|
Automatically check for the following vulnerabilities among others:
Version Check
Vulnerable Web Servers
Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
CGI Tester
Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
Verify Web Server Technologies
Parameter Manipulation
Cross-Site Scripting (XSS) – over 25 different XSS variations are tested.
SQL Injection
Code Execution
Directory Traversal
File Inclusion
Script Source Code Disclosure
CRLF Injection
Cross Frame Scripting (XFS)
PHP Code Injection
XPath Injection
Full Path Disclosure
LDAP Injection
Cookie Manipulation
MultiRequest Parameter Manipulation
Blind SQL/XPath Injection
File Checks
Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
Cross Site Scripting in URI
Checks for Script Errors
Directory Checks
Looks for Common Files (such as logs, traces, CVS)
Discover Sensitive Files/Directories
Discovers Directories with Weak Permissions
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
Text Search
Directory Listings
Source Code Disclosure
Check for Common Files
Check for Email Addresses
Microsoft Office Possible Sensitive Information
Local Path Disclosure
Error Messages
GHDB Google Hacking Database
Over 1200 GHDB Search Entries in the Database
Other vulnerability tests may also be preformed using the manual tools provided, including:
Input Validation
Authentication attacks
Buffer overflows
|
