![]() Scanning process – defining login formsīy clicking the finish button, you can end the configuration and start the scanning process.įigure 9. Here you can simulate the login process that will enable Acunetix to have information about the authentication.įigure 8. ![]() If there are forms that use cookies and sessions in your web application, they also can be exploited. The next step is defining the forms input. Scanning process – previewing the target technologies On the third step of the scanning process, we can see information about the targets web server and technologies used.įigure 7. Here you can make new profiles or modify the default profiles that Acunetix offers. The customization of the scanning profiles can be found on the left grouping on the main screen (Configuration -> Scanning Profiles). Most of the professional scanning tools have an option to define scanning profiles, where you choose the profile by the type of the scan you want to perform on your web application. Scanning process – defining scanning profiles Here, as an option, you can use the results of the web crawler in order to perform the scan on already defined web links of your web application.įigure 5. The first step of the scanning session is defining the target. You can start the scan process by clicking the top-left icon, labeled “New Scan.” When you do this, a new window will appear where you can customize the scan session.įigure 4. Combining these tools enables you to enhance your testing and when you are done with the scanning process you can exploit the vulnerability in order to rate its severity. Acunetix allows you to run different tools at the same time, which is awesome. But you should that know Acunetix has a very good feature that I like the most: when performing a test with one tool, at the same time you can perform a test with a different tool. I will not explain all the tools in detail, because there are a lot of them, I will leave that to you. Compare Results – Compares saved scan results and displays differences Authentication Tester – Tests password strength by performing dictionary-based attacks on basic HTTP, NTLM, or form-based authentication methodsĩ. HTTP Fuzzer – Tests for vulnerabilities such as buffer overflows and input validation by fuzzing request headers and parametersĨ. HTTP Sniffer – HTTP proxy for logging, capturing, and modifying all intercepted HTTP/HTTPS trafficħ. HTTP Editor – Enables construction of custom HTTP/S requests for analysis of the server’s responseĦ. Blind SQL Injector – Automatically exploits SQL injection to extract data from the database used on the serverĥ. Subdomain Scanner – Identifies new and unlisted subdomains from a higher-level domain, with the option to scan discovered entities for vulnerabilitiesĤ. Target Finder – Discovers any HTTP/S servers on an IP range, with the option to scan identified servers for vulnerabilitiesģ. Site Crawler – Maps a website by tracing all references links and gathering information about every discovered site file (such as scripts with inputs with possible values, file structure)Ģ. The “Tools” group consists of the following tools:ġ. In the group, every tool has similar or different row. When you click on one (for example, click on Tools) there is a nice description of each tool that is a part of that group. ![]() On the left you can see a tree display of tools and options grouped in four sections: Tools, Web Services, Configuration, and General. When you first open Acunetix, it offers a lot of tools and options. Tested version: Version 8.0 Build 20130205
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |