exe to the remote server hostingthe target website 2 Install Prerequisites The AcuSensor injector application requires Microsoft NEI Framework 3 5 On Windows 2008 you must also install IIS6 Metabase Compatibility from Control Panel gt Turn Windows features On or Off gt Roles gt Web Server IIS gt Man
64. ify a database name in the Database text box If the database doesnot exist it will be automatically created If the database specified already exists you will be prompted witha confirmation to overwrite the current database structure and data Note To create a new database a user with SQL Administrator privileges must be specified If an existing database is specified auser with Administrator privileges on the specified database ONLY Is required Once the database is created auser account with only read and write permissions can be used to access the database It isalso possible to import a database configuration file Select Import Database Configuration and select a dbconfig file generated by the Acunetix Enterprise Reporter to automatically import SQL database settings 41 42 6 Site Crawler Options Introduction The Site Crawleranalyses atarget website and buildsthe site structure usingthe information collected includingthe site s directoriesand files objects You can also use the site Crawlertool to analyze the structure of a website without automatically launchingthe attacks Ma Acunetix Web Vulnerability Scanner NFR Evaluation Editio File Actions Tools Configuration Help New Scan l 3 y Be 2 lel ia 8 8 Sie Se zg Zi Start URL http testphp vulnweb com w Login Sequence lt no login sequence gt w Start g Name HTTP Result Inputs Title Cor Hide Tab
65. igh a MU PHP version older than 5 2 6 1 Medium gt Ml PHP Zend_Hash_Del_Key_Or_Index O Low A 9 Apache 2 x version older than 2 0 6 O informational 19 MS Si Apache 2 x version older than 2 0 6 Apache httpd Remote Denial of Serv KC e a S SE ae a Hidden form input named price was f S J ES 2 p AS A E O User credentials are sent in dear te E Statistics 697 requests 9 Broken links 5 Scan time 16 minutes Email address found 3 Number of requests 697 GHDB Default phpinfo page 1 Average response time 341 34 milliseconds O GHDB Generic MySQL error messag Scan iteration 2 e GHDB phpinfo 1 e GHDB SQL error message 2 User Manual html Password type input with autocompl User Manual pdf R Knowledge Base gt AaSensor E Site Structure Dm OK E 9 admin Forbidde m n AJAX OK 7 compat Forbidden Connections Forbidden cs Forbidde Flash Forbidde L images Forbidden E E Mod_Rewrite_Shop OK pictures Forbidden D I secured OK Scripting Running m Q Templates Forbidden FCKEditor_Audit script 17 requests 2 E L wvstests Forbidden Idle E 2 IA Torbidoen xj EES oe le Screenshot 21 Scan Result and Information window Web Alerts node The Web Alerts node displays all vulnerabilities found on the target website Web Alerts are categorized accordingto 4 severit
66. ing or sorting From this report you can have a genericideaof what type of vulnerabilities can be exploited on yourwebsite Compliance Reports OWASP TOP 10 2010 comolsance Epon Description The primar am ol ae OWASE Top 10 ig nette AED DAS DO TEA ges O ODO A Ve AO of emcee poa ye GEES secar esk The a 10 odes bate cigs do prod ares ese EA sk problem sass 2050 prod podios co where 30 geo Soen Pare Disclaimer Tis domet of soy ds compet cero ecco i or De dues h ey Sone ot rs ic Te cotcoeme of Tet sn ior SECH slo Sr be alized Co ege Get Gert rsetes se Galen Go lower fre ribs of pasta egois cere cut fo cmos Sa Leger sic FLSE De Sa SOO CO a ee coe AN le ed Ge olores in wei ney ae epofed ar COS np ad need Therein no tesche provibed in ZE oca my ever De Led es bere fo a gudik lege biiy or ras AOR d TR report a Salen ben WWA P Te e mos CAR we spobcaa sour wineries 2010 indice Goceenend Geto be bund et PE sae Ave Ong Scan URE Ao ds pr bo E Sor a O41 re Dur von SP 2 SOO Gere raised with Annet WS sy elumbon edibon trol fer commercial ussi Compliance at a Glance Tha econ ol Se oe ey SO a e Grier CH aer Some coonding c aida Compiience Calor Screenshot 27 Compliance Report The compliance feature allows you to generate reports based on various compliance standard specifications An easy to use wizard will prioritize and report specific vulnerabilities accordingto the standardized format as specified by the
67. ing stage of ascan Ignore parameters on file extensions like Je cssetc When enabled AcunetixWYVS will not scan parameters on files which are not typically accessed directly by a user such as Js CSS etc e Disable auto custom 404 detection By default Acunetix WVSwill automatically try to detect custom 404 error pagesand detecta recognition pattern Withthisoption enabled AcunetixWVSwill not automatically detect 404 error pages thereby requiring 404 recognition patternsto be configured manually You can read more about Custom 404 Error Page rulesfrom page 91 of this manual e Considerwww domain com and domain com as the same host If thisoptionis enabled AcunetixWVSwill scan both sites www domain com and domain com and treat them as one instead of separate hosts e Maximum number of variations In thisoption you can specify the maximum number of variationsforafile E g index asp hasa GET parameterlDof which the crawler discovered 10 possible values from links requesting the page Each of these linksis considered a variation and each variation will appear under the filein the Scan Tree during crawling e Link Depth Limitation Thisoption allows you to configure the maximum number of linksto crawl fromthe root URL e Structure Depth Limitation Thisoption allows you to configure the maximum number of directoriesto crawl fromthe root URL e Maximum number of sub directories Thisoption allows you to configure the maximum number
68. ink dns 313 enclosure 1 x sata 1 it will request the following Mod Rewrite Shop details php id t Tick the Last rule option to indicate that no more rulesshould be executed afterthisone Tick Case insensitive if the URLs are not case sensitive Tick Match on the full URI option so that the regular expression is executed on the whole URI with the query instead of the path only Tick IS URL rewrite rule if the target website is using Microsoft Windows IISURLrewrite rules http www iis net download urlrewrite To testthe URL rewrite rule enteraURL and click Test Rule Importing a URL Rewrite rule configuration from an Apache web server To import the rewrite rule logicfor Apache web servers 1 To openthe Import Rewrite rules wizard click Add Ruleset and then click Import rule Inthe filename field enterthe path of the Apache httpd conf or htaccess file the file which contains the URL rewrite rules 2 Select the type of configuration to import httpd conf or htaccess If ataccessis used itis important to specify the hostname of the website e g www acunetix com and webserver directory e g sales on which the URLrewrite configuration is set Importing a URL Rewrite rule configuration from an IIS web server If using Microsoft IIS as your web server you can automatically import the rewrite rulelogic 1 To openthe Import Rewrite rules wizard click Add Ruleset and then click Import rule Inthe Filename field enterthe
69. isplays all vulnerabilities discovered in scanned network services such as DNS FTP SMTP and SSH servers Network alerts are categorized by 4severity levels similarto web alerts The number of vulnerabilities detected is displayed in brackets nextto the alert categories Clickan alert category nodeto view more information similarto web alerts Note You can disable network security checks by un ticking the Enable Port Scanning option inthe Scan Wizard 32 Port Scanner Node The Port Scanner node displays all the discovered open ports on the server Network service banners can be viewed by clickingon an open port Note Port Scanningof the target server can be disabled by un tickingthe Enable Port Scanning option inthe Scan Wizard Knowledge Base Node The knowledge base node is a high level report that displays 33 List of open TCP portsfound on the server includingthe port banner List of Network Services runningonthe web server and their response List of files with inputs found onthe website Number of inputs perfile are also shown List of links to external hosts found onthe website E g testphp vulnweb com containsa linkto www acunetix com List of Client and Server HTTP error responses together with the HTTP requests that generated them An example would be the response code Server Internal Error HTTP 500 Check the response for information exposure Site Structure Node The Site Structure Node displays the la
70. k Start inthe HTTP Editorto send the HTTP requestto the server 99 56 8 Compare Results Tool Introducti a Acunetix Web Vulnerability Scanner NFR Evaluation Edition File Actions Tools Configuration Help New Scan 3 y Bes 6 Ble else 4 B di SE ix g C Userschalie Desktopiscan1 wvs P Am Fa C Wsers chalie Desktop scan2 wvs wel oo a Name E Possible sensitive directories 3 E D Possible sensitive directories 3 URL redirection E E URL redirection 1 Password type input with autoc E Password type input with autoc O Broken links 1 Broken links 1 E GHDB Generic MySQL error me H GHDB Generic MySQL error me i Email address found 7 E Email address found 16 E Le Knowledge Base 1 El E Ka Knowledge Base List of open TCP ports i 1h Site Structure El o 2h Site Structure E Root Ok 200 9 Root Ok 200 Pa admin Zo adm Pa cvs Pa cvs E AJAX Ok 200 DI RK AJAX Ok 200 9 Flash Forbidden 403 El Flash Forbidden 403 H images Forbidden 403 El images Forbidden 403 H 9 secured Ok 200 H V secure d Ok 200 9 index bak 9 index bak 9 artists php Ok 200 artists php Ok 200 o cart php Ok 200 o cart php Ok 200 ld categories php Ok 200 9 categories php Ok 200 i E disdaimer php Ok 200 9 disclalmer php Ok 200 favicon ico Ok 200 9 favicon ico Ok 200 m Lei guestbook ph
71. k on Importand Applyto save the certificate information 85 False Positives When a specificvulnerability is marked as False Positive in the scan results it will be listed in this node Presson the button to remove avulnerability from the list of False Positives Note False positives are site specific by URL and file Therefore if you mark a XSS vulnerability on http www testphp vulnweb com artists php as false positive if you scan another site this vulnerability will show up again if it isdiscovered Miscellaneous From thisnode you can configure the options specified below Memory Optimization Enablingthis option instructs Acunetix WVSto store temporary datainthe specified location instead of system memory AcunetixWVS must have full access to thisfolder This will greatly reduce overall memory usage In thissection you can also configure the amount of memory the crawler should use If duringa crawl the crawler consumesthe configured amount of memory the crawl will stop and the scanningwill proceed Display Options e Display custom HTTP status information Display the full HTTP response status line header and the corresponding status string e Display HTTPS status icon Enable thisoptionto show a padlockiconnexttofilesor directories that are accessed via HTTPS and not HTTP Password Protection In this section the user can set a password to restrict access to the Acunetix WVS main interface and all the other Acunetix
