For those people who are interested to know more about the full edition of Netsparker, here is the list of vulnerabilities that Netsparker licensed edition scans for.
Vulnerabilities : E-mail Address Disclosure, Internal IP Disclosure, Cookies are not marked as Secure, Cookies are not marked as HTTPOnly, Directory Listing, Stack Trace Disclosure, Version Disclosure, Access Denied Resources, Internal Path Disclosure, Programming Error Messages, Database Error Messages, SQL Injection, Local File Inclusions & Arbitrary File Reading, Remote File Inclusions, Remote Code Injection / Evaluation, XSS (Cross-site Scripting), OS Level Command Injection, CRLF / HTTP Header Injection / Response Splitting, Find Backup Files, Crossdomain.xml Analysis, Finds and Analyses Potential Issues in Robots.txt, Finds and Analyses Google Sitemap Files, Detect TRACE / TRACK Method Support, Detect ASP.NET Debugging, Detect ASP.NET Trace, Checks for CVS, GIT and SVN Information and Source Code Disclosure Issues, Finds PHPInfo() pages and PHPInfo() disclosure in other pages, Finds Apache Server-Status and Apache Server-Info pages, Find Hidden Resources, Basic Authentication over HTTP, Password Transmitted over HTTP, Password Form Served over HTTP, Source Code Disclosure, Auto Complete Enabled, ViewState is not Signed, ViewState is not Encrypted, Custom 404 Detection, Heuristic URL Rewrite Detection.
Once downloaded, it shouldn’t take any trouble to install it. Before actually going into the scan details let’s have a brief look at the main features of Netsparker community edition.
Main Features of Netsparker Community Edition:
- Netsparker boasts of generating false positive free report which means that Netsparker assures that all the vulnerabilities reported by it are real and existing. Netsparker not only tries to identify but also exploits the issue to make sure that it’s a valid finding. For those issues where the tool is not confident or issues which might require manual investigation, the issue is mentioned as ‘Possible’ or ‘High Possibility’ etc.
- It supports AJAX and JavaScript.
- Netsparker supports several authentication methods: Basic, Form, NTLM and Digest Authentication. So depending on your application, you can use any of the mentioned methods. Unfortunately this option is not provided in the community edition.
- Netsparker identifies the issue, classifies it further and presents the remediation details. For instance if an XSS vulnerability is identified, the summary of the vulnerability and remediation details are provided.
- Supports error based and Boolean based SQL injection. Time based SQL injection is not supported in the community edition.
- Community edition provides free automated updates.
Steps to scan:
- Start New Scan Start the Netsparker Community Edition and go to File
- In the window that appeared enter the target URL (say http://demo.testfire.net/ ) and select ‘full scan’ in the drop down window adjacent to it.
- Now click on ‘Start scan’ present at the bottom of the window.
- The scan will be started and the screen would be populated with the identified vulnerabilities one by one.
- At the end of the scan you will be presented with the below screen which shows the Site Map, Dashboard, Issues, vulnerabilities identified, etc.
As shown in the above figure, it has identified issues related to SQL Injection, Cross site scripting, Cookie not marked HTTPOnly, autocomplete enabled etc. It’s up to the penetration tester or the developer to analyse and confirm whether it’s a false positive or a valid finding.
The Site map provides hierarchical structure of the website listing the directories and pages under them. Click on a particular vulnerability and its corresponding details can be viewed under ‘Vulnerability’ tab. The ‘Browser View’ tab shows the same in browser. HTTP Request/Response tab is the one where you can analyse the issue, see the request parameters etc.
The Site map provides hierarchical structure of the website listing the directories and pages under them. Click on a particular vulnerability and its corresponding details can be viewed under ‘Vulnerability’ tab. The ‘Browser View’ tab shows the same in browser. HTTP Request/Response tab is the one where you can analyse the issue, see the request parameters etc.
You can also group the issues by severity, Vulnerability type, Confirmed/Not Confirmed and URL. You can play with the scan configuration by selecting the ‘Settings’ option where you can modify settings related to scanning, crawling, proxy etc.
Download from here -
Works on Windows XP, 7, Vista, 2003/2008 (x86/x64) Current Version:v2.3.0.18
Source -
http://seclists.org/fulldisclosure/2012/Aug/373
Post a Comment