5335 matches found
xss_protection_header
This plugin detects insecure usage of the "X-XSS-Protection" header as explained in the MSDN blog article "Controlling the XSS Filter". Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres alwa...
import_results
This plugin serves as an entry point for the results of other tools that identify URLs. The plugin reads from different input files and directories and creates the fuzzable requests which are needed by the audit plugins. Two configurable parameter exist: inputcsv inputburp One or more of these ne...
favicon_identification
This plugin identifies software version using favicon.ico file. It checks MD5 of favicon against the MD5 database of favicons. See also: http://www.owasp.org/index.php/Category:OWASPFaviconDatabaseProject http://kost.com.hr/favicon.php Plugin type Infrastructure Options This plugin doesnt have an...
rnd_case
This evasion plugin changes the case of random letters. Example: Input: /bar/foo.asp Output : /BAr/foO.Asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to...
feeds
This plugin greps every page and finds rss, atom, opml feeds on them. This may be usefull for determining the feed generator and with that, the framework being used. Also this will be helpful for testing feed injection. Plugin type Grep Options This plugin doesnt have any user configured options...
shared_hosting
This plugin tries to find out if the web application under test is stored in a shared hosting. The procedure is pretty simple, using bing search engine, the plugin searches for "ip:1.2.3.4" where 1.2.3.4 is the IP address of the webserver. One configurable option exists: resultlimit Fetch the fir...
http_vs_https_dist
This plugin analyzes the network distance between the HTTP and HTTPS ports giving a detailed report of the traversed hosts in transit to target:port. You should have root/admin privileges in order to run this plugin succesfully. Explicitly declared ports on the entered target override those...
motw
This plugin will specify whether the page is compliant against the MOTW standard. The standard is explained in: http://msdn2.microsoft.com/en-us/library/ms537628.aspx This plugin tests if the length of the URL specified by "XYZW" is lower, equal or greater than the length of the URL; and also...
code_disclosure
This plugin greps every page in order to find code disclosures. Basically it greps for ?.? and %.% using the re module and reports findings. Code disclosures are usually generated due to web server misconfigurations, or wierd web application "features". Plugin type Grep Options This plugin doesnt...
url_session
This plugin finds URLs which contain a parameter that stores the session ID. This configuration leaves the session id exposed in browser and server logs, and is also leaked through the HTTP referrer header. Plugin type Grep Options This plugin doesnt have any user configured options. Source For...
finger_pks
This plugin finds mail addresses in PGP PKS servers. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin...
generic
This authentication plugin can login to web application with generic authentication schema. Seven configurable parameters exist: username password usernamefield passwordfield authurl checkurl checkstring Plugin type Auth Options Name | Type | Default Value | Description | Help ---|---|---|---|---...
content_negotiation
This plugin uses HTTP content negotiation to find new resources. The plugin has three distinctive phases: Identify if the web server has content negotiation enabled. For every resource found by any other plugin, perform a request to find new related resources. For example, if another plugin finds...
xpath
This plugin finds XPATH injections. To find this vulnerabilities the plugin sends the string "dz0" to every injection point, and searches the response for XPATH errors. Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and...
file_upload
This plugin greps every page for forms with file upload capabilities. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood:...
server_header
This plugin GETs the server header and saves the result to the knowledge base. Nothing strange, just do a GET request to the url and save the server headers to the kb. A smarter way to check the server type is with the hmap plugin. Plugin type Infrastructure Options This plugin doesnt have any us...
private_ip
This plugin greps every page body and headers for private IP addresses. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood:...
pykto
This plugin is a nikto port to python. It uses the scandatabase file from nikto to search for new and vulnerable URLs. The following configurable parameters exist: cgidirs admindirs nukedirs extradbfile mutatetests This plugin reads every line in the scandatabase and extradbfile and based on the...
get_emails
This plugin greps every page for emails, these can be used in other places, like bruteforce plugins, and are of great value when doing a complete information security assessment. Plugin type Grep Options Name | Type | Default Value | Description | Help ---|---|---|---|--- onlytargetdomain | boole...
csv_file
This plugin exports all identified vulnerabilities and informations to the given CSV file. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- outputfile | outputfile | output-w3af.csv | The name of the outp...