72. l 3 One or more high severity type vulnerabilities have been discovered by the scanner A malicious user can exploit these vulnerabilities an compromise the backend database and or deface your site E 11 Application error message 2 LU E E http testaspnet vulnweb com acuservice servic Total alerts found 4 amp 0 Service ServiceSoap GetUserInfo username 1 O High 2 A O variant 1 O Medium AAA 1 Service ServiceSoap 12 GetUserInfo usernam Low 0 d Web Services 1 Informational 0 E 2 Service 5 ServiceSoap 3 Target information http testaspnet vulnweb com acuservice service asmx7WSDL a o HelloWorld Responsive true i O HelloUser f MDSEncode O GetUserInfo ServiceSoap12 HelloWorld Ph HelloUser f o MD5Encode E GetUserinfo ko Statistics 204 requests S Progress 9 Activity Window Ready Screenshot 38 Web Services Scanner Starting a Web Service Scan 1 From the Tools Explorer select Web Services Scannerand click the New Scan button in the toolbarto launch the Web Service Scan Wizard Specify the URL of an online orlocal WSDL and choose ascanningprofile ClickNextto proceed 2 Inthe Selection step select the Web Services Ports and Operationsthat must be scanned The number of inputs accepted by each operation and the URLof the ports will be displayedinthe Details section 3 Enter specificinput values optional forthe scannerto use as Web Service Operationsinthe Defaul
73. l report can be created summarizing the scan Acunetix AcuSensor Technology Acunetix unique AcuSensor Technology allows you to identify more vulnerabilities than atraditional Web Application Scanner whilst generating less false positives In addition it indicates exactly where in your code the vulnerability is and reports debug information Acunetix Web Vulnerability Scanner Consultant Edition _ m Oj xj Be ole rela alalama 9 1119 amp ld eR i Report 2 startur nttp testphp vulnmeb com 50 y Profile Default B strt Status Vulnerability details E lal Scan Thread 1 http testphp vulnweb com 80 Finished 114 alerts a i i ily Web Alerts 114 Source file var wwwivhosts default htdocs artists php Apache Mod_Rewrite Off By One Buffer Overflow V Additional details E Blind SQL Injection 3 E O CRLF injection HTTP response splitting AS 1 SQL query mings FROM artists WHERE artist_id 1ACUSTART NwKL9ACUEND O Cross Site Scripting 7 mysql_quer was called E O Macromedia Dreamweaver Remote Database Scripts PHP HTML Entity Encoder Heap Overflow Vulnerabilt The impact of this vulnerability PHP version older than 5 2 1 1 H PHP version older than 5 2 3 1 An attac cute HES endiech eng eme ont in the vulnerable system This may compromis E PHP version older tha
74. ll be installed Further install options such as the Acunetix Firefoxtoolbar and desktop shortcut can be enabled 5 ClickInstall to start the installation Setup will now copy all files and install the necessary Windows Service Click Finish when ready Note If usingthe evaluation edition you will only be able to scan one of the Acunetixtest websites e http testohp vulnweb com built on PHP e http testasp vulnweb com Built on ASP e http testaspnet vulnweb com Built on ASP NET Furthermore you will not be able to save the scan results when usingthe evaluation version Installing the AcuSensor Agent NOTE Installingthe AcuSensor Agent is optional AcunetixWVSstillisbestinclassasa black box scanner However the AcuSensor Agent improves selection accuracy and vulnerability results especially when used forscanningPHP websites The unique Acunetix AcuSensor Technology identifies more vulnerabilities than atraditional Web Application Scanner while generatingless false positives In addition it indicates exactly where vulnerabilities are detected in your code and also reports debuginformation To install the AcuSensor Agent the file must first be generated and then deployed to the target server Generatingthe AcuSensorfiles AcuSensor Deployment A From this node you can generate the files you need to deploy AcuSensor technology to a server Generate AcuSensor Installation Files Pl Output folder C Users Dan
75. ll types of vulnerabilities e Onlythe default report can be generated and it cannot be printed or exported e Scan Results cannot be saved If you decide to purchase Acunetix WVS you will need to un installthe evaluation edition and install the purchased edition which must be downloaded as aseparate installerfile Download the installer file and double click to begin the setup which will prompt you to remove the evaluation version and install the full edition All settings detected in the previously installed version will be retained Once the installation is complete you willbe prompted to enter the License key 11 12 2 Installing Acunetix WVS System Minimum Requirements e Operatingsystem Microsoft Windows XP and later e CPU 32 bit or 64 bit processor e System memory minimum of 1 GB RAM e Storage 200 MB of available hard disk space e Microsoft Internet Explorer 7 or later some components of lEare used by Acunetix e Microsoft SQLServer Microsoft Access foroptional use of the reporting database Installing Acunetix Web Vulnerability Scanner 1 Download the latest version of Acunetix Web Vulnerability Scanner from the download location provided to you when you purchased the license 2 Double clickthe webvulnscan8 exe fileto launch the AcunetixWYWVS Installation wizard and click Next when prompted Review and approve the License Agreement Select the folder location where AcunetixWeb Vulnerability Scanner wi
76. matically save the scan results to the reporting database enable the Save scan results to the database for report generation option You can read more about the Acunetix Reporter from page 37 of thisuser manual Crawling Options Tick the option After crawling let me choose which filesto scan if you would like to select deselect filesfrom the automated website security scan instead of scanningthe whole website Tick the option Define listof URLs to be processed by crawler at start if you would like aspecificURLto be crawled before any other 22 Note If the scan isbeinglaunched from a saved crawl result the Define list of URLs option will be greyed out because an automated scan will start immediately without the crawl Step 3 Confirm Targets and Technologies Detected xi DW Scan Type Select Targets M Options Please wait until the scanning is finished and then select the targets you want to scan from the list below For every target you can enter details such as operating system webserver technology or change the base path SGAE By entering these details you can reduce the scanning time Login a Finish List of targets H testphp vulnweh com 80 wi A Base path Fi Server banner Apache 2 0 55 Ubuntu mod_python 3 1 4 Python 3 Target URL http testphp vulnweb com 80 7 Operating system Unix WebServer Apache 2 x E Optimize for following technologies ASP ASP NET PHP Perl Java J2EE ColdF
77. more about the Scan Settings templates Step 7 Completing the scan Click on Finish to start the automated scan Dependingon the size of the website scanning profile and the server response time ascan may take up to several hours These factors cannot be controlled by Acunetix WVS 29 Step 8 Select the Files and directories to Scan If the option After crawling letme choose the filesto scan wasticked inthe crawlingoptions awindow with the crawled site structure will automatically pop up at the end of the automated crawl allowing you to select which filesto scan 30 4 Analyzing the Scan Results Introduction All the security alerts that are discovered duringthe scan of a website are displayed in real time under the Alerts node inthe Scan Results window A Site Structure node is also shown and lists the files and folders discovered EI Acunetix Web Vulnerability Scanner Consultant Edition 0 x M Profile Default stop Pause La acunetix threat level Acunetix Threat Level 3 One or more high severity type Level 3 High ulnerabilities have been discovered by Apache Mod_Rewrite Off By One B LL the scanner A malicious user can Macromedia Dreamweaver Remote ploit th Inerabil zi PHP HTML Entity Encoder Heap Ove eu ge Weg een PHP version older than 5 2 1 1 PHP version older than 5 2 3 1 Total alerts found 34 PHP version older than 5 2 5 1 O H
78. n 24 hours or less dependingon yourtime zone Acunetix Blog We highly recommend that you follow our security blog by browsingto http www acunetix com blog Acunetix Facebook page Join us on Facebook forthe latest product and industry updates http www facebook com Acunetix Knowledge base Help Support page You can also explore the Acunetixknowledge base by browsingto http www acunetix com support 95
79. n 5 2 5 1 Melo oa Wy otyou wd ata bas SE sitive information PHP version older than 5 2 6 1 Des een ech S s ee e ap a S tie me ae wg P ee boda Se a kg els of O PHP Zend_Hash_Del_Key_Or_Index vulnerability 1 datas s for rar wa n t to SQL injection AS 3 UNION pa piya dla use pra eeng se tot ela e goe y be E artists php 1 aa to read in or write out to files or to execute shell comma Pe S bz ege d oper ratn ng O artist 1 a variant 1 Certain SQL Servers such as Microso i SOL Sarvar Cana stored and extended procedures 5 cart php 1 picar Pique ons an attacker obtain access to these procedures it may be possible E en odu aparcado e machin H O Apach n older than 2 0 61 1 Attack d tt 0 a 2 x n older than 2 0 63 1 Apache ue Remote Denial of Service 1 URL encoded GET input artist was set to 1ACUSTART NwKL9ACUEND Application error message 3 av HTTP headers Backup files 1 2 BW Bad Error message on page 6 Request e HTML Form found in redirect page 1 GO PHPinfo page found 2 GET artists php artist 1ACUSTART 27 22NWKL9ACUEND HITP 1 1 a O Source code disclosure 1 eii t Pa GE eg 082119 75623eb7abd7bf357698ff66c Hidden form input named price was found 2 Cookie login testacx testacx mycookie 3 User credentials are sent in dear text 2 Host testphp vulnweb com Broken links 6 Connection Keep alive e Email add
80. nched manually by clicking Launch the attack with HTTP Editor For more information please referto the HTTP Editor chapter on page 83 e How to fixthis vulnerability This section provides recommendations on how to fixthe vulnerability e Detailed information Thissection provides detailed information about the reported vulnerability e Webreferences A list of weblinks providing more information on the vulnerability to help you understand and fixit Marking an Alertas a False Positive If you are certain that the vulnerability discovered is afalse positive you can flagthe alert as False Positive to avoid it being reported in subsequent scans of the same website To do this clickonthe Mark alert as false positive link or right click onthe alert and select the menu option You can remove an alertfrom the false positives list by navigatingto the Configuration gt Application Settings node inthe Tools Explorer and select the False Positives node Network Alerts Node Scan Results 5 59 Scan Thread 1 http testphp vulnweb co F ij Web Alerts 88 gt 493 Port Scanner 3 23 Open Port 22 ssh 83 Open Port 80 http 83 Open Port 8443 https alt a Knowledge Base 7 List of open TCP ports Whois lookup List of files with inputs List of external hosts List of email addresses Cd Site Structure et c 6 Cookies Screenshot 22 Network Port Scanner and Knowledge base nodes The Network Alerts node d
