A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.
Questions tagged [vulnerability-scanners]
395 questions
1
vote
2 answers
What is the best way to get OWASP ZAP to fuzz parameters with real data?
I'm trying to import and scan Open API Definitions and it seems to me that the url parameters and request body are not being replaced with real data. Is there a way for OWASP ZAP to automatically replace those parameters and body requests with real…
user8348136
- 11
- 2
1
vote
1 answer
Web vulnerability scanners with API
I want to automate web vulnerability scanning and generate a HTML/PDF report.
Are there any WVS that offer a scanning and reporting API? If so, what are some examples?
Vilius Povilaika
- 972
- 8
- 20
1
vote
2 answers
What types of vulnerabilities just can't be located by a default scanner?
If I'm wiling to test a web application.
For what types of vulnerabilities can't a application scanner scan and where can't a application scanner scan (eg. in what property) by its most "forces"?
Scanners such as Vega, Nikto, Burp.
Shell
- 11
- 2
1
vote
2 answers
VeraCode static code scan reports "Improper Neutralization of CRLF Sequences in HTTP Headers" for frontend code
I have the following code in my frontend javascript which basically reads the csrf cookie value and sets that in the ajax calls done via jquery.
var csrftoken = self.getCookie('csrftoken');
xhr.setRequestHeader("X-CSRFToken",…
Divick
- 121
- 2
1
vote
1 answer
VeraCode static code scan of django view reports "External control of Filename or Path" on render method
Veracode is reporting a security issue on a piece of code which seems pretty innocuous to me. The code is built with python/Django and the line in question is:
return render(request, 'core/create-user.html', context)
The render shortcut for django…
Divick
- 121
- 2
1
vote
0 answers
How to configure webapplication vuln scanner for local web apps
I am in the process of evaluating a number of webapp vuln scanners. For this task, I attack intentionally vulnerable web apps. So far I tried:
Scanner > BurpPro Scanner, arachni, ZAP, wapiti, nikto, w3af
Apps > JuiceShop, DVWA, WebGoat, bWAPP
For…
breachr
- 11
- 1
1
vote
1 answer
Is it reasonable to provide admin access for a PCI vulnerability scan?
My organization is going through a PCI-DSS compliance process. As part of that, we're contracting out our external and internal vulnerability scans.
The contractor is asking for admin access to our servers so they can verify that all our software…
AlexLostDba
- 13
- 2
1
vote
1 answer
Can Blind SQL/Boolean Based SQL Injections not contain break characters or comparisons?
I'm using a scanner which passes subtraction attack traffic such as (1-1), (3-2), (5-2), etc. There are no break or continuation characters such as semicolons or &&, nor is there a comparison using an equals sign or similar (and not function call).…
user8897013
- 123
- 4
1
vote
1 answer
What are the benefits of using Nessus in addition to Azure Security Center?
Are there any benefits to using vulnerability scanners such as Nessus Pro or Tenable.io, if we are already using Azure Security Center for vulnerability and update management?
Or does it have any negative effects to do so?
Stephen
- 31
- 2
1
vote
1 answer
How can I detect CVE-2018-0886 vulnerable hosts in my network?
I know that the vulnerability is a bit old,but still an important one. Today, by chance I found out that a PC with Windows 7 didn't have the update applied and I'm wondering if there are more.
Most of PCs are on WSUS and all of them on a Windows…
aseques
- 111
- 3
1
vote
0 answers
Is there away to retrieve results (including found vulnerabilities) of a specific scan from one API call?
Is there away to retrieve results (including found vulnerabilities) of a specific scan from one API call?
From InsightVm documentation, the GET scan API call returns only scan info with statistics of the found vulnerabilities, without information of…
Ikenahim77
- 11
- 4
1
vote
1 answer
Nikto commandline options
I was reading from Nikto's site on the commandline options used and I am curious about this option
https://cirt.net/nikto2-docs/options.html
-ask
Whether to ask about submitting updates: yes (ask about each-- the default), no (don't ask, just send),…
localacct
- 177
- 1
- 1
- 7
1
vote
2 answers
Changing IP ID generation of a server
I've seen plenty about Idle Scans and incremental IP IDs on the net, but I have trouble finding a "solution" to the problem. Is there a way to "set" IP IDs for example to all zeros or is it coded into the kernel?
Concrete example: Host has random…
user857990
- 903
- 1
- 9
- 21
1
vote
2 answers
Securimage php library for Captcha Code showing security issues in Arachni Scanner
I have used the securimage PHP library to show a captcha on my form. But when I'm scanning my page for vulnerabilities using Arachni scanner, it shows the following message and it's trying to scan the same page with some different values…
Abdul Rahman
- 139
- 1
- 7
1
vote
0 answers
Metasploit wmap_run -e freezes on auxiliary/scanner/http/brute_dirs module, returns 404
I am trying to run a wmap scan on a web app locally on my Mac. But when wmap reached File/Dir testing, more specifically the brute force module, it does not show anything for path (even though the path was defined, as it works for the other modules)…
Viren Sareen
- 11
- 2