| Logo | Scanner | Version | Build | Vendor |
 | Vega | 1.0 | 108 | Subgraph |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 100.00% Detection Rate 20.00% False Positives | (136/136) (2/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 (Previously Detected: 1(2nd)-19) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 (Previously Detected: 1(1st&2nd),3-19) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 (Previously Detected: 1(1st)-19) |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 (Inconsistent) (Previously Detected: 2,5-7,10-12,15-17) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd)-19 (Previously Detected: 2,5-7,10-12,15-17) |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 8 out of 8 | Detected: 1-8 (Previously Detected: 1-3) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 8 out of 8 | Detected: 1-8 (Previously Detected: 1-3) |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 2 out of 10 | Detected: 7,8 (Previously Had No False Positives) |
| Detection Accuracy | Chart | ||||
| 100.00% Detection Rate 0.00% False Positives | (66/66) (0/7) |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 33 out of 33 | Detetcted: 1-30(1st&2nd),31,32 (Previously Detected:1,3-8,12,15,16,24,26,29, 30(1st&2nd),31,32) |
| Reflected XSS | HTTP POST (Body Parameters) | 33 out of 33 | Detetcted: 1-30(1st&2nd),31,32 (Previously Detected:1,3-8,12,15,16,24,26,29, 30(1st&2nd),31,32) |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 0 out of 7 | None |
| Detection Accuracy | Chart | ||||
| 94.12% Detection Rate 62.50% False Positives | (768/816) (5/8) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 60 out of 68 | Detected: 3,4,7-36,39-52,55-68 (Previously Detected: 3,7,9-16,25,28,39-42,46-50,55-58,62-64) |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 68 out of 68 | Detected: 1-68 (Previously Detected: 3,7,9,10,13-16,21,24,25,28,39-44,46-52,55-60,62-64) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 60 out of 68 | Detected: 3,4,7-36,39-52,55-68 (Verified Twice) (Previously Detected: 9,10,15,16,25,28,39-42,46-48,55-58,62-64) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 68 out of 68 | Detected: 1-68 (Previously Detected: 9,10,15,16,21,24,25,28,39-44,46-48,55-60,62-64 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 60 out of 68 | Detected: 3,4,7-36,39-52,55-68 (Previously Detected: 9,10,15,16,25,28,39-42,46-48,55-58,62-64) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 68 out of 68 | Detected: 1-68 (Previously Detected: 9,10,15,16,21,24,25,28,39-44,46-48,55-60,62-64) |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 60 out of 68 | Detected: 3,4,7-36,39-52,55-68 (Previously Detected: 9,10,15,16,25,28,39-42,46-48,55-58,62-64) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 68 out of 68 | Detected: 1-68 (Previously Detected: 9,10,15,16,21,24,25,28,39-44,46-48,55-60,62-64) |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 60 out of 68 | Detected: 3,4,7-36,39-52,55-68 (Previously Detected: 9,10,15,16,25,28,39-42,46-48,55-58,62-64) |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 68 out of 68 | Detected: 1-68 (Previously Detected: 9,10,15,16,21,24,25,28,39-44,46-48,55-60,62-64) |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 60 out of 68 | Detected: 3,4,7-36,39-52,55-68 (Previously Detected: 9,10,15,16,25,28,39-42,46-48,55-58,62-64) |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 68 out of 68 | Detected: 1-68 (Previously Detected: 9,10,15,16,21,24,25,28,39-44,46-48,55-60,62-64) |
| False Positive Lfi Test Cases | HTTP GET (Query String Parameters) | 5 out of 8 | Detected: 1,3,4,5,6 (as possible LFI) (Previously Detected: 4,6) |
| Detection Accuracy | Chart | ||||
| 100.00% Detection Rate 0.00% False Positives | (108/108) (0/6) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 (Previously Detected: 2,8,9) |
| False Positive Rfi Test Cases | HTTP GET (Query String Parameters) | 0 out of 6 | None |
| I enabled all the relevant scan plugins, and then attempted to scan each individual directory.
In most cases I used burp to crawl the URLs (while defining Vega as an upstream proxy - there is a simple to use play button in Vega's proxy tab), and in some cases used Vega's crawling features to do the same (most notably for WIVET ? got a better score than most open source tools, and even more than many commercial tools). The vast majority of tests was performed only with the individual relevant plugins for the test case directory, and after re-initializing the scope definitions (very important to understand this feature in vega to get the most out of this tool) . The following plugins were used for the various directories: SQL Injection tests: "Blind SQL Text Injection Differential Tests", "Blind SQL Injection Timing", "Blind SQL Injection Arithmetic Evaluation Differential Tests" XSS tests: "XSS Injection Checks". LFI/Traversal tests: "Local File Include Checks". XSS via RFI tests: "Remote File Include Checks" and "URL Injection Checks". Obsolete Files tests: tried all the passive & active scan plugins, in groups and as a whole (with no perceptible effects). Unvalidated Redirect tests: tried the "URL Injection Checks" plugin, the "Remote File Include Checks" plugin, and eventually all the rest of the passive & active plugins, with no perceptible effects. |
| Detection Accuracy | Chart | ||
| 50.0% Detection Rate |
| Initially scanned the main /wivet/ URL, then added the /wivet/ path to scope, and rescanned the website while selecting the default scope, a couple of passive plugins and an XSS plugin.
I also set a fixed PHPSESSID for Vega to use so I will be able to verify the result later. |