IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [vulnerability-scanners]

A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.

395 questions
1
vote
2 answers

What is the best way to get OWASP ZAP to fuzz parameters with real data?

I'm trying to import and scan Open API Definitions and it seems to me that the url parameters and request body are not being replaced with real data. Is there a way for OWASP ZAP to automatically replace those parameters and body requests with real…
user8348136
  • 11
  • 2
1
vote
1 answer

Web vulnerability scanners with API

I want to automate web vulnerability scanning and generate a HTML/PDF report. Are there any WVS that offer a scanning and reporting API? If so, what are some examples?
Vilius Povilaika
  • 972
  • 8
  • 20
1
vote
2 answers

What types of vulnerabilities just can't be located by a default scanner?

If I'm wiling to test a web application. For what types of vulnerabilities can't a application scanner scan and where can't a application scanner scan (eg. in what property) by its most "forces"? Scanners such as Vega, Nikto, Burp.
Shell
  • 11
  • 2
1
vote
2 answers

VeraCode static code scan reports "Improper Neutralization of CRLF Sequences in HTTP Headers" for frontend code

I have the following code in my frontend javascript which basically reads the csrf cookie value and sets that in the ajax calls done via jquery. var csrftoken = self.getCookie('csrftoken'); xhr.setRequestHeader("X-CSRFToken",…
Divick
  • 121
  • 2
1
vote
1 answer

VeraCode static code scan of django view reports "External control of Filename or Path" on render method

Veracode is reporting a security issue on a piece of code which seems pretty innocuous to me. The code is built with python/Django and the line in question is: return render(request, 'core/create-user.html', context) The render shortcut for django…
Divick
  • 121
  • 2
1
vote
0 answers

How to configure webapplication vuln scanner for local web apps

I am in the process of evaluating a number of webapp vuln scanners. For this task, I attack intentionally vulnerable web apps. So far I tried: Scanner > BurpPro Scanner, arachni, ZAP, wapiti, nikto, w3af Apps > JuiceShop, DVWA, WebGoat, bWAPP For…
breachr
  • 11
  • 1
1
vote
1 answer

Is it reasonable to provide admin access for a PCI vulnerability scan?

My organization is going through a PCI-DSS compliance process. As part of that, we're contracting out our external and internal vulnerability scans. The contractor is asking for admin access to our servers so they can verify that all our software…
AlexLostDba
  • 13
  • 2
1
vote
1 answer

Can Blind SQL/Boolean Based SQL Injections not contain break characters or comparisons?

I'm using a scanner which passes subtraction attack traffic such as (1-1), (3-2), (5-2), etc. There are no break or continuation characters such as semicolons or &&, nor is there a comparison using an equals sign or similar (and not function call).…
user8897013
  • 123
  • 4
1
vote
1 answer

What are the benefits of using Nessus in addition to Azure Security Center?

Are there any benefits to using vulnerability scanners such as Nessus Pro or Tenable.io, if we are already using Azure Security Center for vulnerability and update management? Or does it have any negative effects to do so?
Stephen
  • 31
  • 2
1
vote
1 answer

How can I detect CVE-2018-0886 vulnerable hosts in my network?

I know that the vulnerability is a bit old,but still an important one. Today, by chance I found out that a PC with Windows 7 didn't have the update applied and I'm wondering if there are more. Most of PCs are on WSUS and all of them on a Windows…
aseques
  • 111
  • 3
1
vote
0 answers

Is there away to retrieve results (including found vulnerabilities) of a specific scan from one API call?

Is there away to retrieve results (including found vulnerabilities) of a specific scan from one API call? From InsightVm documentation, the GET scan API call returns only scan info with statistics of the found vulnerabilities, without information of…
Ikenahim77
  • 11
  • 4
1
vote
1 answer

Nikto commandline options

I was reading from Nikto's site on the commandline options used and I am curious about this option https://cirt.net/nikto2-docs/options.html -ask Whether to ask about submitting updates: yes (ask about each-- the default), no (don't ask, just send),…
localacct
  • 177
  • 1
  • 1
  • 7
1
vote
2 answers

Changing IP ID generation of a server

I've seen plenty about Idle Scans and incremental IP IDs on the net, but I have trouble finding a "solution" to the problem. Is there a way to "set" IP IDs for example to all zeros or is it coded into the kernel? Concrete example: Host has random…
user857990
  • 903
  • 1
  • 9
  • 21
1
vote
2 answers

Securimage php library for Captcha Code showing security issues in Arachni Scanner

I have used the securimage PHP library to show a captcha on my form. But when I'm scanning my page for vulnerabilities using Arachni scanner, it shows the following message and it's trying to scan the same page with some different values…
Abdul Rahman
  • 139
  • 1
  • 7
1
vote
0 answers

Metasploit wmap_run -e freezes on auxiliary/scanner/http/brute_dirs module, returns 404

I am trying to run a wmap scan on a web app locally on my Mac. But when wmap reached File/Dir testing, more specifically the brute force module, it does not show anything for path (even though the path was defined, as it works for the other modules)…
Viren Sareen
  • 11
  • 2
1 2 3
26 27