5327 matches found
password_profiling
This plugin creates a list of possible passwords by reading responses and counting the most common words. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understa...
os_commanding
This plugin will find OS commanding vulnerabilities. The detection is performed using two different techniques: Time delays Writing a known file to the HTML output With time delays, the plugin sends specially crafted requests that, if the vulnerability is present, will delay the response for 5...
wsdl_greper
This plugin greps every page for WSDL definitions. Not all wsdls are found appending "?WSDL" to the url like crawl.wsdlfinder plugin does, this grep plugin will find some wsdls that arent found by the crawl plugin. Plugin type Grep Options This plugin doesnt have any user configured options. Sour...
halberd
This plugin tries to find if an HTTP Load balancer is present. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood:...
url_session
This plugin finds URLs which contain a parameter that stores the session ID. This configuration leaves the session id exposed in browser and server logs, and is also leaked through the HTTP referrer header. Plugin type Grep Options This plugin doesnt have any user configured options. Source For...
xssed_dot_com
This plugin searches the xssed.com database and parses the result. The information stored in that database is useful to know about previous XSS vulnerabilities in the target website. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more informatio...
archive_dot_org
This plugin does a search in archive.org and parses the results. It then uses the results to find new URLs in the target site. This plugin is a time machine ! Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- maxdepth | integer | 3 | Maximum recursion...
phishing_vector
This plugins finds phishing vectors in web applications, for example, a bug of this type is found if I request the URL "http://site.tld/asd.asp?info=http://attacker.tld" and in the response HTML the web application sends: … iframe src="http://attacker.tld" …. Plugin type Audit Options This plugin...
ldapi
This plugin will find LDAP injections by sending a specially crafted string to every parameter and analyzing the response for LDAP errors. Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres...
form_autocomplete
This plugin greps every page for autocomplete-able forms containing password-type inputs. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats...
code_disclosure
This plugin greps every page in order to find code disclosures. Basically it greps for ?.? and %.% using the re module and reports findings. Code disclosures are usually generated due to web server misconfigurations, or wierd web application "features". Plugin type Grep Options This plugin doesnt...
sqli
This plugin finds SQL injections. To find this vulnerabilities the plugin sends the string dz"0 to every injection point, and searches for SQL errors in the response body. Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin...
server_header
This plugin GETs the server header and saves the result to the knowledge base. Nothing strange, just do a GET request to the url and save the server headers to the kb. A smarter way to check the server type is with the hmap plugin. Plugin type Infrastructure Options This plugin doesnt have any us...
mx_injection
This plugin will find MX injections. This kind of web application errors are mostly seen in webmail software. The tests are simple, for every injectable parameter a string with special meaning in the mail server is sent, and if in the response I find a mail server error, a vulnerability was found...
ssn
This plugins scans every response page to find the strings that are likely to be the US social security numbers. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to...
feeds
This plugin greps every page and finds rss, atom, opml feeds on them. This may be usefull for determining the feed generator and with that, the framework being used. Also this will be helpful for testing feed injection. Plugin type Grep Options This plugin doesnt have any user configured options...
hash_analysis
This plugin identifies hashes in HTTP responses. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin source code...
hmap
This plugin fingerprints the remote web server and tries to determine the server type, version and patch level. It uses fingerprinting, not just the Server header returned by remote server. This plugin is a wrapper for Dustin Lees hmap. One configurable parameters exist: genFpF If genFpF is set t...
generic
This plugin finds all kind of bugs without using a fixed database of errors. This is a new kind of methodology that solves the main problem of most web application security scanners. Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- diffratio | float |...
csv_file
This plugin exports all identified vulnerabilities and informations to the given CSV file. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- outputfile | outputfile | output-w3af.csv | The name of the outp...