81. nformation provided by the actual headers Tags usingthisform should have an equivalent effect when specified asan HTTP header and in some servers may be translated to actual HTTP headers automaticallyor bya pre processingtool e AcuSensor Data Any AcuSensor Technology data returned forthe file e Alerts A listof alertsthisitemisvulnerableto can be found inthistab 35 Groupingof Vulnerabilities A Acunetix Web Vulnerak File Actions Tools Configuration Help New Scan Je PALA u B a 3 Ale ln Li ya d S L a n ld en E f 2 Start URL http testphp vulnweb com 80 Scan Results ES A g Macromedia Dreamweaver Remote Database Scripts 1 paria R H Cross Site Scripting 4 Discovered by Scripting Sql_Injection script o File indusion 2 The impact of this vulnerability Script source code disclosure 1 An attacker may execute arbitrary SQL statements on the vulnerable system This may E Blind SQL Injection 2 compromise the integrity of your database and or expose sensitive information E E fartists php 1 artist 1 Depending on the back end database in use SQL injection vulnerabilities lead to Fa D Jproduct php 1 varying levels of data system access for the attacker lt may be possible to not only TRED manipulate existing queries butto UNION in arbitrary data use subselects or append SQL injection 3 additional queries In some cases it may be possible to read in or write outto files
82. ng and uninstalling AcuSensor To uninstall and disable the sensor AcuSensorfor NET 1 Run the Acunetix NETAcuSensor Technology Injectorfrom the program group and select the already injected code Click on Uninject Selected to remove the AcuSensor Technology code fromthe NET applications On success confirmation close the confirmation window and the Acunetix NET AcuSensor Technology Injector 2 Run uninstall exe from the application s installation directory Note If you uninstall the Acunetix NET AcuSensor Technology Injector without un injectingthe NEI application then the AcuSensor Technology code willnot be removed from your NET application AcuSensor for PHP 1 Delete the directive php value auto_prepend file pathto acu_phpaspect phpfile from the htaccessfile orfrom the httpd conf configuration if method lis beingused If method 2 is beingused delete the directive auto _prepend file path to acu_phpaspect php file from the php ini file 2 Delete the Acunetix AcuSensor Technology PHP file acu_ phpaspect php Note Although the Acunetix AcuSensor Technology requires authentication uninstall remove the AcuSensor Technology client files if they are no longerin use Configuring an HTTP Proxy or SOCKS proxy Server E Acunetix Web Vulnerability Scanner Consultant Edition ol x Fille Actions Tools Configuration Help Dies 299 8 Be A leerla ola aja Tools Explorer H Template Default y D
83. ntials willbe used automatically duringcommand line scans The Acunetix WVS Console Reporter The Acunetix WVSConsole Reporter isinstalled with Acunetix WVSand can be accessed fromthe default installation directory of the application The default location is C Program Files Acunetix Web Vulnerability Scanner 8 reporter_console exe For WVSconsole Reporter help use the switch Note In 64 bit operating systems AcunetixWVSis installed in the Program Files x86 directory 68 The Acunetix WVS console Reporter command line options Option Description S vor View o or Output View a pre formatreportin the Acunetix reporter Syntax v report Example v c report pre The destination path where the generated report should be saved andthe filenameof the report Syntax lo reportname Example o c reports report Specify the report template to use for generatingthe report Available report templates WVSComplianceReport rep Compliance report WVSDeveloperReport rep Developer report WVSScanCompare rep Scan comparison report WVSSingleScan rep Detailed Scan report WVSSingleScanExecutive rep Executive Summary WVSVulnGroupTrends rep Monthly Vulnerabilities report Syntax r reporttemplate Example r WVSDeveloperReport rep Note For Compliance reports one must use the roption in conjunction withthe koption described below kor Kind p or Password
84. ntion Pal E s 3 3 http festphp acunetix comlogin php v http testphp acunetix comlogin php Name Surname Company Phone Email Type verification image 3 Browsing Help Screenshot 51 M anual browser window 3 Once the page isloaded clickon Manual Intervention button Proceed by clickingthe Next button till the end of the wizard Once a scan islaunched a browser window will automatically pop up when the application page is reached You can now perform the required action Click Done once the action iscomplete Note Only one page has to be marked for manual intervention If you have more than one page that requires manual intervention specify these URLs the first time the browser window automatically appears duringthe crawl and perform the action on those pages as well This allowsthe crawlerto automatically process those pages without you havingto wait for another dialogto appear More information and avideo about the Login Sequence Recorder can be found here http www acunetix com blog docs acunetix wvs login sequence recorder 81 The HTTP Fuzzer F Acunetix Web Vulnerability Scanner NFR Evaluation Edition File Actions Tools Configuration Help NewsScan G Y ROBES 921 ea dla S Start RM FuzzerFilters el Gy mei Number of requests 63750 g Request Results d POST cart php HTTP 1 1 Add Generator 8 Insert into Request Remove Generator Genera
85. of sub directories Acunetix WVSshould crawl inawebsite Upon reachingthe configured limit Acunetix WVSwill stop crawlingfurther sub directories e Maximum number of filesina directory In thisoption you can configure the maximum number of filesin adirectory Upon reachingthe configured limit Acunetix WVSwill stop crawlinga directory and proceed to the next one File Extension Filters It is possible to configure alist of file extensions to be included or excluded during acrawl Thisis done by matchingthe respective extension of the files specified in any of the columns listed below e Include List Process all files fitting the wildcard specified e Exclude List Ignore all filesfittingthe wildcard specified Note Binary filessuch asimages movies and archives are excluded by default to avoid unnecessary traffic 46 Directory and File Filters Thisnode enables you to specify alist of directoriesorfilenamesto be excluded from acrawl Filters can be configured accordingto directory orfile names as well asthrough the use of wildcards to match multiple directories or files with the same filter Regular expressions can also be used to match a number of directoriesorfiles If a regular expression is specified asafilter toggle the value to Yesunder the Regex column to by clicking on it Add URL Tel Add Filter Remove DAL Filter Regex Il http www acunetix com 2 icons No 2 a htm No Nn him Yes W
86. of the screen you can search for certain keywords or elements in the source code and also change the syntax highlightingif needed HTTP Editor Export In the Web Services Editor you can export a SOAP request to the HTTP Editor by clickingon the HTTP Editor button in the Web Services Editor toolbar The HTTP Editor tool will automatically import the data so the request can be customized and sent as an HTTP POST request 61 62 10 Command Line Operation Introduction AcunetixWVS can be launched viathe Microsoft Windowscommand line allowing you to automate specificscans Command line operation isdone via the Acunetix WVS Console Scanner The Acunetix WVS Console Scanner is installed with Acunetix WVSand can be accessed from the default installation directory of the application The default location of the WVS Console scanneris C Program Files Acunetix Web VulnerabilityScanner 8 wvs_console exe If the executableisrun without parameters usage information is presented together with all the details of every parameter and option for quick reference Forfurtherhelp with usingthe Scanner console use the switch Note In 64 bit operatingsystems AcunetixWVSis installed in the Program Files x86 directory WVS Console Scanner Command Line Parameters The Acunetix WVS Console Scanner supports most of the graphical user interface options It allowsthe same degree of customization and flexibility viaaset of command line parameters
87. om Test pattern Pattern Error s 40d s 4 Page Match on Result body D jw Regular expression Select a descriptive unique part of the page then click Generate pattern from selection Browse URL hittp testasp vulnweb com D Go Browser view HTTP view HTTP 1 1 302 Found Date Wed 26 Oct 2011 12 44 09 GMT Server Apache 2 Location http testasp yulnweb com404 bm Content Length 05 Connection close Content Type text html charset i20 8859 1 lt IDOCTYPE HTML PUBLIC AETEADTD HTML 2 0 EN gt lt htmi lt head gt lt titles302 Found titles lt head gt lt body gt lt h1 gt Found lt A1 gt lt p The document has moved lt a href htto aw acunetia com 404 htm here lt a gt lt fpe lt hr lt address gt Apacher2 2 Server at Wal acuneta com Port DU address gt lt body gt lt html gt A me Generate pattern from selection Cancel Screenshot 57 Custom 404 Error page configuration 1 Specifythe URLofthe website forwhich you would like to create a custom 404 error page rule inthe URLto match on inputfield 91 2 Inthe Pattern inputfield you should specify atext pattern or regular expression which matches some unique text on the custom 404 error page 3 Specify where the pattern can be found in the custom 404 error page response from the Match on drop down menu e Location header The defined pattern can be found inthe headerofthe custom error page e Result Body The defined p
88. omplete Keep in mind that when the HTTP Snifferis stopped the web browser will lose its connection to the target URL You can then save the browsinglogs and load them into the crawler Click Save to store the logs Go to Tools gt Site Crawler and click on the Build structure from HTTP snifferlogbutton Browse to the snifferlog you just saved The crawler will build the structure You can then right click on the site and scan it from within the Crawler or save the crawl results and load them into the web scanner For more information about usingthe HTTP sniffer http www acunetix com blog docs manual crawling http sniffer HTTP Sniffer Trap Filters Through an HTTP Proxy trap filter you can configure the HTTP Snifferto intercept an HTTP request for it to be manipulated in real time beforeit arrives to the server You can do the same for HTTP responses E HTTP Traps 1 5 ld Rule Template lt Select a rule template from the list below gt Rule description Log Server string Rule type P Log Apply to Response headers Regular expression 7i Server Ae Mnfbhr n Log string Server 1 Update Add Description E E Trap ASP and PHP requests Trap requests C E Trap requests with get variables Trap requests with post variables E Trap responses E Don t trap images css scripts Don t trap requests E Don t trap responses Y 8 Highlight PHP error messages E Y Rem
