Web应用程序漏洞扫描器 Webvulscan

jopen 13年前

WebVulScan是一个Web应用程序漏洞扫描器。它是基于PHP编写的。可以用来测试远程或本地的Web应用程序的安全漏洞。扫描完成后,可以通过电子邮件将详细的扫描结果发送给用户,该报告包含了漏洞的地址和建议,以及如何利用每一个漏洞的细节。

WebVulScan测试的漏洞包含如下:
反射性跨站
存储型跨站
SQL注入
不正常的身份验证使用SQL注入
启用自动填充的密码字段
潜在不安全的直接对象引用
遍历目录
SSL证书不被信任
未经验证的重定向

  • Reflected Cross-Site Scripting
  • Stored Cross-Site Scripting
  • Standard SQL Injection
  • Broken Authentication using SQL Injection
  • Autocomplete Enabled on Password Fields
  • Potentially Insecure Direct Object References
  • Directory Listing Enabled
  • HTTP Banner Disclosure
  • SSL Certificate not Trusted
  • Unvalidated Redirects
WebVul特点:
  • Crawler: Crawls a website to identify and display all URLs belonging to the website.
  • Scanner: Crawls a website and scans all URLs found for vulnerabilities.
  • Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
  • Register: Allows a user to register with the web application.
  • Login: Allows a user to login to the web application.
  • Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
  • PDF Generation: Dynamically generates a detailed PDF report.
  • Report Delivery: The PDF report is emailed to the user as an attachment.

项目主页:http://www.open-open.com/lib/view/home/1337693327136