ScannerVersionVendor
Grabber0.1Romain Gaucher

Tested Against WAVSEP Version:
1.0

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
15.44% Detection Rate
20.00% False Positives		(21/136)
(2/10)
Response TypeInput VectorDetection RateDetails
Errorneous 500 ResponsesHTTP GET (Query String Parameters)0 out of 20Cases Missed: 1-19
Errorneous 500 ResponsesHTTP POST (Body Parameters)1 out of 20Cases Detected: 2 Cases Missed: 1(1st&2nd),3-19
Errorneous 200 ResponsesHTTP GET (Query String Parameters)0 out of 20Cases Missed: 1-19
Errorneous 200 ResponsesHTTP POST (Body Parameters)18 out of 20Cases Detected: 1(1st&2nd)-5,7-15,17-19 Cases Missed: 6,16
Valid 200 ResponsesHTTP GET (Query String Parameters)0 out of 20Cases Missed: 1-19
Valid 200 ResponsesHTTP POST (Body Parameters)2 out of 20Inconsistent results. Cases Detected: 2,4 Cases Missed: 1(1st&2nd),3,5-19
Identical 200 ResponsesHTTP GET (Query String Parameters)0 out of 8Cases Missed: 1-8
Identical 200 ResponsesHTTP POST (Body Parameters)0 out of 8Cases Missed: 1-8
False Positive SQLi Test CasesHTTP GET (Query String Parameters)2 out of 104,8
The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
50.00% Detection Rate
100.00% False Positives		(33/66)
(7/7)
Response TypeInput VectorDetection RateDetails
Reflected XSSHTTP GET (Query String Parameters)0 out of 33Cases Missed: 1-32
Reflected XSSHTTP POST (Body Parameters)33 out of 33Cases Detected: 1-32 (Full)
False Positive RXSS Test CasesHTTP GET (Query String Parameters)7 out of 71-7
WAVSEP Scan Log:
The tool can be configured using a configuration file or using command line arguments. Initially I tried using the configuration file (pretty simple), but I also executed the tool with the following command:
grabber --spider 1 --sql --bsql --backup --include --javascript --session --xss --url http://192.168.46.2:8080/wavsep/index-xss.jsp >> scanlog_WavSepXSS.log
The tool ignored direct references to index URLs, so I copied the content of index-xss.jsp, index-sql.jsp and index-false.jsp into the index.jsp page (one at a time), and executed the scan using the following command:
grabber --spider 1 --sql --bsql --xss --url http://192.168.46.2:8080/wavsep
For some bizarre reason, even though the tool successfully crawled all URLs, it did not scan any GET parameters, and instead, only scanned forms (POST parameters). Since all the false positive tests were implemented as GET URLs, I had to create special index pages, so that grabber will be able to scan the false positive cases.


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.