89. onfigurable Subdomain Scanner Using various techniques and guessing of common sub domain names the Subdomain scanner allows fast and easy identification of active sub domainsinaDNSzone The Subdomain Scanner can be configured to use the target s DNSserver or a user specified one Blind SQL Injector Ideal for penetration testers the Blind SQLinjectoris an automated database data extraction tool with which you can make manual tests to further analyze reported SQLinjections The tool isalso able to enumerate databases tables dump data and also read specificfiles on the file system of the web server ifan exploitable SQLinjection is discovered HTTP Editor The HTTP Editor allows youto create custom HTTP requests and debug HTTP requests and responses It also includes an encoding and decodingtool to encode decode text and URL s to MD5 hashes UTF 7 formats and many other formats HTTP Sniffer The HTTP Sniffer acts as a proxy and allows you to capture examine and modify HTTP traffic between an HTTP client anda web server You can also enable add oredit traps to capture trafficbefore itissentto the web serveror back to the web client Thistool is useful to e Analyze how Session IDs are stored and how inputs are sent to the server e Alterany HTTP requests beingsent backto the server before they get sent e Manual crawling navigate through parts of the website which cannot be crawled automatically andimportthe results into the scanne
90. onfigured in the scheduler settings Syntax sendmail verbose Enables verbose mode the logfileentries will also be displayed inthe commandline window Syntax verbose Password Application password if user interface password is enabled Password can be enabled fromthe Application settings gt General node Syntax Password password string Example Password TestPass123 WVS Console Scanner Command Line Options GetFirstOnly Specifiesto get the first URL only Syntax GetFirstOnly true false 66 above start directory Syntax RestrictToBaseFolderxtrue false FetchSubdirs Specifiesifthe crawlershould fetch files discovered in sub directories below base directory Syntax FetchSubdirsStrue false ForceFetchDirindex Specifiesifthe crawlershould fetch directory indexes even if notlinked Syntax ForceFetchDirindex true false RobotsTxt Retrieves and processes robots txt and sitemap xml during crawl to discover more links Syntax RobotsTxt true false CaselnsensitivePaths Specifies if the crawlershould cater for case insensitive sensitive paths Syntax CaselnsensitivePaths true false UseCSA Enable Client Script Analyzer engineto analyze JavaScript and other client side scripts during crawling Forall kind of web 2 0 applications this option should always be enabled Syntax UseCSAStrue false scanningMode Specify which scanning mode to
91. oup of tests from the test database Scanning profile Default D ES Scanning settings allow you to adjust scanning behavior to the current scan s Scan settings Default D Customize J Save scan results to database for report generation Crawling options r These options will define the behaviour of the crawler for the current scans IF you want to modify the general crawler behaviour you should go to settings Define list of URL s to be processed by crawler at start Filename EA iG acunetix lt Back ge Cancel Screenshot 11 Scanning Profile and Scan Settings template Scanning Profile The Scanning Profile willdetermine which tests are to be launched against the target website For example if you only wantto test your website s for SQLinjection select the profilesql_ injection No additional tests will be performed The Default scanning profile willtest your website for any known web vulnerability Refer to the Scanning Profiles section on page 87 for more information on how to customize or create scanningprofiles Scan Settings template The Scan Settings template will determine what Crawler HTTP protocol advanced crawling and Scanner settings are to be used duringa scan Referto the Scan Settingstemplates section on page 87 for more information on how to customize or create new Scan Settingstemplates Save scan Results If you want to auto
92. out link so the crawler will ignore itto prevent endingthe session Inthe Setup restricted links step of the wizard clickthe logout link for itto be ignored If the logout linkisnot on the same page click the Pause button in the top menu navigate to a page where the logout linkisfound resumethe session and then click onthe logout link Click Nextto proceed r Login Sequence Recorder oy hn session racunetix Weve teva home categories artists disclaimer your cart guestbook AJAX Demo search art welcome to our page se Test site for Acunetix WVS Browse categories Browse artists Your cart Signup Your profile Our guestbook AJAX Demo Logout Links Security art Fractal Explorer ls Mm t how in browse Show raw data Define pattern from selection Macunetix Pattern i lt a s href logout php gt o Pattern type Check pattern Ge Screenshot 18 Specify an In session or Out of session pattern 5 Inthisstep you haveto specify In Session or Out of Session detection patterns Forthe In Session detection specify a pattern which allowsthe crawlerto detect the session is still valid If for some reason the session for expires during a crawl the Crawler will automatically login again Click on Detectso Acunetix WVSwill try to automatically detect the pattern Note If the automaticdetection doesnot work you must specify the pattern manuall
93. ove gzip deflate enconding Wi Replace user agent E Log get variables EJ Log Host string Log post vars 7 Log Server string Log URL ET P Log lt Powered B y string 4 Apply to Request headers Request headers Request headers Request headers Response headers Request headers Request headers Response headers Response Request headers Request headers Request headers Request headers Request Response headers Request headers Response headers Rule PI IGETIPOSTbha ID asp php 714M Tiet AINGETIPOSTIAsS HTTP41 01 AJNGETIPOSTIAS 2sHTTP 1 01 iJContent Type application s www form urlen i HTTP 1 01 ss AINGETIPOS Ts GIFA JPG JPEGLPNGL AINGETIPOSTIAS HTTP 1 01 IPHTTP41 01 s iJ4ccept Encoding sqzip deflate r n iJUserAgent s 4n AINGETIPOSTIAS AL ASHTTP 1 01 PiHostis An rn i POST Content Type s application x www iS ervers An ran i GETIPOST ss s HTTP 1 01 J Ap Powered ByAs Aran PARA II lt div style clear both background c User Agent WYS 2 0 Get vars are 2 Host 1 Post vars are 1 Server 1 URL is 2 Powered By 1 Cancel Ok Screenshot 35 HTTP Sniffer Edit Trap window Creatinga HTTP Sniffer Trap Filter 1 Inthe HTTP Sniffertoolbar click onthe Edit traps button to launch the HTTP Traps window 2 Selectatrap rule template e g trap requests and trap ASP or PHP request
94. p Ok 200 El m g guestbook php Ok 200 fd index php Ok 200 Le index php Ok 200 H Je listproducts php Ok 200 Di 9 listproducts php Ok 200 i login php Ok 200 9 login php Ok 200 P RASO E bist Caimi Lea P SC Rint Een wc Tan acunetix WEB APPLICATION SECURITY LU Compare Results Camwnacdans ennultn nen anren Sen bal en A A Activity Window Ready Screenshot 37 Compare Results Too The Compare Results tool allows you to analyze the differences between the results of two separate scans of the same application You can compare a full security scan or just the site crawler data Comparing Results To compare two saved scan results 1 Goto the Compare Results node in the Tools Explorer 2 Inthe Compare Results toolbar specify the path of the first scan file Inthe second edit box specify the path of the second scan Click on the Compare button i to launch the compare tool Specify which items you wish to compare such as Referrers HTTP headers etc The list of items that are enabled for comparison can be saved as a new template by renamingthe template and clickingthe Save button Click Start to begin the comparison Note For large websites the file structure comparison process may take longerto complete Analyzing the Results Comparison Once the comparison iscomplete the results are shown in atwo pane interface The left pane contains the contents of the original scan while the right hand p
95. p down menu 8 Check un checkall the vulnerability security checks you would liketo include excludeinthe scanning profile 9 Clickon save lal button to save the profile Creating custom vulnerability checks Acunetix WVSallows you to create yourown web and network vulnerability checks Forexampleif you are familiar with a particular web application and want to create specificchecksforit you can use the Acunetix Vulnerability Check SDK to create your own vulnerability checks More information about creating vulnerability checks can be found here http www acunetix com blog uncategorized creating vulnerability checks 94 14 Troubleshooting Obtaining support UserManual The most common issues can be solved by consultingthis manual Support The Acunetix support team can be contacted by email at support acunetix com The Acunetix Support Center Browse to http www acunetix com support to view all the support options available Acunetix Forums Browse to http www acunetix com forumsto interact with our expert community Request Support via E Mail If you encounter persistent problemsthat you cannot resolve we encourage you to contact the Acunetix Support team via e mail Support acunetix com since you can include vital information to help us diagnose and resolve your issues as quickly as possible Please ensure you includethe license key information inthe support email We will do ourbestto answer your query withi
96. phanumrand Automatically submit random alphabetical and numeric characters a z 0 9 You can also change the priority of a specificinput field by highlightingit and then usingthe Upand Down arrows to give it higher orlower priority respectively Note If a unique set of data must be submitted to different forms then anew rule set must be created for each form respectively 50 7 Manual crawling with the HTTP Sniffer Introduction a Acunetix Web Vulnerability Scanner NFR Evaluation Edition lt o File Actions Tools Configuration Help y New Scan amp r 1 B a Z esla A EA id S 9 Enable Traps fal edittraps Gf H Zu Status Running on port 8080 n g Method Details Information 8 GET https erp acunetix com 443 panel keys aspx lang en text html charset utf 8 Ba 200 o 130 Kb g POST https erp acunetix com 443 panel keys aspx lang en text html charset utf 8 200 OK 58 Kb ga POST https erp acunetix com 443 panel keys aspx lang en text html charset utf 8 200 OK 132 Kb i o GET https erp acunetix com 443 panel key aspx lang en amp id 3439 amp f p 3d1 260 text html charset utf 8 200 OK 75 Kb a 200 OK 55 Kb a GET https erp acunetix com 443 panelfimages play of image gif y 200 OK 976b POST https erp acunetix com 443 panel editcustomer aspx lang en amp op edit amp id 184 text html charset utf 8 A 302 Found 424b g GET https erp acunetic com 443 panel customerleads aspx lang en8id
