Detailed Web Application Scanner Information - JSky Free Edition

Scanner	Version		Vendor
JSky Free Edition	1.0.0		NoSec

Tested Against WAVSEP Version:

1.0

Product Details:

Accurate Version	License / Technology	Last Update	Source Code Activity
1.0.0 (Final)	Freeware MFC (Win32)	15-08-2008

General Features:

GUI	Config	Usage	Stability	Performance	Report	ScanLog	Pause	Session
	Simple	Simple	Stable	Fast

Authentication, Control and Connection Features:

Custom
Cookie

Custom
Header

B
A
S
I
C

D
I
G
E
S
T

N
T
L
M

N
T
L
M
v
2

K
E
R
B
E
R
O
S

F
O
R
M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout
Detection

Exclude
Logout

Exclude
URL

Exclude
Param

Coverage Features:

C
O
U
N
T

Manual
Crawl

URL
File

Html
Crawler

Ajax
Crawler

Flash
Crawler

Applet
Crawler

Silverlight
Crawler

WSDL
Crawler

REST
Crawler

Field
Autofill

Smart
Autofill

Anti
CSRF
Support

Viewstate
Support

CAPTCHA
Bypass

WAF
Bypass

Input Vector Support:

C
O
U
N
T

G
E
T

P
O
S
T

C
O
O
K
I
E

H
E
A
D
E
R

S
E
C
R
E
T

P
N
a
m
e

X
M
L

X
m
l
A
T
T

X
m
l
T
A
G

J
S
O
N

.
N
e
t
E
N
C

A
M
F

J
a
v
a
S
E
R

.
N
e
t
S
E
R

W
C
F

W
C
F
-
B
i
n

W
e
b
S
o
c
k

D
W
R

C
u
s
t
o
m

Audit Features:

C
O
U
N
T

S
Q
L
i

B
S
Q
L
i

S
S
J
S
i

R
X
S
S

P
X
S
S

D
X
S
S

J
S
O
N
h

L
F
I

R
F
I

C
M
D
E
x
e
c

U
P
L
O
A
D

R
E
D
I
R
E
C
T

C
R
L
F
i

L
D
A
P
i

X
P
A
P
H
i

M
X
i

S
S
I

F
O
R
M
A
T
i

C
O
D
E
i

X
M
L
i

E
L
i

B
U
F
F
E
R
o

I
N
T
E
G
E
R
o

C
O
D
E
D
i
s
c

B
A
C
K
U
P
f

P
A
D
D
I
N
G

A
U
T
H
b

P
R
I
V
e

X
X
E

S
E
S
S
I
O
N

F
I
X
A
T
I
O
N

C
S
R
F

A
D
o
S

Complimentary Audit Features:

WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features
				Custom 404 page definition, Claims the ability to extract URLs from Javascript, flash and java applets.

The SQL Injection Detection Accuracy of the Scanner:

Detection Accuracy

Chart

38.24% Detection Rate
20.00% False Positives

(52/136)
(2/10)

The Reflected XSS Detection Accuracy of the Scanner:

Detection Accuracy

Chart

12.12% Detection Rate
42.86% False Positives

(8/66)
(3/7)

Additional Audit Features:

None

Additional Features:

Custom 404 page definition, Claims the ability to extract URLs from Javascript, flash and java applets.

Overview:

The tool only scans GET parameters (all scans were performed through a proxy), and does not seem to submit forms or scan POST parameters. As a result, it will be difficult to rely on it in an actual penetration test.