转:WebCruiser Web Vulnerability Scanner 3.1.0 测评

WebCruiser是一款轻量级的Web高危漏洞扫描器,相对于其它大型扫描器,WebCruiser的典型特点是只扫高危漏洞,并且可以只扫指定的漏洞类型,可以只扫指定的URL,可以只扫指定的页面。当然也可以进行全站扫描。其从3.1.0版本开始,通过WAVSEP(扫描器评估) v1.5进行检测评估,已经100%覆盖SQL注入和跨站的全部用例。

WebCruiser Web Vulnerability Scanner 3.1.0 Test Report

1.  Test Report

1.1. SQL Injection Test Report


Input Vector
Test Cases
Cases Count
Report
Pass Rate

GET Input Vector
Erroneous 500 Responses
19
19
100%

Erroneous 200 Responses
19
19
100%

200 Responses With Differentiation
19
19
100%

Identical 200 Responses
8
8
100%

POST Input Vector
Erroneous 500 Responses
19
19
100%

Erroneous 200 Responses
19
19
100%

200 Responses With Differentiation
19
19
100%

Identical 200 Responses
8
8
100%

GET Input Vector – Experimental
Insert / Delete / Other
1
1
100%

POST Input Vector - Experimental
Insert / Delete / Other
1
1
100%

1.2. XSS Test Report


Input Vector
Test Cases
Cases Count
Report
Pass Rate

GET Input Vector
ReflectedXSS
32
32
100%

POST Input Vector
ReflectedXSS
32
32
100%

Cookie Input Vector - Experimental
ReflectedXSS
1
1
100%

GET Input Vector - Experimental
ReflectedXSS
11
11
100%

POST Input Vector - Experimental
ReflectedXSS
11
11
100%

GET Input Vector - Experimental
DomXSS
4
4
100%

1.3. LFI Test Report


Input Vector
Test Cases
Cases Count
Report
Pass Rate

Get Input Vector
Erroneous HTTP 500 Responses
68
68
100%

Erroneous HTTP 404 Responses
68
68
100%

Erroneous HTTP 200 Responses
68
68
100%

HTTP 302 Redirect Responses
68
68
100%

HTTP 200 Responses With Differentiation
68
68
100%

HTTP 200 Responses with Default File on Error
68
68
100%

POST Input Vector
Erroneous HTTP 500 Responses
68
68
100%

Erroneous HTTP 404 Responses
68
68
100%

Erroneous HTTP 200 Responses
68
68
100%

HTTP 302 Redirect Responses
68
68
100%

HTTP 200 Responses With Differentiation
68
68
100%

HTTP 200 Responses with Default File on Error
68
68
100%

1.4. RFI Test Report


Input Vector
Test Cases
Cases Count
Report
Pass Rate

Get Input Vector
Erroneous HTTP 500 Responses
9
9
100%

Erroneous HTTP 404 Responses
9
9
100%

Erroneous HTTP 200 Responses
9
9
100%

HTTP 302 Redirect Responses
9
9
100%

HTTP 200 Responses With Differentiation
9
9
100%

HTTP 200 Responses with Default File on Error
9
9
100%

POST Input Vector
Erroneous HTTP 500 Responses
9
9
100%

Erroneous HTTP 404 Responses
9
9
100%

Erroneous HTTP 200 Responses
9
9
100%

HTTP 302 Redirect Responses
9
9
100%

HTTP 200 Responses With Differentiation
9
9
100%

HTTP 200 Responses with Default File on Error
9
9
100%

1.5. Redirect Test Report


Input Vector
Test Cases
Cases Count
Report
Pass Rate

Get Input Vector
HTTP 302 Redirect Responses
15
15
100%

HTTP 200 Responses With Javascript Redirect
15
15
100%

POST Input Vector
HTTP 302 Redirect Responses
15
15
100%

HTTP 200 Responses With Javascript Redirect
15
15
100%

1.6. False Positive Test Report


False Vuln
Test Cases
Cases Count
Report
Pass Rate

SQL Injection
False Positive
10
0
100%

XSS
False Positive
7
0
100%

2.  Test Environment

2.1. Product and Test Cases

WAVSEP (Web Application Vulnerability Scanner Evaluation Project) v1.5

WAVSEP Environment: Windows8.1 + XAMPP (Tomcat + MySQL)

WebCruiser Web Vulnerability Scanner Enterprise Edition V3.1.0

2.2. Test Scope

This test report includes the following vulnerabilities:

  • SQL Injection
  • Cross-site Scripting(XSS)
  • LFI(Local File Inclusion)
  • RFI(Remote File Inclusion)
  • Redirect

Other test cases are not included.

