Web應用程序漏洞掃描器 Webvulscan
WebVulScan是一個Web應用程序漏洞掃描器。它是基于PHP編寫的。可以用來測試遠程或本地的Web應用程序的安全漏洞。掃描完成后,可以通過電子郵件將詳細的掃描結果發送給用戶,該報告包含了漏洞的地址和建議,以及如何利用每一個漏洞的細節。
WebVulScan測試的漏洞包含如下:
反射性跨站
存儲型跨站
SQL注入
不正常的身份驗證使用SQL注入
啟用自動填充的密碼字段
潛在不安全的直接對象引用
遍歷目錄
SSL證書不被信任
未經驗證的重定向
- Reflected Cross-Site Scripting
- Stored Cross-Site Scripting
- Standard SQL Injection
- Broken Authentication using SQL Injection
- Autocomplete Enabled on Password Fields
- Potentially Insecure Direct Object References
- Directory Listing Enabled
- HTTP Banner Disclosure
- SSL Certificate not Trusted
- Unvalidated Redirects
- Crawler: Crawls a website to identify and display all URLs belonging to the website.
- Scanner: Crawls a website and scans all URLs found for vulnerabilities.
- Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
- Register: Allows a user to register with the web application.
- Login: Allows a user to login to the web application.
- Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
- PDF Generation: Dynamically generates a detailed PDF report.
- Report Delivery: The PDF report is emailed to the user as an attachment.
本文由用戶 jopen 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!