Commonly used wed scanning tools awvs|appscan|Netsparker|Nessus

1. awvs

is a well-known automated network vulnerability scanning tool

Features:

1.WebScanner
: Whole site scan, Web security vulnerability
scanning
.Blind SQL Injector: Blind injection tool
6.HTTP Editor: http protocol packet editor
7.HTTP Sniffer: HTTP protocol sniffer
8.HTTP Fuzzer: fuzzing
tool9.Authentication Tester: Web authentication cracking
tool10.Web Srevice Scanner: Web Service Scanner
11. Web Srevice Editor: Web Service Editor

1. Set the target and write the domain name to be scanned

2. Target setting, setting vulnerability search and request method

3. Select scan options

4 Start scanning and wait for the result

Scan to an xss cross-site scripting

verification

Tips

1. File header plus

Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)

Can bypass dogs, waf, etc.

In addition, if it is easy to kill the other party, you can set limit number in the first item... Here is the maximum number of concurrent connections. The default is 10, and it can be changed to 2-5.

Some WAFs will intercept the access request time too fast, and can delay sending packets. The default value of Delay between is 0, which is changed to 1-5.

2. Some pages of the form authentication user, such as scanning the background, scanning the pages that the user can access after logging in, need to log in the user password to verify and then scan, I think the script that records the login can never solve the problem of the verification code, so here We solve it by setting cookies

3. Setting exclusion urls, such as "log out", will clear the cookie and session, causing the scan to terminate, first find the logout link.

4. Sometimes some pages require a secondary password, which requires a preset form autofill. First, we use the browser F12 to see the name of the form, and then enter the AWVS settings.

For example, if the age field appears in the HTML form submission, it will automatically fill in the value of 20. In the field: The web is a representation with wildcards, such as 1web2, which satisfies the web , of course, without any wildcards, such as password2

Second, APPScan

IBM AppScan is a very easy-to-use and powerful web application security testing tool, once known in the industry as Watchfire AppScan, Rational AppScan can automate the security vulnerability assessment of web applications, and can scan and detect all common web application security vulnerabilities , such as SQL injection (SQL-injection), cross-site scripting attack (cross-site scripting), buffer overflow (buffer overflow) and the latest Flash/Flex applications and Web 2.0 application exposure and other aspects of security vulnerability scanning.
APPScan settings Chinese

1. New scan:

2. Scan Configuration Wizard

①Configure URL and server

②Configure login management

During the scanning process, you may accidentally hit the exit button and cause Appscan to log out. Therefore, to log in to the application, we need to set it according to our needs.
In the case where the test web does not have a verification code, you can use (1 and 3 login methods).
In the case where the web has a verification code, you can use the second login method. The first method is recommended.
Record: After selecting this item, a new browser will appear and try to link to the specified website as the starting URL of this scan. You need to enter the account and password to log in to the application. After this setting, you can close the browser, But don't click the logout button. Sometimes you will find that the opened browser is not IE or Mozilla, but Appscan browser. You can change this by setting. Tools -> Options -> Advanced, set the value of OpenIEBrower 0 - Appscan browser, 1 - IE, 2 - Firefox, 3 - Chrome. If the website behaves differently under different browsers, this setting will be Very useful.

Tip: After each logout, Appscan will prompt you to log in to the application. You can select this option if you plan to scan your entire system.

Automatic: You can directly specify the username and password here, when you need to log in to the application.

After entering the user name and password on the interface opened by the browser (the web to be scanned), click the login button of the system. If the login is successful, you can click [I am logged in to the site]. appscan will start to analyze the login operation, and if the login operation is successfully recorded, the logout operation will be performed.

After appscan completes the logout operation, it will return to the configuration wizard interface: there is a sign, indicating that the record has been successful.

【Note】Appscan uses an external browser problem. Currently only supports IE, Firefox, Chrome three browsers. In version 9.0.1.1 it can be found in Tools-Options-Scan Options.

Earlier versions have OpenExternalBrowser in Tools-Options-Advanced. The parameter 1 is IE, 2 is Firefox, and 3 is Chrome.

【Verify login】Use the content returned by the login interface to verify the session

3. Test strategy

During a scan, AppScan® can send thousands of tests. Sometimes it's better to limit scans to only specific types to reduce scan time. This is the "test strategy". Several test strategies explained:

Default: Include multiple tests, but exclude intrusive and port listeners

Application only: includes all application-level tests, but excludes intrusive and port listeners

Infrastructure only: includes all infrastructure level tests, but excludes intrusive and port listeners

Intrusive: Contains all invasive tests (those that may affect server stability)

Done: This policy includes all AppScan tests except for port listener tests.

Critical Few: Contains a selection of tests with a high probability of success that may be useful for site evaluation when time is limited

Developer Essentials: Contains a selection of application tests with a high probability of success, which may be useful for site evaluation when time is limited

Third-Party Only: This policy includes all third-party-level tests except intrusive and port listener tests.

Production site: This policy "excludes" invasive testing that could damage the site, or testing other users that might cause a "denial of service".

Web Services: This policy includes all SOAP-related non-intrusive tests.

4. Done

Select – Start a full automatic scan, and click the [Finish] button.

Scanning experts will first roughly explore the website under test and make recommendations to better scan the application.

Manually Configurable Environment: Improves performance and accuracy.

5. Start the test

After applying the scan expert's advice, the entire scan begins. The system will first scan the general website to understand the pages to be tested, the test elements, and the number of requests sent. After the scan is over, start the test.

6. The end of the test

7. Generate test report

8. About manual exploration

If you want to quickly verify the system, you can manually explore some important interfaces, and the parameters for filling in the form will also be recorded, focusing on the explored interface for testing.

If it is the exploration of the whole system, it will take a long time, but it is more comprehensive, and the verification of the form is not detailed enough

netsparker

Four nessus use

1. Log in to the control panel, create a new scan, and then click Advanced Scan to configure the scan.

We can view the plugin information used in the Plugins option.


Click on "Vulnerables" to see the vulnerabilities that our scan found.