The AWVS tool occupies a pivotal position in the network security industry. As a security service engineer, the AWVS tool brings great convenience to security personnel when doing penetration testing and greatly improves work efficiency.
Table of contents
Introduction to the main operating areas of AWVS
Functions and features of AWVS Functions and features
AWVS menu bar, toolbar introduction
Introduction to basic functions of AWVS
Spider crawler function of AWVS
AWVS Target Target Detection Tool
AWVS Basic OperationsBasic Operations—Site Scanning (Key Points)
Use awvs to detect scan results
Acunetix WVS Site Scan (Experimental)
AWVS tool introduction
Acunetix Web Vulnerability Scanner (AWVS for short) is a well-known web network vulnerability scanning tool. It tests your website security through web crawlers and detects popular security vulnerabilities. It includes paid and free versions. The official website of AWVS is: http://www.acunetix.com/, the official download address: https://www.acunetix.com/vulnerability-scanner/download/, and the official free download This is a 14-day trial version.
AWVS interface introduction
The interface of AWVS is mainly divided into six parts, namely: title bar, menu bar, toolbar, main operation area, main interface, and status area.
Introduction to the main operating areas of AWVS
Functions and features of AWVS Functions and features
a), Automatic client-side script analyzer, allowing security testing of Ajax and Web 2.0 applications.
b), The industry’s most advanced and in-depth SQL injection and cross-site scripting testingc )
, Advanced penetration testing tools such as HTTP Editor and HTTP Fuzzer
d), Visual macro recorder helps you easily test web forms and password-protected arease
), supports pages containing CAPTHCA, single start command and Two Factor (two-factor) authentication mechanismf), rich reporting functions, including VISA PCI compliance reporth), high-speed
multi-threaded scanner to easily retrieve thousands of Page
i), Smart crawler detects web server type and application language
j), Acunetix retrieves and analyzes websites including flash content, SOAP and AJAX
k), Port scans web servers and performs security checks on web services running on the server
l), website vulnerability files can be exported
AWVS menu bar, toolbar introduction
Menu Bar
File——New——Web Site Scan: Create a new website scan.
File——New——Web Site Crawl: Create a new website crawl.
File——New——Web Services Scan: Create a new WSDL scan
. Load Scan Results: Load a scan result.
Sava Scan Results: Save a scan result
Exit: Exit the program
Tools: Refer to the tools Configuration in the main operating area
—Application Settings: Program settings
Configuration—Scan Settings: Scan settings
Configuration—Scanning Profiles: Focus on scanning settings
Help—Check for Updates: Check for updates
Help——Application Directories——Data Directory: Data directory
Help——Application Directories——User Directory: User directory
Help——Application Directories——Scheduler Sava Directory: Scheduled task saving directory
Help——Schedule Wen Interface : Open the WEB mode scheduled task scanning office
Help - Update License: Update the license information of AWVS
Help - Acunetix Support - User Mannul (html): User HTML version manual
Help——Acunetix Support——User Mannul (PDF): User PDF version manual
Help——Acunetix Support——Acunetix home page: AWVS official website
Help——Acunetix Support——HTTP Status: Introduction to HTTP status codes
toolbar
From left to right they are (these can be found in the main operating area, so are not commonly used):
New scan - website scan - website crawling - target search - target detection - subdomain scan - SQL blind injection - HTTP editing - HTTP sniffing - HTTP Fuzzer - certification test - result comparison - —WSDL Scan—WSDL Edit Test—Program Settings—Scan Settings—Focus on Scan Settings—Scheduled Tasks—Report
Introduction to basic functions of AWVS
Spider crawler function of AWVS
Site Crawler
Click Start to crawl the entered URL. However, some pages require login. Some files cannot be crawled without logging in. You can select the login sequence that can be logged in to log in (the login sequence is detailed in Application Settings) and crawl the web. The results can be saved as a cwl file for use in subsequent site scans.
AWVS Target Target Detection Tool
Target Finder
Equivalent to an enhanced version (for WEB penetration testing) of port and banner detection tool functions:
- Detect IPs that open specific ports in specified IP/IP segments
- After detecting the IP, detect the banner information of the port to detect the version information of the middleware of the WEB service running on the port.
- You can specify an IP address segment for port scanning (similar to Nmap), which can be used for information collection.
- After performing port scanning, service discovery will be performed to obtain the corresponding service on the port.