97. ptions Select custom icons logos headers and footers to customize the report You can use these settings to customize the report layout and to apply corporate branding These settings are global therefore any changes made will appear across all the reports generated bythe WVS Reporter 40 Page Settings The Page Settings node allows you to configure the default page size orientation and margins of your reports The Report Viewer The Report Viewer isa standalone application that allows you to view save export or print generated reports The reports can be exported to PDF HTML Text Word Document and BMP The Acunetix Report Viewer is afree application and can be downloaded from the following location http www acunetix com download tools reportviewer zip Using Microsoft SQL The Acunetix Reporter uses a backend database to store the scan results and generate reportsfrom Microsoft Access included in Microsoft Windows isused asthe default database engine when Acunetix isinstalled however you can also choose to use Microsoft SQLserverto store scan results To change the Reported database 1 1 Navigate to the Configuration gt Application Settings gt Database node inthe AcunetixWVS interface Select MSSQLServerfrom the Database Type drop down menu 2 2 Enter the ServerlP or FODN inthe Server text box andthe credentials to connect to the serverinthe Username and Password text box 3 3 Spec
98. r custom editing and execution of various web service operations over different port typesforan in depth analysis of WSDLrequests and responses The editor also features syntax highlightingfor all languages to easily edit SOAP headers and customize your own manual attacks WVS Scripting tool and Acunetix SDK H Z te e oO M acunetissdocumentsimanualsi SDK W ersion ZAsample scriptstbasicXSS script var targetUrl new TURL scanURL url a IR AspectData AspectDataltem get current scheme z Ss HTMLForm var scheme getCurrentScheme HTMLForminput HTMLQuery fa scheme can have multiple inputs P HTMLToken for var i 0 i lt scheme inputCount i Mie amp HTML Tokenizer o 9 HTTPJob each input can have multiple variations HTTPMessage var variations scheme selectVariationsForInput i amp HTTP Work for var j 0 j lt variations count j e e el sl Injection alidator load variation e InputS cheme scheme loadVariation variations item j amp KBaseltem set input value to our payload lt XSS gt Link scheme setInputValue i lt XSS gt o Sp List Metal ag create a HTTP Job request ObjectFactories var job new THITPJob ParserData Reportltem set the job URL to targetUrl o Script job url targetUrl ScriptContext Search amp amp Serverlnfo Message Jobs State Script Y Script execution error No current input scheme available
99. r tes the for HTTP sniffer coo proxy program updates the proxy for accessing 8 Authentication Tester Cl Compare Results ZAC Web Services ae Web Services Scanner 4 Web Services Editor 1 5 Configuration 3 Application Settings EI Scan Settings 2 Scanning Profiles gt General Program Updates 1 0 Version Information Use an HTTP proxy server AcuSensor Deployment Hostname Username s AcuSensor Screenshot 55 Application Settings Application Updates From thisnode you can configure when the application checks for both vulnerability and application updates You can also configure the Proxy Server settings if your Internet connection must be accessed viaa proxy server Logging You can configure different logginglevelsin Acunetix WVSfrom Configuration gt Application Settings gt Logging Client Certificates Some websites require client certificates to identify a client before access is granted These certificates may be configured in AcunetixWVSby specifyingthe URLto be used duringa crawl or a scan To do this Navigate to Configuration gt Application Settings gt Client Certificates Specify acertificate location by browsingto the certificate with the Browse icon next to the Certificate file text box and enter the certificate password in the Password text box Enter the URL which needs aclient certificate to be accessed Clic
100. r to include them in the automated scan For http requests to pass through Acunetix WVS Acunetix WVS must be configured asa proxy in your web browser You can read more about the HTTP Sniffer and it s configuration in chapter 7 of this manual HTTP Fuzzer The HTTP Fuzzer enables you to launch a series of sophisticated fuzzingteststo audit the web application s handling of invalid and unexpected random data The Fuzzer also allows you to easily create input rulesforfurthertestingin Acunetix WVS An example would be the following URL http testphp acunetix com listproducts php cat 1 Usingthe HTTP Fuzzer you can create a rule that would automatically replace the last part of the URL 1 with numbers between Land 999 Only valid results willbe reported Thisdegree of automation allows you to quickly test the results of a 1000 queries without havingto performthem one by one Authentication Tester With the Authentication Tester you can perform a dictionary attack against login pages that use both HTTP NTLM v1 NTLM v2 digest orform based authentication Thistool usestwo predefined text files dictionaries containing alist of common usernames and passwords You can add yourown combinationsto these text files W eb Services Scanner The Web Services Scanner allows you to launch automated vulnerability scans against WSDLbased Web Services W eb Services Editor The Web Services Editor allows you to import an online orlocal WSDL fo
101. rameter Exclusions Enables you to specify parameters that must be excluded from ascan Some parameters cannot be manipulated without affecting the usersession and will therefore not be manipulated duringascan You can also select not to test all possible values Note Parameters specified in the Parameter Exclusions list will only be excluded from a scan but will still be crawled Adding a parameter to the exclusion list 1 SpecifyaURL inthe URLtextboxto exclude the parameter when scanningthe specified URL only Use a wildcard to exclude the parameter from every scan 2 Typethe parametername to be excluded inthe Name textbox and select for which type of HTTP verb it should be excluded from the Type drop down menu Select Any to exclude the parameterin any type of HTTP verb 3 Select Exclude from Scan to exclude any kind of parameter manipulation during scan or select Do not test all possible valuesto try only a limited number of variations duringascan from the Action drop down menu Click Apply to save your changes GHDB Google Hacking Database Options By default all GHDB Google Hacking Database tests 1450 are launched against a website during a scan From the Settings gt GHDB node you can configure which GHDB vulnerability checks you want to test for Filterthe list by enteringa keyword e g sql in the Filter GHDB text box Click on Uncheck Visible to uncheck all vulnerabilities that match
102. rd dialog 23 e Forms Authentication Thistype of authenticationishandled viaaweb formand not via HTTP The credentials are sent to the serverforvalidation by a custom script x E Scan Type Login MX Options Configure input login details for password protected areas or HTML forms M Select Targets Login Forms Authentication m Finish 2 If your website requires forms authentication you need to record the steps required to login on the website This will be saved as a login sequence file and can be used later You can also specify a section of the website which you do not want to be crawled for example links that will log you out from the website Login sequence lt no login sequence gt acunetix lt Back Next gt Cancel Screenshot 13 Login Details Options Scanning a HTTP password protected area If you scan an HTTP password protected website you willbe automatically prompted to specify the username and password unless they are predefined Acunetix WVS supports multiple sets of HTTP credential forthe same target website HTTP authentication credentials can be configured to be used for a specificwebsite host url or even fora specificfile only To specify HTTP authentication credentials 1 Navigate to Configuration gt Application Settings gt HTTP Authentication 2 Clickon the Add credentials button x W S needs to authenticate Please enter your credentials below
103. recognize the difference between alogged in session and alogged out session Click Nextto proceed with the wizard SEI Edit login sequence loj x t 5 00 D E Sequence Name testonp vulnweb com_login Login Actions aj POST http testphp vulnweb com userinfo php Logout Actions Al GET http testphp vulnweb convlogout php Session Detection ll Detection URL http testphp vulnweb com Screenshot 20 Recorded login sequence review 28 6 Inthelaststep of the wizard you can review the recorded sequence You can change priority of URL s usingthe up and down arrows edit requests and add or remove requests Click Finish to finalize the session recording Note Login sequences are saved inthe Documents folder of the Publicprofile The default path is c Users Public Documents Acunetix WVS 8 LoginSequences The Login Sequence Recorder can also be used to configure Acunetix WVSto crawl a web application in a pre defined manner such asa shoppingcart or to automatically input datainto a web form For more information onthe Login Sequence Recorder and its uses see the section Login Sequence Recorderon page 79 of this manual or referto the following URL http www acunetix com blog docs acunetix wvs login sequence recorder Step 6 Final wizard options In the final step ofthe scan wizard you are presented with an overview ofthe scan optionsand alerted if further actions are required Below isalist of
104. ress found 44 Accept Encoding gzip def A e GHDB Default phpinfo page 1 E Mozilla 4 0 Gen compatible MSIE 8 0 Windows NT 6 0 GHDB Generic MySQL error messa ge 3 6 GHDB phpinfo 1 Screenshot 1 Acusensor pin points vulnerabilities in code The increased accuracy is achieved by combining black box scanningtechniques with feedback from sensors placed inside the source code while the source code is executed Black box scanning does not know how the application reacts and source code analysers do not understand how the application will behave while itis being attacked AcuSensor technology combines thesetechniques together to achieve significantly better results than using source code analysers and black box scanningindependently The AcuSensor Technology doesnot require NEI source code it can be injected in already compiled NET applications Thusthere isno need to install acompiler or obtain the web applications source code whichisa bigadvantage when usingathird party NET application In case of PHP web applications the source is already available To date Acunetixisthe only Web Vulnerability Scanner to implement this technology Advantages of using AcuSensor Technology Ability to provide more information about the vulnerability such as source code line number stack trace affected SQLquery Allows you to locate and fix the vulnerability faster because of the ability to provide more information
