Web Application Vulnerability Scanner

Acunetix Product Info
Product Tour
Brochure
Product Comparison

Acunetix Feature Demo
Web scanning made simple
Recording Login Sequence
Meeting PCI Requirements with Acunetix
Data Mining with Acunetix's Blind SQL Injection Tool

Acunetix WVS literally conducts an attack on your web pages just as many hacker would. It will first crawl through the site to gather information and then conduct attack for a large suite of vulnerabilities, more than all the hackers combined.

Acunetix WVS automatically checks for the following vulnerabilities among others:

Version Check

Vulnerable Web Servers
Vulnerable Web Server Technologies - such as PHP 4.3.0 file disclosure and possible code execution.

CGI Tester

Checks for Web Servers Problems - Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
Verify Web Server Technologies

Parameter Manipulation

Cross-Site Scripting (XSS) over 40 different XSS variations are tested.
SQL Injection
Code Execution (Unix and Windows)
Directory Traversal (Unix and Windows)
File Inclusion
Script Source Code Disclosure
CRLF Injection
Cross Frame Scripting (XFS)
PHP Code Injection
XPath Injection
Full Path Disclosure
LDAP Injection
Cookie Manipulation
Arbitrary File creation (AcuSensor Technology)
Arbitrary File deletion (AcuSensor Technology)
Email Injection (AcuSensor Technology)
File Tampering (AcuSensor Technology)
URL redirection
Remote XSL inclusion

MultiRequest Parameter Manipulation

Blind SQL/XPath Injection

File Checks

Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories) Cross Site Scripting in URI Checks for Script Errors

File Uploads

Unrestricted File uploads Checks

Directory Checks

Looks for Common Files (such as logs, traces, CVS)
Discover Sensitive Files/Directories
Discovers Directories with Weak Permissions
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
HTTP Verb Tampering

Text Search

Directory Listings
Source Code Disclosure
Check for Common Files
Check for Email Addresses
Microsoft Office Possible Sensitive Information
Local Path Disclosure
Error Messages
Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)

Weak Passwords

Weak HTTP Passwords

GHDB Google Hacking Database

Over 1200 GHDB Search Entries in the Database

Port Scanner and Network Alerts

Port scans the web server and obtains a list of open ports with banners
Performs complex network level vulnerability checks on open ports such as:
  DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
  FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
  Security and configuration checks for badly configured proxy servers
  Checks for weak SNMP community strings and weak SSL cyphers
  and many other network level vulnerability checks!

Other vulnerability tests may also be preformed using the manual tools provided, including:

Input Validation
Authentication attacks
Buffer overflows
Blind SQL injection
Sub domain scanning



Buy Now

 
© 2003 - 2010 ebusinessmantra All rights reserved | Site Map