5335 matches found
rnd_hex_encode
This evasion plugin adds random hex encoding. Example: Input: /bar/foo.asp Output : /b%61r/%66oo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand...
error_pages
This plugin scans every page for error pages, and if possible extracts the web server or programming framework information. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the sourc...
ssl_certificate
This plugin audits SSL certificate parameters. One configurable parameter exists: minExpireDays CA PEM file path Note: Its only usefull when testing HTTPS sites. Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- minExpireDays | integer | 30 | Set minim...
http_auth_detect
This plugin greps every page and finds responses that indicate that the resource requires authentication. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understa...
halberd
This plugin tries to find if an HTTP Load balancer is present. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood:...
wordnet
This plugin finds new URLs using wn. An example is the best way to explain what this plugin does, lets suppose that the input for this plugin is: http://a/index.asp?color=blue The plugin will search the wordnet database for words that are related with "blue", and return for example: "black" and...
strange_headers
This plugin greps all headers for non-common headers. This could be useful to identify special modules and features added to the server. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres...
ssi
This plugin finds server side include SSI vulnerabilities. Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin source...
svn_users
This plugin greps every page for users of the versioning system. Sometimes the HTML pages are versioned using CVS or SVN, if the header of the versioning system is saved as a comment in this page, the user that edited the page will be saved on that header and will be added to the knowledge base...
redos
This plugin finds ReDoS regular expression DoS vulnerabilities as explained here: http://en.wikipedia.org/wiki/ReDoS Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code...
dot_net_event_validation
ASP.NET implements a method to verify that every postback comes from the corresponding control, which is called EventValidation. In some cases the developers disable this kind of verifications by adding EnableEventValidation="false" to the .aspx file header, or in the web.config or system.config...
rnd_param
This evasion plugin adds a random parameter. Example: Input: /bar/foo.asp Output : /bar/foo.asp?alsfkj=f09 Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to...
detect_transparent_proxy
This plugin tries to detect transparent proxies. The procedure for detecting transparent proxies is simple, I try to connect to a series of IP addresses, to the port 80, if all of them return an opened socket, then its the proxy server responding. Plugin type Infrastructure Options This plugin...
digit_sum
This plugin tries to find new URLs by changing the numbers that are present on it. Two configurable parameters exist: fuzzImages maxDigitSections An example will clarify what this plugin does, lets suppose that the input for this plugin is: http://host.tld/index1.asp This plugin will request:...
export_requests
This plugin exports all discovered HTTP requests URL, Method, Params to the given file CSV which can then be imported in another scan by using the crawl.importresults. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help...
path_disclosure
This plugin greps every page for path disclosure vulnerabilities like: C:\www\files\… /var/www/htdocs/… The results are saved to the KB, and used by all the plugins that need to know the location of a file inside the remote web server. Plugin type Grep Options This plugin doesnt have any user...
console
This plugin writes the framework messages to the console. One configurable parameter exists: verbose Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- verbose | boolean | False | Enables verbose output for the console | No detailed help available Sour...
ldapi
This plugin will find LDAP injections by sending a specially crafted string to every parameter and analyzing the response for LDAP errors. Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres...
xst
This plugin finds the Cross Site Tracing XST vulnerability. No configurable paramaters are available. The TRACE method echos back requests sent to it. This plugin sends a TRACE request to the server and if the request is echoed back then XST is confirmed. Plugin type Audit Options This plugin...
generic
This plugin finds all kind of bugs without using a fixed database of errors. This is a new kind of methodology that solves the main problem of most web application security scanners. Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- diffratio | float |...