This article was first published on:Walker AI

The Acunetix Web Vulnerability Scanner (AWVS) is a platform for testing and managing the security of Web applications. It automatically scans the Internet or local area networks for vulnerabilities and reports them.

1. AWVS profile

The Acunetix Web Vulnerability Scanner (AWVS) scans any Web site that is accessed through a Web browser and complies with HTTP/HTTPS rules. Suitable for any small, medium and large enterprise Intranet, epitaxy network and Web sites for customers, employees, vendors and others.

AWVS can audit the security of Web applications by checking for SQL injection vulnerabilities, XSS cross-site scripting vulnerabilities, and more.

1.1 AWVS Functions and Features

  • Automatic client-side script analyzer that allows security testing of Ajax and Web2.0 applications

  • The industry’s most advanced and in-depth SQL injection and cross-site scripting testing

  • Advanced penetration testing tools, such as HTPP Editor and HTTP Fuzzer

  • Visual macro loggers help you easily test Web forms and password-protected areas

  • Support for CAPTHCA pages, a single start command, and Two Factor validation

  • Rich reporting features, including VISA PCI compliance reporting

  • High-speed multi-threaded scanner easily retrieves thousands of pages

  • Intelligent crawlers detect Web server types and application languages

  • Acunetix searches and analyzes web sites, including Flash content, SOAP, and AJAX

  • The port scans the Web server and performs security checks on network services running on the server

  • Website bug files can be found everywhere

1.2 AWVS Working Principles

  • Scanning the entire web, by tracking all links and robots.txt on the site, AWVS maps the structure of the site and displays the details of each file.

  • After the discovery phase or scanning process, AWVS automatically launches a series of vulnerability attacks on each page it finds, essentially mimicking a hacker’s attack (using custom scripts to detect vulnerabilities). WVS analyzes where data needs to be entered on each page and tries all 3 combinations of inputs. This is an automatic scan phase.

  • After it finds a vulnerability, AWVS reports the vulnerability in Alerts Nodes, each containing information about the vulnerability and advice on how to fix it.

  • After a scan is complete, it saves the results to a file for later analysis and comparison with previous scans, and using the reporting tool, it is possible to create a professional report summarizing the scan.

2. AWVS installation

(1) Download the AWVS installation package from the official website. The trial period of this paid software is 14 days. The current version has been iterated to Acunetix WVS13

(2) Click the installation package to install, select Use Protocol, and go to the next step

(3) Fill in the email and password and go to the next step. The email and password will be used for login verification when using the software in the future

(4) Enter the port number in this step. The default port number is 3443 and you can change it based on your requirements. Ask you whether to add a shortcut to the desktop. The general option is yes, and then go to the next step

(5) Select Create desktop shortcut and go to the next step

3. Use of AWVS

3.1 Introduction to the AWVS Page

The main menu has five modules, including Dashboard, Targets, Scans, and Reports, all of which were ignored.

  • Dashboard: Dashboard that displays vulnerability information of scanned websites
  • Targets: indicates the target websites that need to be scanned
  • All of the Vulnerabilities that were scanned were ignored
  • Scans: Scans Target sites, which are selected from Target for scanning
  • Reports: Reports generated after vulnerability scanning is complete

Setting menu function description: The Settings menu consists of 8 modules, namely Users, Scan Types, Network Scanner, Issue Trackers, Email Settings, Engines, Excluded Hours, and Proxy Settings

  • Users: adds Users of the website, user authentication, user login session, and lock Settings
  • Scan Types: Scan Types. You can select full Scan, High-risk vulnerability, cross-site scripting vulnerability, SQL injection vulnerability, weak password, crawl-only, and malware Scan as required
  • Network Scanner: indicates a Network Scanner. The Network information includes the address, user name, password, port, and protocol
  • Issue Trackers: Configurable problem tracking platforms such as Github, GitLab, JIRA, etc
  • Email Settings: Configures Email sending information
  • Install remove disable Settings
  • Excluded Hours: Set the scan time. You can set the free time to scan
  • Proxy Settings: Sets Proxy server information

3.2 Scanning websites using AWVS

  • To add the url, click Save

  • Enter the scan setting page, configure the information according to project requirements, and click Scan to start scanning

  • Set scan options, generally select full scan, or set the scan type according to your requirements, and perform the scan after setting

  • After scanning, the system automatically switches to the dashboard to view the vulnerabilities discovered during scanning

  • AWVS classifies the Vulnerabilities into four levels and uses red, yellow, blue and green to indicate the level of urgency, with red indicating high, yellow indicating medium, blue indicating low, and green indicating information

