[HC Official]Vulnerability Scanner

Psycho_Coder · 04-08-2013, 12:41 PM

Great tool bro, Does it checks vulnerability for xss too. If it can be upgraded for xss then it would be great tool.

The Alchemist · 04-08-2013, 01:36 PM

Yes, it checks for XSS too.

Uisu · 05-01-2013, 05:18 PM

Looks good, I want to try this tool.

1llusion · 06-27-2013, 11:13 PM

Just came to my mind, why not upgrade the XSS detection level by using Rsnakes XSS cheat sheet? A lot of scanners do that (and euh... well.. I look for help there too...)
Here are the vectors with explanation: https://www.owasp.org/index.php/XSS_Filt...heat_Sheet
I think OWASP could help you with other vulnerabilities too Smile

The Alchemist · 06-28-2013, 05:36 AM

(06-27-2013, 11:13 PM)1llusion Wrote: Just came to my mind, why not upgrade the XSS detection level by using Rsnakes XSS cheat sheet? A lot of scanners do that (and euh... well.. I look for help there too...)
Here are the vectors with explanation: https://www.owasp.org/index.php/XSS_Filt...heat_Sheet
I think OWASP could help you with other vulnerabilities too

I'll try implementing it after learning... Smile

Thanks.

hackarchives · 06-28-2013, 10:49 AM

False negatives will be encountered in websites which have any error code as a default content like some programming forums.

I suggest you take initial page content and page content after adding apostrophe(final page) and then compare. Approach can be like counting number of errors in initial page and final page and if number of errors encountered are more in final page than in initial page then , it is vulnerable.

PM me if you want my help and we can make a better version Wink

The Alchemist · 06-28-2013, 11:06 AM

(06-28-2013, 10:49 AM)hackarchives Wrote: False negatives will be encountered in websites which have any error code as a default content like some programming forums.

I suggest you take initial page content and page content after adding apostrophe(final page) and then compare. Approach can be like counting number of errors in initial page and final page and if number of errors encountered are more in final page than in initial page then , it is vulnerable.

PM me if you want my help and we can make a better version

I'll keep this in mind too while making a later version of this Vulnerability Scanner.
Thanks.

The Alchemist · 07-10-2013, 06:17 PM

(07-10-2013, 05:40 PM)kevin_n Wrote: i scanned my target with this script and also acunetix, but nothing founded
any body can help me find a bug on the target?
i really need help cuz it's been 4month that i've been searchin arround but nothing i find up to now.
if anybody would like to help please pm me i'll send the my target.
thanks all you guys

Maybe your target is very secure and bots are unable to find vulnerabilities.

The Alchemist · 07-10-2013, 06:17 PM

(07-10-2013, 05:40 PM)kevin_n Wrote: i scanned my target with this script and also acunetix, but nothing founded
any body can help me find a bug on the target?
i really need help cuz it's been 4month that i've been searchin arround but nothing i find up to now.
if anybody would like to help please pm me i'll send the my target.
thanks all you guys

Maybe your target is very secure and bots are unable to find vulnerabilities.

The Alchemist · 07-12-2013, 06:42 PM

(07-11-2013, 07:14 AM)Eks0 Wrote: Didn't think there was much of a market for things like this, but I may bring my automated XSS crawler over to this section.

Sure, we'd be interested to see that too.