Web vulnerability scanners

I'll only consider free or "semi"-free tools.

Vega

Vega is a free and open-source web security scanning tool and testing platform designed to evaluate the security of web applications. It assists in the identification and validation of vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), inadvertent data disclosure, and more. Vega is built in Java, offers a user-friendly GUI, and is compatible with Linux, OS X, and Windows.

  1. Access the "Scan" option in the menu bar and choose "Start New Scan" from the available selections.

  2. The "Select a Scan Target" window will appear on the screen. Make sure the "Enter a base URI for scan" radio button is selected within the "Scan Target" section.

  3. In the "Enter a base URI for scan" field, input the target URL as follows: "http://<Target IP>:<PORT><path>"

  4. The "Select Modules" wizard will open. Double-click on both checkboxes (Injection Modules and Response Processing Modules) to select all available options.

  5. In the "Authentication Options" wizard, maintain the default settings and click "Next."

  6. In the "Parameters" wizard, keep the settings at their default values and click "Finish" to commence the scan.

  7. A "Follow Redirect?" pop-up will appear; click "Yes" to proceed.

  8. Vega will initiate the scan of the target website for vulnerabilities. Keep an eye on the "Scanner Progress" bar and wait for it to complete.

  9. Once the scan is finished, the identified vulnerabilities will be listed under "Scan Alert Summary."

  10. On the left-hand side, under "Scan Alerts," expand the nodes to explore the complete results of the vulnerability scan. Choose any of the discovered vulnerabilities to display details on the corresponding page, much like what's shown in the dashboard section in the provided screenshot.

Nikto

Nikto is a free software command-line web vulnerability scanner.

It is available in Kali Linux.

59KB
NIkto-Cheat-Sheet.pdf
pdf
Here is a nice cheat-sheet for Nikto

WPSscan

WPScan is a scanning tool specifically designed for WordPress websites.

To scan a WordPress website wpscan --url <Target URL>.

This command initiates a scan with default settings, striking a balance between speed and accuracy. It checks plugins passively and actively determines their versions. Additionally, it examines potential configuration backup files and other noteworthy findings.

For a more discreet or stealthy approach, you can utilize wpscan --stealthy --url <Target URL>. In this mode, when you employ the --enumerate option, remember to adjust the --plugins-detection setting as the default is 'passive'. This allows you to tailor the scan to your specific needs while keeping it less conspicuous.

Full user documentation can be found here; https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation

"WPScan CLI tool uses the WordPress Vulnerability Database API to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the --api-token option, or via a configuration file. An API token can be obtained by registering an account on WPScan.com.

Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data."

To use API Token: wpscan --api-token [API Token] --url<Target URL>

PwnXSS

PwnXSS is an open-source XSS scanner that is used to detect cross-site scripting (XSS) vulnerabilities in websites. It is a multiprocessing and customizable tool written in Python language.

Default command: python3 pwnxss.py -u <Target URL>

The PwnXSS tool starts scanning and displays the identified vulnerable website links.

To verify copy paste the link into a browser.

PreviousWeb ShellsNextSQL Injection

Last updated