2.3. Test Method

In order to get the test results quickly, we use a new feature of WebCruiser Web Vulnerability Scanner, which is “Scan Page”, which means it will scan all links in a page once a time. This function requires that the links locate under the same or sub directory, links under other directories will be skipped.

When start a new page scan, click “Reset Scanner” to clear previous result, and navigate to new page, and then click “ScanPage”

原始测试报告参见:http://www.janusec.com/download/WebCruiser_Web_Vulnerability_Scanner_Test_Report.pdf

时间: 2024-10-12 13:57:07

转:WebCruiser Web Vulnerability Scanner 3.1.0 测评的相关文章

Web Vulnerability Scanner 破解

WebCruiser Web Vulnerability Scanner 破解 破解版大多捆绑了木马病毒,还是直接从官方下载吧(WebCruiser官方网站),然后输入下面的注册码: 用户名: WWW 注册码: 870375-1968169427 即可解除限制. 相对于其它扫描器,WebCruiser的典型特点是只扫高危漏洞,并且可以只扫指定的漏洞类型(SQL注入.跨站.本地文件包含.远程文件包含.重定向 等),可以只扫指定的URL,可以只扫指定的页面. 当然也可以进行全站扫描. 其从3.1.0

【安全牛学习笔记】ACUNETIX WEB VULNERABILITY SCANNER

ACUNETIX WEB VULNERABILITY SCANNER 自动手动爬网,支持AJAX.JavaScript AcuSensor灰盒测试 发现爬网无法发现文件 额外的漏洞扫描 可发现存在漏洞的源码行号 支持PHP..NET(不获取源码的情况下注入已编编译.NET) 生成PCI.27001标准和规报告 网络扫描 FTP,DNS,SMTP,IMAP,POP3,SSH,SNMP,Telent 集成openvas扫描漏洞 [email protected]:~# cp /media/sf_D_

Acunetix Web Vulnerability Scanner Python辅助脚本

WvsScannerQueue.pyVersion: Python 2.7.* Acunetix Web Vulnerability Scanner 辅助Python脚本的第一个版本.功能:扫描URL.TXT文件中所有URL扫描完成一个URL后立即过滤报告,并且提权漏洞标题发送给自己 存在的问题:扫描一些网站很慢毕竟这个就是调用Acunetix Web Vulnerability Scanner 的Console端直接进行扫描的有时候扫描个网站好几天,没有写相应的方法去取消,以后看写不写 有时候

【安全牛学习笔记】?ACUNETIX WEB VULNERABILITY SCANNER

ACUNETIX WEB VULNERABILITY SCANNER 自动手动爬网,支持AJAX.JavaScript AcuSensor灰盒测试 发现爬网无法发现文件 额外的漏洞扫描 可发现存在漏洞的源码行号 支持PHP..NET(不获取源码的情况下注入已编编译.NET) 生成PCI.27001标准和规报告 网络扫描 FTP,DNS,SMTP,IMAP,POP3,SSH,SNMP,Telent 集成openvas扫描漏洞 [email protected]:~# cp /media/sf_D_

Acunetix Web Vulnerability Scanner 11.x

AWVS11使用教程(少于一百五十字禁止发布,先凑下字数~) Acunetix Web Vulnerability Scanner(简称AWVS)是一款知名的网络漏洞扫描工具,它通过网络爬虫测试你的网站安全,检测流行安全漏洞. 吾爱破解下载: http://www.52pojie.cn/thread-609275-1-1.html 如需登录扫描看下面这些: 凑字数~ Audit your website securityFirewalls, SSL and hardened networks a

Acunetix Web Vulnarability Scanner V10.5 详细中文手册

目录: 0×00.什么是Acunetix Web Vulnarability Scanner ( What is AWVS?) 0×01.AWVS安装过程.主要文件介绍.界面简介.主要操作区域简介(Install AWVS and GUI Description) 0×02.AWVS的菜单栏.工具栏简介(AWVS menu bar & tools bar) 0×03. 开始一次新扫描之扫描类型.扫描参数详解(Scan Settings.Scanning Profiles) 0×04.AWVS的应

Python Ethical Hacking - VULNERABILITY SCANNER(2)

VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check

Python Ethical Hacking - VULNERABILITY SCANNER(7)

VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to the web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to ch

未能加载文件或程序集“System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35”或它的某一个依赖项。系统找不到指定的文件

ASP.NET 运行时错误:针对类型System.Web.Mvc.PreApplicationStartCode的应用程序邓启动初始化方法Start 引发了异常,显示下列错误消息: 未能加载文件或程序集"System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"或它的某一个依赖项.系统找不到指定的文件 aspx项目,加cshtml 后删 除cshtml 少这三