LogoScannerVersionVendor
IronWASP0.9.1.0Lavakumar Kuppan

Tested Against WAVSEP Version:
1.2

Product Details:
Accurate
Version		License /
Technology		Last Update
Source Code
Activity
0.9.1.0 (GA) GPL3
.Net 2.0		02-07-2012 02-07-2012
Source Code

General Features:
GUIConfigUsageStabilityPerformanceReportScanLogPauseSession
Very SimpleVery SimpleStableSlow

Authentication, Control and Connection Features:
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param

Coverage Features:
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
4

Input Vector Support:
C
O
U
N
T
G
E
T
P
O
S
T
C
O
O
K
I
E
H
E
A
D
E
R
S
E
C
R
E
T
P
N
a
m
e
X
M
L
X
m
l
A
T
T
X
m
l
T
A
G
J
S
O
N
.
N
e
t
E
N
C
A
M
F
J
a
v
a
S
E
R
.
N
e
t
S
E
R
W
C
F
W
C
F
-
B
i
n
W
e
b
S
o
c
k
D
W
R
C
u
s
t
o
m
10

Audit Features:
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
15

Complimentary Audit Features:
WebServer
Hardening		CGI
Scanning		Dir & File
Enumeration		Passive
Analysis		Additional
Features
Supports custom input vectors (!): fuzzing a custom part of the protocol - almost unique among open source scanners. Ready to use format plugins for Multipart, etc - and as far as I know its the only open source scanner that can scan these input vectors.

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
50.00% False Positives		(136/136)
(5/10)

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
75.76% Detection Rate
0.00% False Positives		(50/66)
(0/7)

The Path Traversal / Local File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
35.29% Detection Rate
12.50% False Positives		(288/816)
(1/8)

The Remote File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
0.00% False Positives		(108/108)
(0/6)

Additional Audit Features:
A partial list of passive features: Password in URL, Password sent in cleartext HTTP, Basic Authentication over Cleartext Communication, Cookie without http-only flag, Cookie without secure flag (in SSL), Cross-domain xml policy analysis, Server Version Disclosure, Various session & html issues, Autocomplete. Partial support for PXSS, DXSS and External Redirect (potential detection - without verification).

Additional Features:
Supports custom input vectors (!): fuzzing a custom part of the protocol - almost unique among open source scanners. Ready to use format plugins for Multipart, etc - and as far as I know its the only open source scanner that can scan these input vectors.

Overview:
Authentication support & antiCSRF support & complex multiphase scenarios can be implemented via the session plugins. A great tool for testing applications that use non-standard input delivery methods. Specifically useful for manual testing.


Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.