105. rname indicates that they can be dangerous etc from beingreported e Scanning Mode From thissection you can select the ScanningM ode which will be used during both the crawlingand scanningstage of the target website The scan mode will determine how both the crawler and the scanner will treat website parameters also known as inputs which will affect the number of security checks launched against the website The following scanning mode options are available e Quick In thismode the crawler will only fetch avery limited number of variations of each parameter because they are not considered to be actions 87 parameters Action parameters are designed to control the execution flow of the server scripts Such scanning mode should only be used with small and staticwebsites e Heuristic In thismode the crawler will try to make heuristicdecisionson which parameters should be considered as action parameters It will try to fetch the most possible values of each parameter This will result in alarger number of different variations and thereforethe scanner will launch more security checks against the website Thisscanningmode isthe most efficient and accurate one and isrecommended as the scanning mode of choice unless there are specificreasons to use other scanning modes e Extensive In this mode the crawler will fetch all possible values and combinations of all parameters This willlead to a much largernumber of variations and therefor
106. rthe crawling process WVS automatically launches aseries of vulnerability attacks on each page found in essence emulatinga hacker Also WVSanalyses each page for places where it can input data and subsequently attempts all the different input combinations Thisisthe Automated Scan Stage If the AcuSensor Technology is enabled aseries of additional vulnerability checks are launched against the website More information about AcuSensor is provided inthe followingsection 3 Duringthescan process a port scan isalso launched against the web server hostingthe website If open ports are found AcunetixWVS will perform arange of network security checks against the network service runningon that port 4 Asvulnerabilities are found AcunetixWVSreportsthese inthe Alerts node Each alert contains information about the vulnerability such as POST variable name affected item http response of the serverand more If AcuSensor Technology is used details such as source code line stack trace SQL query which lead to the vulnerability are listed Recommendations on how tofixthe vulnerability are also shown 5 Ifopen ports are found they will be reported in the Knowledge Base node The list of open ports contains information such asthe banner returned fromthe port and if a security test failed 6 Afterascan has been completed it can be saved to file for later analysis and for comparison to previous scans Usingthe Acunetix reporter a professiona
107. s This will load up a preconfigured trap which you can edit Alternatively you can create a new trap byfirstenteringa description forthe rule Specify the rule type from the following 4 options 53 el Include Configure which HTTP requests and responses should be trapped Exclude Configure which HTTP requests and responses should excluded 2 Replace or change rules Configure which HTTP requests should be automatically changed based on the given expression d Logging rules Configure which HTTP requests or responses should be logged in the Activity window 5 Thetype of trafficthat will be captured by the trap must also be configured Traps can be set to The Trap Form capture all traffic HTTP requests only request headers only etc In the Regular expression option enter a regular expression that matches the data you would Once the new trap is ready click onthe Add button to save the new trap This will add the trap and automatically enable it You can enable disable traps by clickingon the tick boxin front of the trap rule Clickthe OK button to return to the HTTP Sniffer dialog and click onthe Enable traps button to activate the traps inthe HTTP Sniffer 8 HTTP Trap HTTP 1 1 200 OK Structured Text Only ONO Header Name Header Value v Date Fri 30 Jul 2010 15 08 09 GMT V Server Apache 2 0 55 Ubuntu mod_python 3 1 4 Python 2 4 3 Y Powered Du PHP 5 1 2 Y Content Length 3895
108. s e g testphp vulnweb com_login loginseq to CA Users Public Documents Acunetix WVS 8 LoginSequences When you restart the Acunetix Web Vulnerability Scanner and navigate to Login Sequence Recorder the list of recorded login sequences would be populated with the new login sequences which were imported fromversion 7 Migrate reportingdatabase 1 Switch off both versions of Acunetix WVS 2 Downloadthe Convert WVS Database tool from http www acunetix com download tools ConvertW VSDatabase zip 3 Extract the ZIP file and run Convert WVS Database 4 Configure the followingin the Convert WVS Database tool a Thetype of the database fromthe drop down menu Database type field e g MSAccess default or SQLdatabase b Specifythe location of the version 7 reporting database By default the database is located in C Program Files x86 Acunetix Web Vulnerability Scanner 7 Data Database c Ifyou are convertingan SQL database enterthe IP of the server and the credentials used to accessthe SQL database d Click Convert and wait until the conversion is complete Once complete you willbe alerted Convert WWS Database x Database Support d Database tupe DE Access D b a S5pecify the MS Access database path Database D LS C Convert Screenshot 9 Reporting Database migration tool 5 Ifyou converted aSQL database all you needto do is configure Acunetix WVS8 with the new connec
109. selected NET applications Once files are injected close the confirmation window and also the AcuSensor Technology Injector Note The AcuSensor Injector willtry to automatically detect the NET framework version used to develop the web application so you do not have to manually specify which framework version was used fromthe Target Runtime drop down menu Installing AcuSensor agent for PHP If your web application is written in PHP 1 Locate the PHP AcuSensorfileof the website you want to install AcuSensor on Copy the acu_phpaspect php file to the remote webserver hostingthe web application The AcuSensor agent file should be in alocation where it can be accessed by the web server software Acunetix 15 AcuSensor Technology works on PHP version 5or newer Previous PHP versions are not supported 2 You can use one of 2 methodsto activate the sensor Method 1 can be used to install the AcuSensor on Apache only and Method 2 can be used to install the AcuSensor on both Apache and IIS Both methods are explained below Method 1 Apache htaccess file Create a htaccessfile in the website directory and add the followingdirective php value auto_prepend file pathto acu_phpaspect php file Note For Windowsuse C sensor acu_phpaspect php and for Linux use Sensor acu_phpaspect php path declaration formats If Apache does not execute htaccess files it must be configured to do so Referto the following configuration guide h
110. t Values step 4 Proceedto the scan summary review it and click Finish to launch the scan 59 Web Services Editor A Acunetix Web Vulnerability Scanner NFR Evaluation Edition File Tools Configuration Help New Scan li eS D Ble ie a 8 l WSDL URL http testaspnet vulnweb com acuservice service asmx WSDL sl amp Import Editor WSDL Structure WSDL Ja10jdx3 s 001 Service P Service y Port fr ServiceSoap12 v Operation f HelloUser v Asend E HTP Editor Request SOAP a Operation HelloUser username string tempuri org gt lt HelloUserResponse xmins htt lt HelioUserResult gt Hello amp lt hello amp gt lt HelloUserResult gt lt oUserResponse gt o OO d OO E w Nao D Look for 00 32 r 4y E xm X Activity Window i Ready Screenshot 39 Web Services Editor The Web Services Editor allowsimporting of online orlocal WSDLfor custom editing and execution of various web service operations foranin depth analysis of WSDLrequests and responses The editor also features syntax highlightingfor all languages making it easy to edit SOAP headers and customize manual attacks Editingand sending of Web Services SOAP messages is very similarto editing normal requests sent viathe HTTP Editor Importing W DSL and Sending Request 1 Clickon the Web Services Editor node inthe tools explorer and enterthe URLof the WSDL or locate the local directory wher
111. tion details If you converted aMS Access database proceed with the below procedures 6 Navigate to C Program Files x86 Acunetix Web Vulnerability Scanner Y Data Database directory 7 Copythe file vulnscanresults mdb to C ProgramData Acunetix WVS 8 Data Database Once you launch Acunetix WVS8 it will use the converted database which also includes all saved reportsfrom version 7 19 20 3 Scanning A Website Introduction The Scan Wizard providesa quick and easy wayto configure and launch a new scan NOTE DO NOT SCAN A WEBSITE WITHOUT PROPER AUTHORIZATION The web server logs will show the scans and any attacks made by AcunetixWVS If you are not the sole administrator of the website please make sure to warn other administrators before performingascan Some scans might cause a website to crash requiring arestart of the website Step 1 Select Target s to Scan 1 Clickon File gt New gt New Website Scan to start the Scan Wizard or click the New Scan button on the top left hand of the Acunetix WVSmenu bar E Scan Type Scan Type M Options Select whether you want to scan a single website or analyze the results of a previous crawl M Select Targets E Logn E Finish Scan type a Here you can scan a single website In case you want to scan a single web application and not the 5 whole site you can enter the full path below The application supports HTTP and HTTPS websites e