  • Click to select a vulnerability, and click to enter. You can see the detailed description provided by AWVS. AWVS provides detailed description of the vulnerability, including: Vulnerability Description, Attack Details, HTTP Request, HTTP Response, and The impact of this Vulnerability, How to fix this vulnerability, Classificationa, Detailed Information, Web References Web

Classification Vulnerability Classification

CWE: CommonWeakness Enumeration is a list of common software and hardware security vulnerabilities developed by the community. It is a common language, a measuring stick for security tools, and a benchmark for vulnerability identification, mitigation and prevention efforts. For example, cWE-89 in the image below indicates that this bug is the no. 89 common vulnerability in the CWE list:

CVSS: Common Vulnerability Scoring System, or “Common Vulnerability Scoring System”, is an “industry open standard designed to assess the severity of vulnerabilities and help determine the urgency and importance of the required response”.

According to the CVSS scoring system, the final score of vulnerabilities is 10 at most and 0 at least. Bugs with a score of 7 to 10 are generally considered serious, while bugs with a score of 4 to 6.9 are intermediate and bugs with a score of 0 to 3.9 are low-level. Of these, 7 to 10 percent are bugs that must be fixed.

The following figure shows the calculation indicators of CVSS:

  • View the vulnerabilities of each module to locate faults in a timely manner

3.3 AWVS Exporting Reports

  • On the Scans page, select a report type and click Export

  • On the Reports page, you can select the report format to download, including PDF and HTML. After the scan, AWVS can also be read in different ways according to different requirements to generate different types of Reports and detailed rules. Then click the Export report icon to export the security scan report.

4. Verify the authenticity of vulnerabilities

According to the scanning of several projects of the company, several common vulnerabilities are obtained. The verification methods of these vulnerabilities are as follows:

4.1 SQL Blind Injection /SQL Injection

Verify method: use SQLMAP, GET, POST can directly SQLMAP -u “URL”, cookie SQL injection new TXT document to copy and paste the request package big data into it, then use SQLMAP -r “xxx.txt”, check whether there is injection point.

Sqlmap tutorial may refer to: www.acunetix.com/vulnerabili…

4.2 CSRF Cross-site forgery request attack

CSRF: uses the identity of a logged in user to send malicious requests under the name of the user to complete illegal operations.

For example: If A user browses and trusts website A with CSRF vulnerability, the browser generates corresponding cookies, and the user accesses dangerous website B without exiting the website. Hazardous site B requests access to Site A, making A request. The browser visits website A with the user’s cookie information. Since Website A does not know whether the request is issued by the user itself or the request from dangerous website B, it will process the request from dangerous website B, thus completing the purpose of simulating user operation.

Verification method:

  • If you open two pages in the same browser and the permission on one page is invalid, the operation on the other page is successful. If the operation is still successful, risks exist.

  • Use a tool to send a request, without adding the referer field in the HTTP request header, to verify the response to the returned message, and to redirect to the error screen or login screen.

4.3 SLOW HTTP Denial of Service Attacks

An HTTP slow denial of service attack is an HTTP request sent to a server at a very low speed. Because the Web Server has a limit on the number of concurrent connections, if these connections are maliciously occupied, all connections to the Web Server will be occupied by malicious connections, and new requests cannot be accepted, resulting in denial of service. To hold this connection, RSnake constructs a malformed HTTP request, or rather, an incomplete HTTP request.

The verification method can be referred to:

www.acunetix.com/vulnerabili…

4.4 Source Code Leakage

An attacker can analyze source code to gather sensitive information (database connection strings, application logic). This information can be used for further attacks.

Verification method: Add /. SVN /all-wcprops to the URL or use SvnExploit to test the url, for example:

4.5 File Information Leakage

It is easy for developers to upload sensitive information such as email information, SVN information, internal accounts and passwords, database connection information, and server configuration information, resulting in file information leakage.

Validation method may refer to: www.acunetix.com/vulnerabili…

5. To summarize

The scan results given by AWVS do not mean that they are completely reliable and need to be verified again by human. Based on AWVS scan results, according to the different severity levels for sorting, manual + tool validation way to verify reliability of vulnerabilities, and eliminate false positives, and find out the condition of the omission of as much as possible, put the scan results summary, the above verified the existence of security vulnerabilities prioritized, vulnerability degree of threat, and each hole repair suggestion is put forward. In general, we can use this tool for scanning analysis, but we cannot rely on this tool completely.

PS: more dry technology, pay attention to the public, | xingzhe_ai 】, and walker to discuss together!