This article is for safe learning use only! Do not use illegally.
1. Overview of NetSparker
Netsparker is a comprehensive web application security vulnerability scanning tool. It is divided into a professional version and a free version. The free version is also more powerful. One feature that sets Netsparker
apart from other comprehensive web application security scanning tools is its ability to better detect SQL injection and XSS
type security vulnerabilities. Web application vulnerabilities that Netsparker can identify include SQL injection, XSS, command injection, local file inclusion and arbitrary file reading, remote file inclusion, frame injection, internal path information disclosure, etc.
Unlike other missed scan tools, Netsparker has a fairly low false positive rate because it performs multiple tests to confirm any identified vulnerabilities.
Two, NetSparker use
-
Start scanning
Double-click to open the exe program of Netsparker, or click "New" in the upper left corner, enter the URL to be scanned, and click "Start Scan";
-
Scanning progress
During the scanning process, you can see the scanning progress at the bottom or Progress
-
User Interface
After scanning is completed, the functions of the user interface are shown in the figure below.
-
Scan the page after login
Create a new scan task and enter the URL. Select "Authentication" -> "Form" on the left, enter the login page URL and username and password, and use the "Verify Login & Logout" button to confirm whether you can log in and log out normally. After filling, click "Start Scan" to start scanning. You can scan to the page after login.
-
Export scan report
Click "Reporting" –> "Detailed Scan Report" to export a detailed scan report, you can choose html or pdf format.