112. tive password Screenshot 40 Scheduler web interface configuration By default the Scheduler web interface is only accessible via localhost and on port 8181 http localhost 8181 If you would like Scheduler web interface to be accessible from otherremote computers tick the Allow remote computers to connect option When enabled you will be prompted to specify ausername and password for HTTPS to be automatically enabled For security reasons login credentials must always be defined when the scheduler web interface is configured to be accessed remotely Note When you change any of the Web Interface settings upon clickingthe Apply button restart the Acunetix WVS Scheduler v8 Windows service from the Windows Services console Scan Options esults save folder Cc Users Public Documents cunetix WVS 81 LS Number of parallel scans 2 Screenshot 41 Scheduler scan options In thissection you can specify the path where the AcunetixWVSscan results should be saved By default the scan results are saved inthe My Documents folder of the Windows Publicuser profile inthe Acunetix WVS8 sub directory 73 Scanning multiple websites From this section you can also configure the number of parallel scans launched in AcunetixWVS E g if you want to scan 4 websites and their scan schedule overlaps instead of the scans being queued another instance of Acunetix WVSis automatically started and the scans will be launched in parallel
113. tles you to free version upgrades and support forthe duration of the agreement Free support and version upgrades are included in the price of the 1 year license Small Business Edition 1 Site Server The Small Business edition license allows you to install one copy of Acunetix WVSon one computer and scan one nominated site this site must be owned by yourself or your company and not by third parties Acunetix Small Business edition will leave atrail in the logfiles of the scanned server and scanning of third party sites is prohibited by the license agreement An Enterprise unlimited licenseis required to scan multiple websites Additional licenses are required for separate installs onto different workstations Enterprise Edition Unlimited Sites Servers The Enterprise edition license allows you to install one copy of Acunetix WVSon one computer to scan an unlimited number of sites or servers The sites or servers must be owned by yourself or your company and not by third parties AcunetixEnterprise edition willleaveatrailinthe log filesofthe scanned server and scanning of third party sitesis prohibited by the license agreement Additional licenses are required for separate installs onto different workstations 10 Enterprise Edition Unlimited Sites Servers x10 instances The ONLY difference between the Enterprise Edition and the Enterprise Edition x10instancesisthatthis edition of the Acunetix WVS Enterprise allows you to run up to 10
114. to specify what reporttemplateto use Click Help fora detailed explanation of the reporter parameters 78 12 Other Acunetix WVS tools The Target Finder The Target Finderisa port scannerthat can be used to discoverrunningweb servers on agiven IP or within aspecified range of IP s The listof portson which the web servers are listeningcan also be configured The default ports audited by the scanner are port 80 for HTTP and port 443 for SSL More information about the target finder can be found here http www acunetix com blog docs target finder The Subdomain Scanner The Subdomain Scanner scans a top level domain to discover any sub domains configured in its hierarchy by usingthe target domain s DNSserver or any other DNS server specified by the user More information aboutthe Subdomain scanner can be found here http www acunetix com blog docs subdomain scanner The Authentication tester The authentication tester is used to test the strength of both usernames and passwords within HTTP or web forms authentication environments viaa dictionary attack Target URL to test http testphp vulnweb com login php v Start Authentication method Web form based Select user password form fields to use FT Select Logon has failed if Result contains e you are not logged in v Username dictionary path C Program Files x86 Acunetix Web Vulnerability Scanner 7 Data General userlist txt le Password dictionary p
115. tors Pragma no cache Acunetix Aspect enabled Name Type Details Acunetix Aspect Password abOfbef99fdcb584385fa1745c622 ssn Number generator Range 1 250 Step 1 Enc None Acunetix Aspect Queries filelist aspectalerts 6 price Character genera Range 1 255 Step 1 Enc None Referer http testphp vulnweb com product php Content Length 19 Content Type application x www form urlencoded Host testphp vulnweb com Connection Keep alive User Agent Mozilla 4 0 compatible MSIE 6 0 Windows addcart addcart price price Name Start number 1 Stop number 250 Increment 1 Encoding None Number Generator Description This is a number generator It will generate all the numbers from Start number to Stop number using the Increment specified Details Parameter description e Start number Stop number From which number to start and at od Activity Window Ready Screenshot 52 The HTTP Fuzzer The HTTP Fuzzerallowsyouto take a particular HTTP request and automatically cycle through multiple variations of it For example you can send a large number of HTTP requests containinginvalid unexpected and random datato the web application to testthe website sinput validation capabilities and also handlingof unexpected data More information aboutthe HTTP Fuzzer can be found here http www acunetix com blog docs http fuzzer too 82 The HTTP Editor IL Acunetix Web Vulnerability Scanner
116. tra an 8 VV EDS CIVICCS Edl ASA a 8 iet iegdeiidstsllfldeflefie CC REN 8 REDON EE 9 NEW TO VERSION 8 OF ACUNETIX W VS vied ii 9 ACUNET XTRAINING vlt 10 EN SST yA UNET Gora dilata 10 Perpetual or Time Based Licenses ecsssssssssssesssssssssessssssssssesssessesssesssessesasesssessesasesssessesasesseenaeeasenseeansessensesseen 10 small Business Editon EE 10 Enterprise Edition Unlimited tes erverg een 10 Enterprise Edition Unlimited Sites Servers X10 IslancCee ee 11 ele EQU iaa addon 11 CGOnsulant Eaillon ier 11 ERTatons Of EVI NONE 11 2 INSTALLING ACUNET A WVS A a as 13 SYSTEM MININUM REQUIREMENTS iia 13 INSTALLING ACUNETIX WEB VULNERABILITY SCANNER EEN 13 INS FADING THE AGU SENSOR AGEN Trip ise 13 Generating er 13 Installing ACUSENSOF agent NES iaa 14 Installing AcuSensor agent for PHP esescsscsessssssessssssessssssssssssssssssssssssssessusssssssssssasssnssseeanessssaesssssasessesnsescessesaseass 15 Testing your AcuSensor AGO Nbussessessesssessessessesssessesssecssesssesssesssesssesssesssessseesessesserserssesaseesseesseesseesseesenssenn 16 DISABLING AND UNINSTALLING ACUSENSOR encinar 16 ACUS CASO TO NE TE A A nm eee 16 PICU S CIS OF for FAR ina 17 CONFIGURING AN HTTP PROXY OR SOCKS PROXY SERVER ENEE 17 SR NS EE 17 SOCKS FTVS UNOS EE 18 UPGRADING PROM VV VO Tasas 18 CODY recorded lodin S COUENIC ES aria ao 18 VIgrale TEDOMING CALA aS Cientos 18 SCANNING A WEBSITE aa 21 INTRODUCTION EE 21 STEP 1 SELEG T LARG
117. ttp httpd apache org docs 2 0 howto htaccess html The above directive can also be configured inthe httpd conf file Method 2 IIS and Apache php ini 1 Locate thefile php ini onthe server by using phpinfo function 2 Search for the directive auto_prepend file and specifythe path to the acu_phpaspect php file Ifthe directive doesnot exist add itin the php ini file auto _prepend _file path to acu_phpaspect php file 3 Saveallchangesand restartthe web serverforthe above changesto take effect Testingyour AcuSensor Agent To test if AcuSensoris working properly onthe target website 1 Inthe Tools Explorer Navigate to Configuration gt Scan Settings node and select the AcuSensor node 2 Enter the password of the AcuSensor agent file which was copied onthe target website 3 Click Test AcuSensor installation on a Specific URL A dialog will prompt you to submit the URL of the target website where the AcuSensor Agent fileisinstalled Enterthe desired URLand click OK Note Each time the password is changed and AcuSensor Technology agent files are generated the AcuSensor Technology agent files on the server must be updated Ina NET scenario you must un injed the files and uninstall the AcunetixAcuSensor Injector fromthe target server and then copy the new setup exeon the target system for it to be re installed Re inject the filesfor NEI oroverwrite the old acu_phpaspect php with the new one for PHP Disabli
118. u to identify more vulnerabilities than a traditional black box web security scanner and is designed to further reduce the detection of false positives Additionally it also indicates the code wherethe vulnerability was found This increased accuracy is achieved by combining black box scanningtechniques with dynamiccode analysis whilst the source code is beingexecuted For AcunetixAcuSensorto work an agent must be installed on your website to enable communication between Acunetix Web Vulnerability Scanner and AcuSensor Port Scanner and Network Alerts The Port Scanner and networkalerts give you the option to perform a port scan against the web server hostingthe scanned website When open ports are found Acunetix WVS will perform network level security checks against the network service runningon that port such as DNS Open Recursion tests badly configured proxy servertests weak SNMP community strings and many other network level security checks You can also write yourown network services security checks usingthe script engine A scripting reference Isavallable from the following URL http www acunetix com wlnerability scanner scriptingreference index html Target Finder The Target Finderisa port scannerthat allows you to locate web servers port 80 443 within agiven range of IP addresses If aweb serveris found the scanner will also display the response header of the serverand the web server software The port numbers to scan are c
119. use search engine friendly URL s Usingthe AcuSensor Technology the scanner is able to rewrite SEO URL s on the fly Ability to test for arbitrary file creation and deletion vulnerabilities E g Through a vulnerable script a malicious user can create a file in the web application directory and execute it to have privileged access or delete sensitive web application files Ability to test for email injection E g A malicious user may append additional information such asa list or recipients or additional information to the message body to a vulnerable web form to spam a large number of recipients anonymously Ability to test for file upload forms vulnerabilities E g A malicious user can bypass file upload form validation checks and upload amaliciousfileand execute it e Unlike othervulnerabilities reported in typical scans a vulnerability reported by the AcuSensor Technology contains much more detailed information It can contain details such as source code line number POST variable value stack trace affected SQLquery etc A vulnerability reported by the AcuSensor Technology willbe marked with AS in the title Acunetix WVS Program Overview The following pages briefly explain the main WVStools and features a Acunetix Web Vulnerability Scanner Consultant Edition fi acunetix Acunetix Web Vulnerability Scanner fe Web Scanner Performs automatic security auditing for web applications 5 Tools Security tools t
