WebVulScan - Web Application Vulnerability Scanner
WebVulScan is a web application vulnerability scanner that can be used to test remote, or local, web applications for security issues. This tool is actually a web application itself.
Features:
- Crawler: Crawls a website to identify and display all URLs belonging to the website.
- Scanner: Crawls a website and scans all URLs found for vulnerabilities.
- Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
- Register: Allows a user to register with the web application.
- Login: Allows a user to login to the web application.
- Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
- PDF Generation: Dynamically generates a detailed PDF report.
- Report Delivery: The PDF report is emailed to the user as an attachment.
- Reflected Cross-Site Scripting
- Stored Cross-Site Scripting
- Standard SQL Injection
- Broken Authentication using SQL Injection
- Autocomplete Enabled on Password Fields
- Potentially Insecure Direct Object References
- Directory Listing Enabled
- HTTP Banner Disclosure
- SSL Certificate not Trusted
- Unvalidated Redirects
It requires the following:
- A web server capable of running PHP web applications such as Apache.
- MySQL.
- PHP.
How To Deploy WebVulScan
First, download WebVulScan, and place the folder containing the source code into the folder that your web server looks for to serve on your domain. In Apache this is the "htdocs" folder.
Then, using your browser, request "localhost/webvulscan_vx.xx", where "webvulscan_vx.xx" is the folder containing the source code, and you will be brought to the homepage of the web application vulnerability scanner.
Now, import the database named "webvulscan.sql", which is contained in the source code folder into your MySQL database.
Note: The database credentials that the scanner is using are the "root" user with no password.
If you want to change this it can be edited in "webvulscan_vx.xx/ scanner/ functions/ databaseFunctions.php" in the connectToDb() function. The second and third parameter passed into the mysqli constructor are the username and password of a MySQL database user. e.g. "root" and "".
For whatever user you are using in the connectToDb() function, you must ensure there is a corresponding database user in the database and they have sufficient privileges to read/write from/to the webvulscan database.
If you are running this on Linux, you must ensure the application has permissions to write to the logs folders and the reports folder.
- This can be done using the "chmod” command.
- Using the terminal, cd (change directory) to the "crawler" folder and enter "sudo chmod -R 777 logs/".
- Then cd to the "scanner" folder and enter "sudo chmod -R 777 logs/".
- Also, when in the scanner folder, enter "sudo chmod -R 777 reports/".
If users are to receive PDF reports by email, PHP’s mail() function must be able to send emails. If you do not have email functionality setup on your web server, this step will guide you on how to route the emails through a Gmail account. This is not an essential requirement as users can view and download PDF reports using the scan history feature.
- Setting up an email server can be quite complex and time consuming so a simpler solution is to use Gmail. A Gmail account can be used by the web application to send emails from.
- Visit gmail.com and create an account. Users of the web application will then receive scan reports from this email address. Take note of your email address and password.
- Now the application "sendmail", with TLS support, must be installed and configured to route outgoing emails through the Gmail account. The sendmail zip file can be downloaded here: http://www.glob.com.au/sendmail/sendmail.zip
- Once sendmail is installed, open the sendmail.ini file. You need to change the settings to the following:
- smtp_server=smtp.gmail.com
- smtp_port=587
- smtp_ssl=auto
- error_logfile=error.log
- auth_username=youremail@gmail.com
- auth_password=yourpassword
- pop3_server=
- pop3_username=
- pop3_password=
- force_sender= youremail@gmail.com
- force_recipient=
- hostname=
- Under the "[mail function]" section, comment everything out in that section, using a semi colon, apart from "sendmail_path" and "mail.add_x_header".
- Therefore you should probably have to comment out "SMTP = ..." and "smtp_port = ..." and you should have to uncomment "sendmail_path = ...".
- Set "sendmail_path" equal to the location of your sendmail.exe file (e.g. "\"C:\xampp\sendmail\sendmail.exe\" -t") if it is not already set to that.
- Set "mail.add_x_header" equal to Off if it is not already set to Off.
- Save php.ini
Other PHP settings also need to be configured by editing the php.ini file.
- Memory_limit is set equal to 128M, you may need to change this to a higher value if you are running multiple scans simultaneously.
- You need to enable the "curl" and "openssl" extensions. Under the Extensions section, ensure "extension=php_curl.dll" and "extension=php_openssl.dll" are there and are not commented out. If they are not there, add them. If they are there and are commented out by a semi colon in front of them, remove the semi colon to uncomment them.
Now restart the web server.
The scanner should now be ready for use. Here is how to use it:
- Access the scanner and register a user by selecting the Register tab and entering a user's details.
- Login as the user by selecting the Login tab and entering an email address and password.
- To crawl a website and display all URLs belonging to the website, select the Crawler tab, enter a URL to crawl and click "Start Crawl".
- To scan a website, select the Scanner tab, enter a URL to scan and click "Start Scan".
Source: www.effecthacking.com
WebVulScan - Web Application Vulnerability Scanner
Reviewed by Anonymous
on
7:11 AM
Rating: