转:WebCruiser Web Vulnerability Scanner 3 测评

最新推荐文章于 2024-01-09 15:36:08 发布
最新推荐文章于 2024-01-09 15:36:08 发布
阅读量212 收藏
点赞数
文章标签: 数据库 java javascript ViewUI
原文链接:http://www.cnblogs.com/-U2-/p/4258408.html
版权

WebCruiser是一款Web高危漏洞扫描器,相对于其它大型扫描器,WebCruiser的典型特点是聚焦高危漏洞,且可以只扫指定的漏洞类型,可以只扫指定的URL,可以只扫指定的页面。当然也可以进行全站扫描。其从3.0版本开始,通过WAVSEP(扫描器评估) v1.5进行检测评估,已经100%覆盖SQL注入和跨站的全部用例。

WebCruiser安全扫描工具使用手册V3下载    

在线查看:

http://www.docin.com/p-1059883525.html

 

 

WebCruiser Web Vulnerability Scanner 3 Test Report

 

1.  Test Report

1.1. SQL Injection Test Report

Input Vector

Test Cases

Cases Count

Report

Pass Rate

GET Input Vector

Erroneous 500 Responses

19

19

100%

Erroneous 200 Responses

19

19

100%

200 Responses With Differentiation

19

19

100%

Identical 200 Responses

8

8

100%

POST Input Vector

Erroneous 500 Responses

19

19

100%

Erroneous 200 Responses

19

19

100%

200 Responses With Differentiation

19

19

100%

Identical 200 Responses

8

8

100%

GET Input Vector – Experimental

Insert / Delete / Other

1

1

100%

POST Input Vector - Experimental

Insert / Delete / Other

1

1

100%

1.2. XSS Test Report

Input Vector

Test Cases

Cases Count

Report

Pass Rate

GET Input Vector

ReflectedXSS

32

32

100%

POST Input Vector

ReflectedXSS

32

32

100%

Cookie Input Vector - Experimental

ReflectedXSS

1

1

100%

GET Input Vector - Experimental

ReflectedXSS

11

11

100%

POST Input Vector - Experimental

ReflectedXSS

11

11

100%

GET Input Vector - Experimental

DomXSS

4

4

100%

1.3. LFI Test Report

Input Vector

Test Cases

Cases Count

Report

Pass Rate

Get Input Vector

Erroneous HTTP 500 Responses

68

68

100%

Erroneous HTTP 404 Responses

68

68

100%

Erroneous HTTP 200 Responses

68

68

100%

HTTP 302 Redirect Responses

68

68

100%

HTTP 200 Responses With Differentiation

68

68

100%

HTTP 200 Responses with Default File on Error

68

68

100%

POST Input Vector

Erroneous HTTP 500 Responses

68

68

100%

Erroneous HTTP 404 Responses

68

68

100%

Erroneous HTTP 200 Responses

68

68

100%

HTTP 302 Redirect Responses

68

68

100%

HTTP 200 Responses With Differentiation

68

68

100%

HTTP 200 Responses with Default File on Error

68

68

100%

1.4. RFI Test Report

Input Vector

Test Cases

Cases Count

Report

Pass Rate

Get Input Vector

Erroneous HTTP 500 Responses

9

9

100%

Erroneous HTTP 404 Responses

9

9

100%

Erroneous HTTP 200 Responses

9

9

100%

HTTP 302 Redirect Responses

9

9

100%

HTTP 200 Responses With Differentiation

9

9

100%

HTTP 200 Responses with Default File on Error

9

9

100%

POST Input Vector

Erroneous HTTP 500 Responses

9

9

100%

Erroneous HTTP 404 Responses

9

9

100%

Erroneous HTTP 200 Responses

9

9

100%

HTTP 302 Redirect Responses

9

9

100%

HTTP 200 Responses With Differentiation

9

9

100%

HTTP 200 Responses with Default File on Error

9

9

100%

1.5. Redirect Test Report

Input Vector

Test Cases

Cases Count

Report

Pass Rate

Get Input Vector

HTTP 302 Redirect Responses

15

15

100%

HTTP 200 Responses With Javascript Redirect

15

15

100%

POST Input Vector

HTTP 302 Redirect Responses

15

15

100%

HTTP 200 Responses With Javascript Redirect

15

15

100%

1.6. False Positive Test Report

False Vuln

Test Cases

Cases Count

Report

Pass Rate

SQL Injection

False Positive

10

0

100%

XSS

False Positive

7

0

100%

2.  Test Environment

2.1. Product and Test Cases

WAVSEP (Web Application Vulnerability Scanner Evaluation Project) v1.5

WAVSEP Environment: Windows8.1 + XAMPP (Tomcat + MySQL)

WebCruiser Web Vulnerability Scanner Enterprise Edition V3.1.0

 

2.2. Test Scope

This test report includes the following vulnerabilities:

  •  SQL Injection
  •  Cross-site Scripting(XSS)
  •  LFI(Local File Inclusion)
  •  RFI(Remote File Inclusion)
  •  Redirect

Other test cases are not included.

2.3. Test Method

In order to get the test results quickly, we use a new feature of WebCruiser Web Vulnerability Scanner, which is “Scan Page”, which means it will scan all links in a page once a time. This function requires that the links locate under the same or sub directory, links under other directories will be skipped.

When start a new page scan, click “Reset Scanner” to clear previous result, and navigate to new page, and then click “ScanPage”

 

原始测试报告参见:http://www.janusec.com/download/WebCruiser_Web_Vulnerability_Scanner_Test_Report.pdf

转载于:https://www.cnblogs.com/-U2-/p/4258408.html

Phoebe201415
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
WebCruiser - Web Vulnerability Scanner(Web漏洞扫描器)
02-08
一个小巧但功能不凡的Web应用漏洞扫描器,能够对整个网站进行漏洞扫描,并能够对发现的漏洞(SQL注入,跨站脚本)进行验证;它也可以单独进行漏洞验证。 运行平台:Windows with .Net FrameWork 2.0或以上。 界面语言:英文版 功能简介: * 网站爬虫(目录及文件); * 漏洞扫描(SQL注入,跨站脚本); * 漏洞验证(SQL注入,跨站脚本); * SQL Server明文/字段回显/盲注; * MySQL字段回显/盲注; * Oracle字段回显/盲注; * DB2字段回显/盲注; * Access字段回显/盲注; * 管理入口查找; * GET/Post/Cookie 注入; * 搜索型注入延时; * 自动从自带浏览器获取Cookie进行认证; * 自动判断数据库类型; * 自动获取关键词; * 多线程; * 高级:代理、敏感词替换/过滤; * 报告; --------------------------------------------------- WebCruiser - Web Vulnerability Scanner A compact but powerful web security scanning tool! It has a Crawler and Vulnerability Scanner (SQL Injection, Cross Site Scripting). It can support not only scanning website, but also POC (Proof of concept) for web vulnerabilities: SQL Injection and Cross Site Scripting etc. Function: * Crawler(Site Directories And Files); * Vulnerability Scanner(SQL Injection, Cross Site Scripting); * POC(Proof of Concept): SQL Injection and Cross Site Scripting; * GET/Post/Cookie Injection; * SQL Server: PlainText/FieldEcho(Union)/Blind Injection; * MySQL/Oracle/DB2/Access: FieldEcho(Union)/Blind Injection; * Administration Entrance Search; * Password Hash of SQL Server/MySQL/Oracle Administrator; * Time Delay For Search Injection; * Auto Get Cookie From Web Browser For Authentication; * Multi-Thread; * Adcanced:Proxy,Escape Filter; * Report Output. Download: http://sec4app.com/download/WebCruiser.rar 帮助文档: CHM格式: http://sec4app.com/download/WebCruiserUserGuide.rar PDF格式: http://sec4app.com/download/WebCruiserUserGuide.pdf Demo视频: http://sec4app.com/files/Demo.html 不需要注册码;功能无限制。
Web Vulnerability Scanner10.5
03-15
Web Vulnerability Scanner 10.5 是一个专为检测Web应用程序安全漏洞而设计的重要工具。在信息化社会中,Web应用程序已经成为企业与用户交互的核心平台,然而,这些应用程序往往容易受到各种安全威胁,如SQL注入、跨...
WebCruiser - Web Vulnerability Scanner
weixin_34000916的博客
08-18 243