120. usion Jrun Python Ruby mod_ssl mod_perl mod_python OpenSSL acunetix Status Done SISSI aa gj lt Back _ ne Cancel Screenshot 12 Scan Wizard Selecting Targets and Technologies Acunetix WVSwill automatically fingerprint the target website s for basicdetails such as the server s operatingsystem and web server web server technologies and custom 404 error page in use Ifa custom 404 error page isbeingused Acunetix WVSwill automatically detect it and determinea pattern for it removingthe need for manual configuration For more details on Custom 404 Error Pages referto page 91 of this manual The web vulnerability scanner will optimize and reduce the scan time forthe selected technologies by reducingthe number of tests performed E g Acunetix WVS will notlaunch IISsecurity checks against a Linux system runningan Apache web server Clickon the relevant field and change the settings from the provided check boxes if you would like to add or remove scans for specifictechnologies Note if a specificweb technology isnot listed under Optimize forthe followingtechnologjies it does not mean that itis unsupported by WVS but that there are no vulnerability tests exclusive to that technology Step 4 Configure Login for Password Protected Areas 2 types of Login mechanisms are commonly used onthe web e HTTP Authentication Thistype of authentication ishandled by the web server where the useris prompted with a passwo
121. ver Tick the check boxto configure AcunetixWVSto use a HTTP proxy server 17 e Hostname and Port Hostname or IP address and port number of the HTTP proxy server e Username and Password Credentials used to accessthe proxy If no authentication is required leavethese optionsempty SOCKS Proxy Settings e Usea SOCKS proxy server Tickthe checkboxto configure AcunetixWVSto use a SOCKS proxy server e Hostname and Port Hostname or IP address and port number forthe SOCKS proxy server e Protocol Select which SOCKS protocol to use Both Socks v4 or v5 protocolsare supported by Acunetix WVS e Username and Password The credentials used to access this proxy If no authentication is required leave these options empty Upgrading from WVS 7 Acunetix WVS7 and WVS 8 can run in parallel onthe same computer Therefore you can install both versionsonthe same computer without having any conflicts Automaticimporting of application settingsfrom version 7to version 8 isnot possible because of the major changesin application settings between the two versions Though you can copy the recorded login sequences and reporting database fromthe version 7to version 8 installations by followingthe instructions below Copy recorded login sequences 1 Switch off both versions of Acunetix WVS 2 Navigate to C Program Files x86 Acunetix Web Vulnerability Scanner 7 Data General LoginSequences 3 Copyall recorded login sequence
122. wed M Not allowed x ia Screenshot 44 Excluded Hours Configuration To add a new Excluded Hours Template clickonthe Add button and then 1 Specifyaname of the template inthe Name input field 2 Highlightthe hours of the day when scans should not run 3 Click OKto save the new template Note If a scan is still running duringthe excluded hours the scan will be automatically paused and resumed again when scanningis allowed Creating a Scheduled scan l Accessthe Scheduler interface by clickingthe Scheduler Icon 4d on the toolbar in the Acunetix WVSinterface or browse http 127 0 0 1 8181 usinga web browser Note avaScript should be enabled to access the Acunetix Scheduler web interface racunetix WEB APPLICATION SECURITY schedule new scan Screenshot 45 Acunetix Scheduler web interface 2 Clickon schedule new scan to add a new scan You can add as many scans as you wish If the scan schedule overlaps they will be scanned in parallel You can increase or decrease the number of parallel scans from the Scheduler configuration inthe Acunetix WVSapplication settings 75 Scheduled Scan Basic Options Basic options Scan type Scan a single website z Website uR SS tC CS s SC S Recursion one d Date 10 25 2011 Time 111 16 Advanced options gt Crawling options gt Scan results and reports OK Cancel E Screenshot 46 Acunetix Scheduler Basic options
123. were solved You can start the HTTP Editorfromthe Tools node within the Tools Explorer The Top pane inthe HTTP editor displaysthe HTTP request data and headers The bottom pane displays the HTTP response headers data More information about the HTTP editor can be found here http www acunetix com blog docs http editor 83 The SQL Injector E Acunetix Web Vulnerability Scanner NFR Evaluation Edition File Actions Tools Configuration Help New Scan Je Y Y 12 Be Oli elg23dhi 3 Sia 21 a D al Duaa Be g HTTP Request settings Tools d Default value 1 El 1 GET artists php artist finjecthere HITP 1 1 2 Cookie mycookie 3 3 Host testphp vulnweb com 80 4 Connection Keep alive 5 Accept Encoding gzip deflate 6 User Agent Mozilla 4 0 compatible MSIE 6 0 Windows NT 5 0 NET CLR 1 1 4322 7 8 Look for OQ O A ro el Plain text y Ei n Aa A artist_id int aname varchar adesc text atabase fe a j h 1 r4w8173 lt p gt 0ALorem ipsum dolor sit ge eg DEES 2 Blad3 lt p gt 0ALorem ipsum dolor sit acuar 3 lyzae lt p gt 0ALorem ipsum dolor sit KS ne E artist_id int E aname varchar EJ adesc text 5 carts E categ gt featured X s aptent taciti sociosqu ad 0Alitora torquent per conubia nostra per inceptos hymenaeos Aliquam lacus 0AMauris magna eros semper a tempor et rutrum et tortor 0A lt p gt Activity Window Ready Scre
124. with keyword and exclude them from a default scan Click Check Visible to check all entries again and include them ina default scan Crawling Options Referto page 44 of this manual for more information onthe crawling options HTTP Options HTTP General e Useragent string Configure what user agent header string Acunetix WVSshould use when accessingatarget website You can click on to use a predefined user agent stringor you can specify your own custom user agent string by manually typingitin 89 e Maximum number of parallel connections Specifythe maximum number of HTTP connections made to a target website If overloaded with requests some target servers might crash or reject new connections e HTTP requesttimeoutin seconds Specify how longAcunetixWVS must waitfora HTTP response before considering it astimed out e Delay between consecutive requests in milliseconds Configure the delay between each HTTP request AcunetixWVSsendsto the target website e HTTP response size limitin kilobytes Maximum HTTP response size accepted bythe crawler Larger HTTP responsesthan the specified size willnot be crawled with this option you are controllingthe maximum size of the requested files Custom HTTP Headers In thissection you can specify custom HTTP Headers that Acunetix WVS should include with the other standard HTTP headers while automatically crawling and scanningawebsite LAN Settings For more details on configuring LAN and proxy settings
125. y The pattern can be plain text or a regular expression e g lt a s nref logout php gt You can also highlight specific content and click on Define pattern from selection and a regular expression willbe automatically generated f Login Sequence Recorder of xj Set start URL to define a URL http 1110 172 0 127 acuart D Detect login sequence for In session out of sessio n racunetix MAA Record login actions Setup restricted links u Setup in session detection detection of invalidated sessions Review login sequence home categories artists disclaimer your cart guestbook AJAX Demo searchart welcome to our page go Test site for Acunetix WVS Browse categories Browse artists Your cart Signup Your profile Our guestbook AJAX Demo Logout Links Security art In headers Fractal Explorer Not in headers Notin body Show in browser Show raw data G Define pattern from selection EE a e Sr oacunetix Pattern 7i lt a s href logout php gt Pattern type 2 Check pattern Help Back Next Cancel Screenshot 19 Specify an In session or Out of session pattern Drop down menu You also have to specify where the pattern can be found in the response From the Pattern Type drop down menu select if the pattern is In headers Not in headers In body Not in body Status code is and Status code is not Click on Check Pattern to verify that the crawleris able to
126. y levels High Risk Alert Level 3 Vulnerabilities categorized as the most dangerous which puta site at maximum risk for hacking and data theft Medium Risk Alert Level 2 Vulnerabilities caused by ss server mis configuration and site coding flaws which facilitate server disruption and intrusion mea Low Risk Alert Level 1 Vulnerabilities derived from lack of e encryption of datatraffic or directory path disclosures W i Informational Alert Sites which are susceptible to Wa revealing information through Google hacking search strings or email address disclosure Ifa vulnerability is detected by the AcuSensor Technology AS is displayed next to the vulnerability group More information about the vulnerability is shown when you click on an alert category node 31 e Vulnerability description A description of the discovered vulnerability e Affecteditems The list of files vulnerableto the discovered vulnerability e The impact of this vulnerability Level of impact on the website orweb server if this vulnerability is exploited e Attack details Details about the parameters and variables used to test forthis vulnerability E g fora Cross Site Scripting alert the name of the exploited input variable and the stringit was set to will be displayed You can also find the HTTP request sent to the web server and the response sent back by the web server includingthe HTML response The attack can be inspected and re lau
127. yout of the target website includingall files and directories discovered duringthe crawling process EI Acunetix Web Vulnerability Scanner Consultant Edition 0 x File Actions Tools Configuration Help i New Scan e Y i B a e A Lo Leo A y vi la a 0 G d ld e di Repo y Start URL h tp testphp vulnweb com 80 z Profile Default O stp Hl Pause Laa Ges a al information about the selected file Right click on i e E lal Scan Thread 1 http testphp vulnweb co Scanning S fr SE S tion about Right dick on items fly Web Alerts 53 Ki Knowledge Base Filename categories php Site Structu E Page title picture categories e ox Filepath categories php E l o em Forbidden O URL http testphp vulnweb com cat GK AJAX oK O HTTP Result Ok 200 compat Forbidden O Leng 5Kb E R Connection Forbidden O File will be scanned Tr 9 cvs Forbidden Content type text html IS 9 Flash Forbidden O Aspect enabled 9 images Forbidden O Statu as processe d E R Mod_Rewrite_Shop OK O Detected applicat E 9 pictures Forbidden E secured OK H 9 Templates Forbidden E L wvstests Forbidden H R _mmServerScripts Forbidden 404 Ok E 8a4bb43c50dad624669559f838 OK 9 acunetix_file_indusion_test oK 9 acunetix_md5_random php OK acunetix_not_execut OK 9 acunetix_rfi_test php OK Er 9 artists php OK we artist 1 OK ww artist 2 OK ole

Download Pdf Manuals

Related Search

Related Contents

Section 1 - Community Transit  Owner`s Manual L2300A series  STN2 Series Thermal Mass Flow Meter User Manual  KRAFTWERK 3604  Service Manual Technical  BASAT 2.7 User Manual - CUNY Building Performance Lab  

Copyright © All rights reserved. Failed to retrieve file