The installation and configuration process of the vulnerability scanning tool AWVS

Introduction

Acunetix Web Vulnerability Scanner (AWVS) can scan any Web site accessed through a Web browser and following HTTP/HTTPS rules. Intranets, Extranets, and Web sites for customers, employees, vendors, and others for any small, medium, or large business.
AWVS can audit the security of web applications by checking vulnerabilities such as SQL injection attack vulnerabilities and XSS cross-site scripting attack vulnerabilities.
Features:
● Automatic client-side script analyzer allowing security testing of Ajax and Web2.0 applications
● Industry's most advanced and in-depth SQL injection and cross-site scripting testing
● Advanced penetration testing tools such as HTPP Editor and HTTP Fuzzer
● Visual macro recorder helps you easily test web forms and password-protected areas
● Supports pages with CAPTHCA, single start command and Two Factor (two-factor) authentication mechanism
● Rich reporting functions, including VISA PCI compliance report
● High speed Multi-threaded scanner easily retrieves thousands of pages
Intelligent crawler detects web server type and application language
Acunetix retrieves and analyzes websites, including flash content, SOAP and AJAX
Port scans web servers and scans web servers running on the server Perform security checks on network services
● Can locate website vulnerability files

Install

This is a paid scan tool, the official website: http://wvs.evsino.com/
supports various operating systems, and also supports Docker.
We choose to install the Docker version for learning.
If you install Docker in kali, it is recommended to refer to: https://blog.csdn.net/qq1140037586/article/details/126817404
and then refer to dockerhub for details:
https://hub.docker.com/r/secfa/docker-

The effect after awvs installation:

login:

Interface Introduction

主菜单功能介绍：
主菜单共有5个模块，分别为Dashboard、Targets、Vulnerabilities、Scans、Reports。

Dashboard：仪表盘，显示扫描过的网站的漏洞信息

Targets：目标网站，需要被扫描的网站

Vulnerabilities：漏洞，显示所有被扫描出来的网站漏洞

Scans：扫描目标站点，从Target里面选择目标站点进行扫描

Reports：漏洞扫描完成后生成的报告

设置菜单功能介绍：
设置菜单共有8个模块，分别为Users、Scan Types、Network Scanner、Issue Trackers、Email Settings、Engines、Excluded Hours、Proxy Settings

Users：用户，添加网站的使用者、新增用户身份验证、用户登录会话和锁定设置

Scan Types：扫描类型，可根据需要勾选完全扫描、高风险漏洞、跨站点脚本漏洞、SQL 注入漏洞、弱密码、仅爬网、恶意软件扫描

Network Scanner：网络扫描仪，配置网络信息包括地址、用户名、密码、端口、协议

Issue Trackers：问题跟踪器，可配置问题跟踪平台如github、gitlab、JIRA等

Email Settings：邮件设置，配置邮件发送信息

Engines：引擎，引擎安装删除禁用设置

Excluded Hours：扫描时间设置，可设置空闲时间扫描

Proxy Settings：代理设置，设置代理服务器信息

Instructions

Add Target:


Scan Settings:

Scan Interface:



This is the easiest way to use AWVS!