WebCruiser - Web Vulnerability Scanner不错的扫描工具 http://sec4app.com/download.htm
使用webcruiser扫描网站漏洞及防御
Python_0011的博客
01-01 1717
1.WebCruiser简介WebCruiser Web VulnerabilityScanner(简称WebCruiser),官方网站https://janusec.com,笔者从2.x版本开始接触,目前最新版本为3.5.6。它是一款非常实用的Web安全扫描工具,能够扫描SQL注入、Cross Site Scripting,本地文件包含、远程文件包含等漏洞,并且支持POC验证,支持SQL注入等操作,对jsp注入支持较好。
WebCruiser Web Security Scanner
weixin_34115824的博客
10-11 118
一个国外的SQL扫描工具,还不错。 WebCruiser – Web Vulnerability Scanner, a compact but powerful web security scanning tool that will aid you in auditing your site! It has a Vulnerabi...
WebCruiser.Web.Vulnerability.Scanner.Enterprise.v2.5.0.Cracked
11-14
WebCruiser.Web.Vulnerability.Scanner.Enterprise.v2.5.0.Cracked 找了半天才找到
WebCruiser
10-31
- Web Vulnerability Scanner Enterprise Edition v2.3.1 :WebCruiserWebVulnerabilityScanner是一个小巧但功能不凡的Web应用漏洞扫描器,能够对整个网站进行漏洞扫描,并能够对发现的漏洞(SQL注入,跨站脚...) ...
WebCruiser 专业版3.532 (附注册码)
08-17
WebCruiser - Web 漏洞扫描器,是一款轻量级但非常实用的Web安全扫描工具,能够扫描SQL注入(SQL注入), Cross Site Scripting(跨站), Local File Inclusion(本地文件包含), Remote File Inclusion(远程文件...
系统漏洞扫描工具(Windows Vulnerability Scanner).rar
07-09
Windows中的漏洞扫描检查您的Windows系统的漏洞加以保护,指导你正确的更新补丁,使您的系统安全。这一方案是由Proland软件定期更新,以检测所有发现的漏洞。该软件与Windows Vista家庭版,Windows Vista家庭高级版,Windows Vista旗舰版,Windows Vista式商业版,Windows XP(家庭版和专业版),Windows 2000、Windows 2003服务器服和专业版兼容。一旦扫描完成后,并加以保护,列出了扫描检测的 Windows中的漏洞,降低用户的风险和下载修补程序到本站进行安装。它还创建名为文件夹 Protector_Plus_Windows_Vulnerability_Scan.htm日志文件记录 Windows中的漏洞扫描已经执行。 汗,功能无法跟国内的360等工具相比,居然还要手工到微软官方下载补丁安装。
使用webcruiser扫描网站漏洞及防御教程!!!
最新发布
logic1001的博客
01-09 1398
1.WebCruiser简介WebCruiser Web VulnerabilityScanner(简称WebCruiser),官方网站https://janusec.com,笔者从2.x版本开始接触,目前最新版本为3.5.6。它是一款非常实用的Web安全扫描工具,能够扫描SQL注入、Cross Site Scripting,本地文件包含、远程文件包含等漏洞,并且支持POC验证,支持SQL注入等操作,对jsp注入支持较好。
Web应用漏洞扫描工具——JSky简介
weixin_30305735的博客
08-24 378
ZwelL继Pangolin之后推出的又一款功能强大的Web应用漏洞扫描工具——JSky。 我们做了网站以后,一般要漏洞检测,尽量保障网站的安全性。而JSky就是一款这样的工具。它的使用十分简单,打开JSky。点击工具栏的新建检测(new scan),如下图 输入要检测的网站的url 然后一直,选默认。点工具栏上开始检测按钮。 可以看到检测的结果; 左栏是爬行的结果(目录和文档),右栏...
Web Vulnerability Scanner 破解
weixin_30752699的博客
02-06 177
WebCruiser WebVulnerability Scanner 破解 破解版大多捆绑了木马病毒,还是直接从官方下载吧(WebCruiser官方网站),然后输入下面的注册码: 用户名: WWW 注册码: 870375-1968169427 即可解除限制。 相对于其它扫描器,WebCruiser的典型特点是只扫高危漏洞,并且可以只扫指定的漏洞类型(SQL注入、跨站、本地文件包含、远...
常见的Web漏洞扫描分析工具
巴胡子
10-03 4360
常见的Web漏洞扫描分析工具: (1)Acunetix Web Vulnerability Scanner(简称awvs) 是一款知名的网络漏洞扫描工具,它通过网络爬虫测试你的网站安全,监测流行安全漏洞。 其推出力一个可以进行漏洞测试的网站: http://test.vulnweb.com 功能: 网站爬行、漏洞扫描、目标发现、子域名扫描、http编辑、http模糊测试、认证测试、网络服务扫描器、...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值