5335 matches found
full_width_encode
This evasion plugin does full width encoding as described here: http://www.kb.cert.org/vuls/id/739224 Example: Input: /bar/foo.asp Output : /b%uFF61r/%uFF66oo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the...
sqli
This plugin finds SQL injections. To find this vulnerabilities the plugin sends the string dz"0 to every injection point, and searches for SQL errors in the response body. Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin...
credit_cards
This plugins scans every response page to find the strings that are likely to be credit card numbers. It can be tested against the following URL: https://www.paypal.com/enUS/vhelp/paypalmanagerhelp/creditcardnumbers.htm Plugin type Grep Options This plugin doesnt have any user configured options...
lang
This plugin reads N pages and determines the language the site is written in. This is done by saving a list of prepositions in different languages, and counting the number of matches on every page. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more...
wsdl_greper
This plugin greps every page for WSDL definitions. Not all wsdls are found appending "?WSDL" to the url like crawl.wsdlfinder plugin does, this grep plugin will find some wsdls that arent found by the crawl plugin. Plugin type Grep Options This plugin doesnt have any user configured options. Sour...
find_jboss
This plugin identifies JBoss installation directories and possible security vulnerabilities. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand...
response_splitting
This plugin will find response splitting vulnerabilities. The detection is done by sending "w3af\r\nVulnerable: Yes" to every injection point, and reading the response headers searching for a header with name "Vulnerable" and value "Yes". Plugin type Audit Options This plugin doesnt have any user...
http_in_body
This plugin searches for HTTP responses that contain other HTTP request/responses in their response body. This situation is mostly seen when programmers enable some kind of debugging for the web application, and print the original request in the response HTML as a comment. Plugin type Grep Option...
rnd_path
This evasion plugin adds a random path to the URI. Example: Input: /bar/foo.asp Output : /aflsasfasfkn/../bar/foo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source...
oracle
This plugin greps every page for oracle messages, versions, etc. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin...
cache_control
This plugin analyzes every HTTPS response and reports instances of incorrect cache control which might lead the users browser to cache sensitive contents on their system. The expected headers for HTTPS responses are: Pragma: No-cache Cache-control: No-store Plugin type Grep Options This plugin...
analyze_cookies
This plugin greps every response for session cookies that the web application sends to the client, and analyzes them in order to identify potential vulnerabilities, the remote web application framework and other interesting information. Plugin type Grep Options This plugin doesnt have any user...
sed
This plugin is a stream editor for web requests and responses. Three configurable parameters exist: priority expressions fixContentLen Stream edition expressions are strings that tell the sed plugin what to change. Sed plugin uses regular expressions, some examples: qh/User/NotLuser/ This will ma...
xss_protection_header
This plugin detects insecure usage of the "X-XSS-Protection" header as explained in the MSDN blog article "Controlling the XSS Filter". Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres alwa...
import_results
This plugin serves as an entry point for the results of other tools that identify URLs. The plugin reads from different input files and directories and creates the fuzzable requests which are needed by the audit plugins. Two configurable parameter exist: inputcsv inputburp One or more of these ne...
favicon_identification
This plugin identifies software version using favicon.ico file. It checks MD5 of favicon against the MD5 database of favicons. See also: http://www.owasp.org/index.php/Category:OWASPFaviconDatabaseProject http://kost.com.hr/favicon.php Plugin type Infrastructure Options This plugin doesnt have an...
rnd_case
This evasion plugin changes the case of random letters. Example: Input: /bar/foo.asp Output : /BAr/foO.Asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to...
feeds
This plugin greps every page and finds rss, atom, opml feeds on them. This may be usefull for determining the feed generator and with that, the framework being used. Also this will be helpful for testing feed injection. Plugin type Grep Options This plugin doesnt have any user configured options...
shared_hosting
This plugin tries to find out if the web application under test is stored in a shared hosting. The procedure is pretty simple, using bing search engine, the plugin searches for "ip:1.2.3.4" where 1.2.3.4 is the IP address of the webserver. One configurable option exists: resultlimit Fetch the fir...
http_vs_https_dist
This plugin analyzes the network distance between the HTTP and HTTPS ports giving a detailed report of the traversed hosts in transit to target:port. You should have root/admin privileges in order to run this plugin succesfully. Explicitly declared ports on the entered target override those...