Logo	Scanner	Version	Vendor
	Wapiti	2.2.1	OWASP

Tested Against WAVSEP Version:

1.2

The SQL Injection Detection Accuracy of the Scanner:

Detection Accuracy			Chart
100.00% Detection Rate 50.00% False Positives	(136/136) (5/10)

Response Type	Input Vector	Detection Rate	Details
Errorneous 500 Responses	HTTP GET (Query String Parameters)	20 out of 20	Cases Detected: 1(1st&2nd)-19
Errorneous 500 Responses	HTTP POST (Body Parameters)	20 out of 20	Cases Detected: 1(1st&2nd)-19
Errorneous 200 Responses	HTTP GET (Query String Parameters)	20 out of 20	Cases Detected: 1(1st&2nd)-19
Errorneous 200 Responses	HTTP POST (Body Parameters)	20 out of 20	Cases Detected: 1(1st&2nd)-19
Valid 200 Responses	HTTP GET (Query String Parameters)	20 out of 20	Cases Detected: 1(1st&2nd)-19
Valid 200 Responses	HTTP POST (Body Parameters)	20 out of 20	Cases Detected: 1(1st&2nd)-19
Identical 200 Responses	HTTP GET (Query String Parameters)	8 out of 8	Cases Detected: 1-8
Identical 200 Responses	HTTP POST (Body Parameters)	8 out of 8	Cases Detected: 1-8
False Positive SQLi Test Cases	HTTP GET (Query String Parameters)	5 out of 10	1,2,6,7,8

The Reflected XSS Detection Accuracy of the Scanner:

Detection Accuracy			Chart
16.67% Detection Rate 42.86% False Positives	(11/66) (3/7)

Response Type	Input Vector	Detection Rate	Details
Reflected XSS	HTTP GET (Query String Parameters)	5 out of 33	Cases Detected: 1,3,5,30(1st&2nd) Cases Missed: 2,4,6-29,31,32
Reflected XSS	HTTP POST (Body Parameters)	6 out of 33	Cases Detected: 1,3,5,30(1st&2nd),32 Cases Missed: 2,4,6-29,31
False Positive RXSS Test Cases	HTTP GET (Query String Parameters)	3 out of 7	1,2,6

The Local File Inclusion Detection Accuracy of the Scanner:

Detection Accuracy			Chart
54.90% Detection Rate 25.00% False Positives	(448/816) (2/8)

Response Type	Input Vector	Detection Rate	Details
Errorneous 500 Responses	HTTP GET (Query String Parameters)	68 out of 68	Windows: 1-68
Errorneous 500 Responses	HTTP POST (Body Parameters)	68 out of 68	Windows: 1-68
Errorneous 200 Responses	HTTP GET (Query String Parameters)	36 out of 68	Windows: 1,3,5,7,9-24,37-44,53-60
Errorneous 200 Responses	HTTP POST (Body Parameters)	36 out of 68	Windows: 1,3,5,7,9-24,37-44,53-60
Valid 200 Responses	HTTP GET (Query String Parameters)	30 out of 68	Windows: 1,3,5,7,9-24,37,38,40,42,44,53,54,56,58,60
Valid 200 Responses	HTTP POST (Body Parameters)	30 out of 68	Windows: 1,3,5,7,9-24,37,38,40,42,44,53,54,56,58,60
Identical 200 Responses	HTTP GET (Query String Parameters)	30 out of 68	Windows: 1,3,5,7,9-24,37,38,40,42,44,53,54,56,58,60
Identical 200 Responses	HTTP POST (Body Parameters)	30 out of 68	Windows: 1,3,5,7,9-24,37,38,40,42,44,53,54,56,58,60
Redirect (302) Responses	HTTP GET (Query String Parameters)	30 out of 68	Windows: 1,3,5,7,9-24,37,38,40,42,44,53,54,56,58,60
Redirect (302) Responses	HTTP POST (Body Parameters)	30 out of 68	Windows: 1,3,5,7,9-24,37,38,40,42,44,53,54,56,58,60
Erroneous 404 Responses	HTTP GET (Query String Parameters)	30 out of 68	Windows: 1,3,5,7,9-24,37,38,40,42,44,53,54,56,58,60
Erroneous 404 Responses	HTTP POST (Body Parameters)	30 out of 68	Windows: 1,3,5,7,9-24,37,38,40,42,44,53,54,56,58,60
False Positive Lfi Test Cases	HTTP GET (Query String Parameters)	2 out of 8	7 and some sql injection test cases

The Remote File Inclusion Detection Accuracy of the Scanner:

Detection Accuracy			Chart
57.41% Detection Rate 0.00% False Positives	(62/108) (0/6)

Response Type	Input Vector	Detection Rate	Details
Errorneous 500 Responses	HTTP GET (Query String Parameters)	9 out of 9	Detected: 1-9
Errorneous 500 Responses	HTTP POST (Body Parameters)	9 out of 9	Detected: 1-9
Errorneous 200 Responses	HTTP GET (Query String Parameters)	6 out of 9	Detected: 1-4,8,9
Errorneous 200 Responses	HTTP POST (Body Parameters)	6 out of 9	Detected: 1-4,8,9
Valid 200 Responses	HTTP GET (Query String Parameters)	4 out of 9	Detected: 1-4
Valid 200 Responses	HTTP POST (Body Parameters)	4 out of 9	Detected: 1-4
Identical 200 Responses	HTTP GET (Query String Parameters)	4 out of 9	Detected: 1-4
Identical 200 Responses	HTTP POST (Body Parameters)	4 out of 9	Detected: 1-4
Redirect (302) Responses	HTTP GET (Query String Parameters)	4 out of 9	Detected: 1-4
Redirect (302) Responses	HTTP POST (Body Parameters)	4 out of 9	Detected: 1-4
Erroneous 404 Responses	HTTP GET (Query String Parameters)	4 out of 9	Detected: 1-4
Erroneous 404 Responses	HTTP POST (Body Parameters)	4 out of 9	Detected: 1-4
False Positive Rfi Test Cases	HTTP GET (Query String Parameters)	0 out of 6	None

WAVSEP Scan Log:

I executed the scan multiple times without using while using a policy that included only the file plugin (-all, file): python wapiti.py http://localhost:8080/wavsep/active/[path-to-dir]/index.jsp --start http://localhost:8080/wavsep/active/[path-to-dir]/index.jsp --module "-all,file" --underline --scope "domain" --verbose 2 --reportType "html" --output "results-lfi-rfi" Wivet: python wapiti.py http://192.168.56.102/wivet/index.php --start "http://[ip-address]/wivet/index.php" --module "-all,xss" --underline --scope "domain" -p http://[proxy-ip-adress]:8888/ --verbose 2 --reportType "html" --output "resultWivet"

The WIVET Score of the Scanner:

Detection Accuracy		Chart
10.0% Detection Rate

WIVET Scan Log:

Defined the WIVET website as a proxy in IE, loaded fiddler (which then forward the communication to the system proxy - the WIVET website), defined a valid cookie in fiddler's filter features, and scanned fiddler with wapiti, as if it was WIVET. python wapiti.py http://192.168.56.102/wivet/index.php --start "http://[ip-address]/wivet/index.php" --module "-all,xss" --underline --scope "domain" -p http://[proxy-ip-adress]:8888/ --verbose 2 --reportType "html" --output "resultWivet"

Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.