0

I am wondering if anyone know's of a DAST Scanner than can either take in an authenticated request from somewhere like burp, OR some DAST software that takes username and password and then run DAST scans against the target.

I've used a ton of DAST tools like nessus, openvas, etc but they all take in a target UNAUTHENTICATED, not AUTHENTICATED and then run DAST scans against the target.

Instead of saying go hit ip 1.2.3.4 i want to say, go to 1.2.3.4/user/account for example.

Anyone have any programs that can run DAST as an authenticated user? e.g. run sqli, xss, dir traversal, etc.

Thanks

Sim
  • 1,227
  • 1
  • 13
  • 21
Jshee
  • 121
  • 4

2 Answers2

1

Let's start with that Nessus and Openvas are not DAST tools.

Burp is a very good option, you might go with, OWASP ZAP is similar, but it is 100% free. Than there are other vendors like Rapid7 Insight AppSec (not InsightVM/Nexpose), Tenable Web Application Security (not Nessus), Synopsis, etc., a simple search on Google will give you a bunch of results with vendors.

All of the major vendors can hold a session active whilst doing the scan, that's one of the basics. I would suggest looking at the report quality, ability to integrate and ease of use.

Raimonds Liepiņš
  • 994
  • 5
  • 9
0

Yes, many modern active scanners support this functionality, such as Burp: https://support.portswigger.net/customer/en/portal/articles/2363088-configuring-burp-s-session-handling-rules

Burp allows you to configure session handling that lets the scanner know when a session has been invalidated, then run a macro to create a new valid session. This generally takes the form of a certain HTTP response that indicates a session is no longer valid, and a macro that fires an HTTP POST login request that sets a session cookie.

Buffalo5ix
  • 2,636
  • 12
  • 18