AWVS subdomain detection tool
Subdomain Scanner
uses DNS for domain name resolution. To find subdomains under the domain name and their host names (for information collection), you
can choose to use the DNS server configured by the operating system by default or a customized DNS server (Google: 8.8.8.8)
AWVS HTTP sniffing tool
HTTP Sniffer is similar to BP proxy. You must first set up the proxy (Application Settings->HTTP Sniffer), intercept the data packet, modify the data packet, submit or discard it.
Use the proxy function to manually crawl (save it as an slg file and click Build structure from HTTP sniffer log on the Site Crawler page) to obtain files that cannot be crawled by automatic crawling.
AWVS HTTP fuzz testing tool
HTTP Fuzzer
is similar to BP intruder. It performs brute force cracking. Click + to select the type and click insert to insert.
Note: When inserting letters, select the range of letters and fill in the ASCII codes corresponding to the letters.
AWVS Basic OperationsBasic Operations—Site Scanning (Key Points)
Create a scan project
The first step is Scan Type:
As shown in Figure 5-2-1, first select New Scan, the first red box in the picture, then select the second red box in the pop-up window, and enter the input to be detected in the input box The URL of the target website, and then click Next below. The basket frame is what we want to talk about additionally. The content of this is that if we have used a crawler to crawl the target website before, we can use the blue frame to load the saved file and continue crawling. However, in this experiment, because this is the first time we crawled this website, so there is no need to use this.
Figure 5-2-1
Step 2: As shown in Figure 5-2-2, this interface allows us to select attack modules. We can select different attack modules according to different attack requirements. Here we select Default (default) and use the default module.
Figure 5-2-2
awvs provides a total of 16 attack modules , as shown in the following table:
Defalut defaults to all detection of
AcuSensor Acunetix sensor mechanism, which can improve vulnerability review capabilities. Files need to be installed on the website. Currently, ASP.NET/PHP
Blind SQL Injertion SQL blind injection detection
CSRF detection cross-site request forgery
Directory_And_File_Checks Directory and file detection
Empty No Use any detection
GHDB Use Google hacking database to detect
High Risk Alerts High risk warning
Network Scripts Network script detection
Parameter Manipulations Parameter operation
Sql Injection SQL injection detection
Text Search Text search
Weak Passwords Detection of weak passwords
Web Applications Web application detection
XSS Cross-site request forgery
File Upload detection File upload vulnerability
If you want to adjust or modify the attack module, modify it according to the path Configuration >> Scanning Profiles, as shown in Figure 5-2-3:
Figure 5-2-3
Step 3:
As shown in Figure 5-2-4, awvs will automatically identify the information of the detected site and display it on this page. You can also select the script language of the target website. If you don’t know, you can not select it and just click Next. Can.
The content in target information is:
base path: the root path of the scanning target
server banner: the banner of the service
target URL: the target url
operating system: the target operating system
webserver: the target web server
Figure 5-2-4
Step 4:
As shown in Figure 5-2-5, you can enter or fill in the login information according to your needs. If not, just follow the default settings, and then click "Next"
PS: If the website requires login, you need to provide login information, otherwise Some pages that require login to operate cannot be detected.
1)Use pre-recorded login sequence option, the first red circle:
In the yellow circle: You can directly open the built-in browser of AWVS and record the script to log in to the website under test.
In the blue circle: You can import the recorded login script.
2) Try to auto-login into the site option, the second red circle:
You can directly enter the account name and password required to log in to the website, and then AWVS uses automatic detection technology to identify it, eliminating the need to manually enter the login process.
Because the website we are about to visit is a website that can be accessed without logging in directly, we will not go into details here.
Figure 5-2-5
Step 5:
As shown in Figure 5-2-6, click Finish directly. After that, awvs will scan the target website, and then you need to wait patiently for the scan to complete.
Figure 5-2-6
Use awvs to detect scan results
View scan results
As shown in Figure 5-2-7, it is the scanning result of the scanning project "www.any.com" created in the previous section. Because the target website is too large, it will take a long time to complete the complete scan, so this time it will be paused when the scan reaches 10%, and the results of the scan will be used to detect the vulnerabilities of the website. The pause button is Pause in the upper right corner of the interface. The picture shows the interface after clicking Pause, so Resume is displayed.
Figure 5-2-7
After a successful pause, look at Figure 5-2-8. You can see that it is divided into three sections. The red box on the left shows the details of the vulnerabilities that have been discovered. The red box on the upper right shows the discovered high, medium and low risk vulnerabilities. and irrelevant information. It can also be seen from the color that high-risk vulnerabilities are red, medium-risk vulnerabilities are yellow, low-risk vulnerabilities are blue, and green is information with little harm. The red line in the lower right corner is the scan progress. It can be seen that our scan only completed 10.23% of the time before it ended.
Figure 5-2-8
Check scan results
Verification vulnerability: As shown in Figure 5-2-9, we click on a vulnerability at random, and then write the red line into the browser's URL, as shown in Figure 5-2-10. As can be seen from Figure 5-2-10, in the error message, the names of the database and data tables used by the system were leaked, and this should have been very confidential information.
Figure 5-2-9
Figure 5-2-10
View the scanned website structure: As shown in Figure 5-2-11, find any ordinary website information, for example, select site struckure→/→member→index.php, select the first one, and after clicking, you can see the right column In the information that appears, you can see that the content of the page title in the second line is "Bailu's Space". It is initially speculated that this is a user's personal space. From the returned status code 200 displayed in the fifth line, it is inferred that login can be done. Therefore, copy The URL on the fourth line, then enter the browser and paste the copied URL into the address bar.
Figure 5-2-11
As can be seen from Figure 5-2-12, by entering the URL in the address bar, you can directly enter the user's "Bailu" space without logging in.
Figure 5-2-12
Save scan results
After the scan is completed (the scan must be completed after all scans are completed), the scan results can be saved. Because the target website is too large and the scan takes too long, students can choose to create a new scan for www.any.com/2.php, which will be very fast. The scan is complete, and then you can save the scan results for this scan. In the pictures in this lesson, I still use the website www.any.com), select File→Save Scan Results, as shown in Figure 5-2-13 :
Figure 5-2-13
After entering the file name, select Save. As shown in Figure 5-2-14:
Figure 5-2-14
Export scan report
After the scan is completed, find the report in the toolbar, as shown in Figure 5-2-15:
Figure 5-2-15
Then a preview of the scan report will appear, as shown in Figure 5-2-16. The red framed position is the preview of the scan report. Select the save button to save it.
Figure 5-2-16
After entering the file name, select Save. As shown in Figure 5-2-17:
Acunetix WVS Site Scan (Experimental)
The first step is to start our environment and find the Acunetix wvs tool in the experimental tools.
In the second step, we click "New Scan" on the menu bar in the upper left corner, enter the URL: www.any.com, and click Next to enter Options.
In the third step, we default all the way, click Next, and enter Target.
The scanning types in the Scanning profile are as follows. Users can also create new scanning types in Configuration >> Scanning profile in the left column of the main interface.
There is only one Scan Settings by default, Default. Users can go to Configuration >> Scan Settings to create new scan settings, or click Customize next to them.
The fourth step is to see the information of the website to be scanned in the Target option. From top to bottom they are: Base path (website root directory), Server banner (Apache, PHP version, OpenSSL version), Target URL (final target) URL), Operating system (server OS), WebServer (server middleware). Continue to click Next to enter Login.
Step 5: Continue to click Next in the login option until Finish appears, click Finish to start scanning.
Step six, we can see that the site scan is in progress.
After the scan is completed, we open a vulnerability record. After clicking, the vulnerability details will appear in the left part, including vulnerability introduction, site vulnerability description, vulnerability number and related information. Right-click on the vulnerable site, there are five options: edit in HTTP Editor; output to HTTP Fuzzer for fuzz testing; output to Blind SQL Injector for injection testing. This option is only valid for SQL injection vulnerabilities, otherwise is gray; retry the test; mark the alert as a false positive. Below is the operation log, you can see the words stop scanning.
Pull down the scroll bar on the left half, you can see the website directory, select a web page, you can see the web page information displayed on the right side, from top to bottom: file name, web page title, page file directory, URL, HTTP status code, whether the page should be scanned, content type (the picture is text), discovered location (Discovered from), connection depth (which level of directory under the root directory of the website), page status, detected application (Detected application). At the bottom on the right, we can also choose to view the Referers, HTTP request headers, input variables, source code, etc. of the web page. Right-click the web page on the left, and the options in the pop-up menu are: copy the location to chipboard, open the web page in the browser, edit in HTTP Editor, output to HTTP Fuzzer for fuzz testing, and find http status code.
May the journey be long, don’t forget it in the future. May you be neither arrogant nor impetuous, and be stable and contented.
learning route
For students who have never been exposed to network security, we have prepared a detailed learning and growth roadmap for you. It can be said to be the most scientific and systematic learning route. It will be no problem for everyone to follow this general direction.
At the same time, supporting videos are provided for each section corresponding to the growth route:
