phamminhtuan
28-12-2010, 10:35 AM
Acunetix Web Vulnerability Scanner updated 6/7/2010
http://i533.photobucket.com/albums/ee334/sandstorm2008/new/21/web-vulnerability-scanner.png (http://i533.photobucket.com/albums/ee334/sandstorm2008/new/21/web-vulnerability-scanner.png)
Acunetix là một công cụ cực kỳ hữu ích dành cho :
Các webmaster để kiểm tra lỗi cho ứng dụng web của mình
Các nhà quản trị server dùng để kiểm lỗi cho ứng dụng web chạy trên server để đưa ra các cảnh báo kịp thời cho các webmaster Acunetix có thể hổ trợ bạn.
Tìm kiếm lỗi của một website: SQL Injection, XSS…
Tìm kiếm cấu trúc của một website.
Tìm kiếm lỗi của server chứa website và các thông tin liên quan đến server của website.
Báo cáo cũng như gợi ý chỉnh sửa các lỗi của website.
Lưu các kết quả báo cáo cho việc fix lỗi sau này.
Lập lịch tiến hành scan lỗi cho website.
Cùng nhiều công cụ hổ trợ fix lỗi website khác.
http://ubuntuonline.files.wordpress.com/2010/08/acunetix.jpg?w=1024 (http://ubuntuonline.files.wordpress.com/2010/08/acunetix.jpg)
New version :
http://www.mediafire.com/?w5eljawbiz9ikp1
(http://it.camauonline.net/tutorial-hackin9/acunetix-wvs-version-7-build-20101012.html)
Những lỗi mà Acunetix có thể phát hiện được:
Version Check (http://www.acunetix.com/vulnerability/module/Version_check)
Vulnerable Web Servers
Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
CGI Tester (http://www.acunetix.com/vulnerability/module/CGI_Tester)
Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
Verify Web Server Technologies
Parameter Manipulation (http://www.acunetix.com/vulnerability/module/Parameter_manipulation)
Cross-Site Scripting (XSS) (http://www.acunetix.com/websitesecurity/cross-site-scripting.htm) – over 40 different XSS variations are tested.
SQL Injection (http://www.acunetix.com/websitesecurity/sql-injection.htm)
Code Execution(Unix (http://www.acunetix.com/vulnerability/advisory/Code_execution__Unix_) and Windows (http://www.acunetix.com/vulnerability/advisory/Code_execution__Windows_))
Directory Traversal (http://www.acunetix.com/websitesecurity/directory-traversal.htm) (Unix (http://www.acunetix.com/vulnerability/advisory/Directory_traversal__Unix_) and Windows (http://www.acunetix.com/vulnerability/advisory/Directory_traversal__Windows_))
File Inclusion (http://www.acunetix.com/vulnerability/advisory/File_inclusion)
Script Source Code Disclosure (http://www.acunetix.com/vulnerability/advisory/Script_source_code_disclosure)
CRLF Injection (http://www.acunetix.com/websitesecurity/crlf-injection.htm)
Cross Frame Scripting (XFS) (http://www.acunetix.com/vulnerability/advisory/Cross_Frame_Scripting)
PHP Code Injection (http://www.acunetix.com/vulnerability/advisory/PHP_code_injection)
XPath Injection (http://www.acunetix.com/vulnerability/advisory/XPath_injection)
Full Path Disclosure (http://www.acunetix.com/vulnerability/advisory/Full_path_disclosure)
LDAP Injection (http://www.acunetix.com/vulnerability/advisory/LDAP_injection)
Cookie Manipulation (http://www.acunetix.com/vulnerability/advisory/Cookie_manipulation)
Arbitrary File creation (http://www.acunetix.com/vulnerability/advisory/Arbitrary_file_creation__AS_) (AcuSensor Technology)
Arbitrary File deletion (http://www.acunetix.com/vulnerability/advisory/Arbitrary_file_deletion__AS_) (AcuSensor Technology)
Email Injection (http://www.acunetix.com/vulnerability/advisory/Email_Injection__AS_) (AcuSensor Technology)
File Tampering (http://www.acunetix.com/vulnerability/advisory/File_tampering__AS_) (AcuSensor Technology)
URL redirection (http://www.acunetix.com/vulnerability/advisory/URL_redirection)
Remote XSL inclusion (http://www.acunetix.com/vulnerability/advisory/Remote_XSL_inclusion)
MultiRequest Parameter Manipulation (http://www.acunetix.com/vulnerability/module/MultiRequest_parameter_manipulation)
Blind SQL/XPath Injection
File Checks (http://www.acunetix.com/vulnerability/module/File_checks)
Checks for Backup Files or Directories – Looks for common files (such as logs, application traces, CVS web repositories) (http://www.acunetix.com/vulnerability/advisory/Backup_files)
Cross Site Scripting in URI (http://www.acunetix.com/vulnerability/advisory/Cross_Site_Scripting_in_URI)
Checks for Script Errors
File Uploads
Unrestricted File uploads Checks (http://it.camauonline.net/websitesecurity/upload-forms-threat.htm)
Directory Checks (http://www.acunetix.com/vulnerability/module/Directory_checks)
Looks for Common Files (such as logs, traces, CVS)
Discover Sensitive Files/Directories
Discovers Directories with Weak Permissions
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
HTTP Verb Tampering
Text Search (http://www.acunetix.com/vulnerability/module/Text_search)
Directory Listings
Source Code Disclosure
Check for Common Files
Check for Email Addresses
Microsoft Office Possible Sensitive Information
Local Path Disclosure
Error Messages
Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)
Weak Passwords (http://www.acunetix.com/vulnerability/module/Weak_Passwords)
Weak HTTP Passwords (http://www.acunetix.com/websitesecurity/authentication.htm)
GHDB Google Hacking Database (http://www.acunetix.com/websitesecurity/google-hacking.htm)
Over 1200 GHDB Search Entries in the Database
Port Scanner and Network Alerts (http://www.acunetix.com/vulnerability/module/Scripts)
Port scans the web server and obtains a list of open ports with banners
Performs complex network level vulnerability checks on open ports such as:
DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
Security and configuration checks for badly configured proxy servers
Checks for weak SNMP community strings and weak SSL cyphers
and many other network level vulnerability checks!
Other vulnerability tests may also be preformed using the manual tools provided, including:
Input Validation
Authentication attacks
Buffer overflows
Blind SQL injection
Sub domain scanning
http://i533.photobucket.com/albums/ee334/sandstorm2008/new/21/web-vulnerability-scanner.png (http://i533.photobucket.com/albums/ee334/sandstorm2008/new/21/web-vulnerability-scanner.png)
Acunetix là một công cụ cực kỳ hữu ích dành cho :
Các webmaster để kiểm tra lỗi cho ứng dụng web của mình
Các nhà quản trị server dùng để kiểm lỗi cho ứng dụng web chạy trên server để đưa ra các cảnh báo kịp thời cho các webmaster Acunetix có thể hổ trợ bạn.
Tìm kiếm lỗi của một website: SQL Injection, XSS…
Tìm kiếm cấu trúc của một website.
Tìm kiếm lỗi của server chứa website và các thông tin liên quan đến server của website.
Báo cáo cũng như gợi ý chỉnh sửa các lỗi của website.
Lưu các kết quả báo cáo cho việc fix lỗi sau này.
Lập lịch tiến hành scan lỗi cho website.
Cùng nhiều công cụ hổ trợ fix lỗi website khác.
http://ubuntuonline.files.wordpress.com/2010/08/acunetix.jpg?w=1024 (http://ubuntuonline.files.wordpress.com/2010/08/acunetix.jpg)
New version :
http://www.mediafire.com/?w5eljawbiz9ikp1
(http://it.camauonline.net/tutorial-hackin9/acunetix-wvs-version-7-build-20101012.html)
Những lỗi mà Acunetix có thể phát hiện được:
Version Check (http://www.acunetix.com/vulnerability/module/Version_check)
Vulnerable Web Servers
Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
CGI Tester (http://www.acunetix.com/vulnerability/module/CGI_Tester)
Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
Verify Web Server Technologies
Parameter Manipulation (http://www.acunetix.com/vulnerability/module/Parameter_manipulation)
Cross-Site Scripting (XSS) (http://www.acunetix.com/websitesecurity/cross-site-scripting.htm) – over 40 different XSS variations are tested.
SQL Injection (http://www.acunetix.com/websitesecurity/sql-injection.htm)
Code Execution(Unix (http://www.acunetix.com/vulnerability/advisory/Code_execution__Unix_) and Windows (http://www.acunetix.com/vulnerability/advisory/Code_execution__Windows_))
Directory Traversal (http://www.acunetix.com/websitesecurity/directory-traversal.htm) (Unix (http://www.acunetix.com/vulnerability/advisory/Directory_traversal__Unix_) and Windows (http://www.acunetix.com/vulnerability/advisory/Directory_traversal__Windows_))
File Inclusion (http://www.acunetix.com/vulnerability/advisory/File_inclusion)
Script Source Code Disclosure (http://www.acunetix.com/vulnerability/advisory/Script_source_code_disclosure)
CRLF Injection (http://www.acunetix.com/websitesecurity/crlf-injection.htm)
Cross Frame Scripting (XFS) (http://www.acunetix.com/vulnerability/advisory/Cross_Frame_Scripting)
PHP Code Injection (http://www.acunetix.com/vulnerability/advisory/PHP_code_injection)
XPath Injection (http://www.acunetix.com/vulnerability/advisory/XPath_injection)
Full Path Disclosure (http://www.acunetix.com/vulnerability/advisory/Full_path_disclosure)
LDAP Injection (http://www.acunetix.com/vulnerability/advisory/LDAP_injection)
Cookie Manipulation (http://www.acunetix.com/vulnerability/advisory/Cookie_manipulation)
Arbitrary File creation (http://www.acunetix.com/vulnerability/advisory/Arbitrary_file_creation__AS_) (AcuSensor Technology)
Arbitrary File deletion (http://www.acunetix.com/vulnerability/advisory/Arbitrary_file_deletion__AS_) (AcuSensor Technology)
Email Injection (http://www.acunetix.com/vulnerability/advisory/Email_Injection__AS_) (AcuSensor Technology)
File Tampering (http://www.acunetix.com/vulnerability/advisory/File_tampering__AS_) (AcuSensor Technology)
URL redirection (http://www.acunetix.com/vulnerability/advisory/URL_redirection)
Remote XSL inclusion (http://www.acunetix.com/vulnerability/advisory/Remote_XSL_inclusion)
MultiRequest Parameter Manipulation (http://www.acunetix.com/vulnerability/module/MultiRequest_parameter_manipulation)
Blind SQL/XPath Injection
File Checks (http://www.acunetix.com/vulnerability/module/File_checks)
Checks for Backup Files or Directories – Looks for common files (such as logs, application traces, CVS web repositories) (http://www.acunetix.com/vulnerability/advisory/Backup_files)
Cross Site Scripting in URI (http://www.acunetix.com/vulnerability/advisory/Cross_Site_Scripting_in_URI)
Checks for Script Errors
File Uploads
Unrestricted File uploads Checks (http://it.camauonline.net/websitesecurity/upload-forms-threat.htm)
Directory Checks (http://www.acunetix.com/vulnerability/module/Directory_checks)
Looks for Common Files (such as logs, traces, CVS)
Discover Sensitive Files/Directories
Discovers Directories with Weak Permissions
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
HTTP Verb Tampering
Text Search (http://www.acunetix.com/vulnerability/module/Text_search)
Directory Listings
Source Code Disclosure
Check for Common Files
Check for Email Addresses
Microsoft Office Possible Sensitive Information
Local Path Disclosure
Error Messages
Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)
Weak Passwords (http://www.acunetix.com/vulnerability/module/Weak_Passwords)
Weak HTTP Passwords (http://www.acunetix.com/websitesecurity/authentication.htm)
GHDB Google Hacking Database (http://www.acunetix.com/websitesecurity/google-hacking.htm)
Over 1200 GHDB Search Entries in the Database
Port Scanner and Network Alerts (http://www.acunetix.com/vulnerability/module/Scripts)
Port scans the web server and obtains a list of open ports with banners
Performs complex network level vulnerability checks on open ports such as:
DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
Security and configuration checks for badly configured proxy servers
Checks for weak SNMP community strings and weak SSL cyphers
and many other network level vulnerability checks!
Other vulnerability tests may also be preformed using the manual tools provided, including:
Input Validation
Authentication attacks
Buffer overflows
Blind SQL injection
Sub domain scanning