How to use a web vulnerability scanner to autenthicate through in order to do the scan

Asked Jan 12 '18 at 10:16

Active Jan 12 '18 at 20:04

Viewed 243 times

I thinking about use a various mix of different scanner such as:

Burp-suite
Acunetix Vulnerability Scanner
Arachni
Owasp Zed Attack Proxy Project
Vega
W3af

though we have Active directory that is integrated with Identify Manager. (All the operations are performed in Novel Identity Manager (or Mostly Are) and are forwared to Active Directory).

Now is my question

How to use a web vulnerability scanner to autenthicate through ad in order to the scan?

what would you recommend to do this?

Thank you in advance

edited Jan 12 '18 at 18:20

asked Jan 12 '18 at 10:16

XsiSec

Arachni does a pretty good job at logging in to the application. You can check http://support.arachni-scanner.com/kb/general-use/logging-in-and-maintaining-a-valid-session for additional information. – TiredOfProgramming Mar 06 '18 at 19:11
pretty much Arachni spawns a headless browser called PhantomJS(http://phantomjs.org/) and Watir(http://watir.com/) (Ruby representation of Selenium webdriver). With that being said, you can write your own Ruby (.rb) or JavaScript (.js) script to authenticate through the login screen of your web application. – TiredOfProgramming Mar 07 '18 at 14:53

How to use a web vulnerability scanner to autenthicate through in order to do the scan

0 Answers0