5315 matches found
server_header
This plugin GETs the server header and saves the result to the knowledge base. Nothing strange, just do a GET request to the url and save the server headers to the kb. A smarter way to check the server type is with the hmap plugin. Plugin type Infrastructure Options This plugin doesnt have any us...
mx_injection
This plugin will find MX injections. This kind of web application errors are mostly seen in webmail software. The tests are simple, for every injectable parameter a string with special meaning in the mail server is sent, and if in the response I find a mail server error, a vulnerability was found...
ssn
This plugins scans every response page to find the strings that are likely to be the US social security numbers. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to...
import_results
This plugin serves as an entry point for the results of other tools that identify URLs. The plugin reads from different input files and directories and creates the fuzzable requests which are needed by the audit plugins. Two configurable parameter exist: inputcsv inputburp One or more of these ne...
feeds
This plugin greps every page and finds rss, atom, opml feeds on them. This may be usefull for determining the feed generator and with that, the framework being used. Also this will be helpful for testing feed injection. Plugin type Grep Options This plugin doesnt have any user configured options...
hash_analysis
This plugin identifies hashes in HTTP responses. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin source code...
phishtank
This plugin searches the domain being tested in the phishtank database. If your site is in this database the chances are that you were hacked and your server is now being used in phishing attacks. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more...
hmap
This plugin fingerprints the remote web server and tries to determine the server type, version and patch level. It uses fingerprinting, not just the Server header returned by remote server. This plugin is a wrapper for Dustin Lees hmap. One configurable parameters exist: genFpF If genFpF is set t...
generic
This plugin finds all kind of bugs without using a fixed database of errors. This is a new kind of methodology that solves the main problem of most web application security scanners. Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- diffratio | float |...
csv_file
This plugin exports all identified vulnerabilities and informations to the given CSV file. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- outputfile | outputfile | output-w3af.csv | The name of the outp...
http_auth_detect
This plugin greps every page and finds responses that indicate that the resource requires authentication. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understa...
blind_sqli
This plugin finds blind SQL injections using two techniques: time delays and true/false response comparison. Only one configurable parameters exists: eqlimit Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- eqlimit | float | 0.9 | String equal ratio 0...
error_pages
This plugin scans every page for error pages, and if possible extracts the web server or programming framework information. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the sourc...
shift_out_in_between_dots
This evasion plugin insert between dots shift-in and shift-out control characters which are cancelled each other when they are below so some ".." filters are bypassed Example: Input: ../../etc/passwd Output: .%0E%0F./.%0E%0F./etc/passwd Plugin type Evasion Options This plugin doesnt have any user...
dom_xss
This plugin greps every page for traces of DOM XSS. An interesting paper about DOM XSS can be found here: http://www.webappsec.org/projects/articles/071105.shtml Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the...
user_defined_regex
This plugin greps every response for a user defined regex. You can specify a single regex or an entire file of regexes each line one regex, if both are specified, the singleregex will be added to the list of regular expressions extracted from the file. A list of example regular expressions can be...
strange_http_codes
Analyze HTTP response codes sent by the remote web application and report uncommon findings. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly...
favicon_identification
This plugin identifies software version using favicon.ico file. It checks MD5 of favicon against the MD5 database of favicons. See also: http://www.owasp.org/index.php/Category:OWASPFaviconDatabaseProject http://kost.com.hr/favicon.php Plugin type Infrastructure Options This plugin doesnt have an...
robots_txt
This plugin searches for the robots.txt file, and parses it. This file is used to as an ACL that defines what URLs a search engine can access. By parsing this file, you can get more information about the target web application. Plugin type Crawl Options This plugin doesnt have any user configured...
strange_headers
This plugin greps all headers for non-common headers. This could be useful to identify special modules and features added to the server. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres...