Taipan - Web Application Security Scanner

2018-03-18T21:25:16
ID KITPLOIT:4985908317145289474
Type kitploit
Reporter KitPloit
Modified 2018-03-18T21:25:16

Description

_ Taipan _ is a an automated web application scanner which allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which include other components, like a web dashboard where you can manage your scan or download a PDF report and a scanner agent to run on specific host. Below are some screenshots of the _ Taipan _ dashboard:

If you are interested in trying the full product, you can contact: aparata[AT]gmail.com
Download

Using Taipan
_ Taipan _ can run on both Windows (natively) and Linux (with mono). To run it in Linux you have to install mono in version >= 4.8.0. You can track the implementation of the new features in the related Kanban board .

Scan Profile
_ Taipan _ allow to scan the given web site by specify different kind of profiles. Each profile enable or disable a specific scan feature, to show all the available profile just run _ Taipan _ with the _ --show-profiles _ option.

Scan/Stop/Pause a scan
During a scan you can interact with it by set the scan in Pause or Stop it if necessary. In order to do so you have to press:

  • P: pause the scan
  • S: stop the scan
  • R: resume a paused scan The state change is not immediate and you have to wait until all threads have reached the desider state.

Launch a scan
To launch a new scan you have to provide the _ url _ and the _ profile _ which must be used. It is not necessary to specify the full profile name, a prefix is enough. Below an example of execution:

Taipan Components
_ Taipan _ is composed of four main components:

  • Web Application fingerprinter: it inspects the given application in order to identify if it is a COTS application. If so, it extracts the identified version.
  • Hidden Resource Discovery: this component scans the application in order to identify resources that are not directly navigable or that shouldn't be accessed, like secret pages or test pages.
  • Crawler: This component navigates the web site in order to provide to the other components a list of pages to analyze. It allows to mutate the request in order to find not so common pathes.
  • Vulnerability Scanner: this component probes the web application and tries to identify possible vulnerabilities. It is composed of various AddOn in order to easily expand its Knowledge Base.

Download Taipan