Scanner	Version		Vendor
Secubat	0.5		Stefan Kals

Tested Against WAVSEP Version:

1.0

Product Details:

Accurate Version	License / Technology	Last Update	Source Code Activity
0.5 (Alpha)	LGPL .Net 2.0	27-01-2010	27-01-2010 Source Code

General Features:

GUI	Config	Usage	Stability	Performance	Report	ScanLog	Pause	Session
	Simple	Simple	Unstable	Fast

Authentication, Control and Connection Features:

Custom Cookie

Custom Header

B A S I C

D I G E S T

N T L M

N T L M v 2

K E R B E R O S

F O R M

PROXY

GZIP

DEFLATE

SSL

CERT

Logout Detection

Exclude Logout

Exclude URL

Exclude Param

Coverage Features:

C O U N T

Manual Crawl

URL File

Html Crawler

Ajax Crawler

Flash Crawler

Applet Crawler

Silverlight Crawler

WSDL Crawler

REST Crawler

Field Autofill

Smart Autofill

Anti CSRF Support

Viewstate Support

CAPTCHA Bypass

WAF Bypass

1

Input Vector Support:

C O U N T

G E T

P O S T

C O O K I E

H E A D E R

S E C R E T

P N a m e

X M L

X m l A T T

X m l T A G

J S O N

. N e t E N C

A M F

J a v a S E R

. N e t S E R

W C F

W C F - B i n

W e b S o c k

D W R

C u s t o m

2

Audit Features:

C O U N T

S Q L i

B S Q L i

S S J S i

R X S S

P X S S

D X S S

J S O N h

L F I

R F I

C M D E x e c

U P L O A D

R E D I R E C T

C R L F i

L D A P i

X P A P H i

M X i

S S I

F O R M A T i

C O D E i

X M L i

E L i

B U F F E R o

I N T E G E R o

C O D E D i s c

B A C K U P f

P A D D I N G

A U T H b

P R I V e

X X E

S E S S I O N

F I X A T I O N

C S R F

A D o S

2

Complimentary Audit Features:

WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features

The SQL Injection Detection Accuracy of the Scanner:

Detection Accuracy			Chart
18.38% Detection Rate 70.00% False Positives	(25/136) (7/10)

The Reflected XSS Detection Accuracy of the Scanner:

Detection Accuracy			Chart
7.58% Detection Rate 0.00% False Positives	(5/66) (0/7)

Additional Audit Features:

None

Additional Features:

None

Overview:

The tool is pretty difficult to install (requires installation of MSSQL, manual execution of a database creation script and initially loading the plug-ins through the GUI). It seems to succeed in the crawling process (the database is populated with information and the data is available for future usage in the GUI), but did not detect exposures in a consistent manner, regardless of the scan execution method (scan alongside the crawling process, immediately after crawling or in a separate time and instance) and the scan plug-ins selected (but depending on the application tested). The crawler does not seem to handle malformed HTML very well, and gets stuck or stops the crawling process when referred to pages that contain it (Probably related to the fact the tool is in early beta). The tool detects multiple locations of the same instance of XSS exposures, and also assigns unclear description to the SQL injections detected.

Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.