首页 > 代码库 > 转：WebCruiser Web Vulnerability Scanner 3.1.0 测评

转：WebCruiser Web Vulnerability Scanner 3.1.0 测评

2024-11-20 23:02:39 202人阅读

WebCruiser是一款轻量级的Web高危漏洞扫描器，相对于其它大型扫描器，WebCruiser的典型特点是只扫高危漏洞，并且可以只扫指定的漏洞类型，可以只扫指定的URL，可以只扫指定的页面。当然也可以进行全站扫描。其从3.1.0版本开始，通过WAVSEP（扫描器评估） v1.5进行检测评估，已经100%覆盖SQL注入和跨站的全部用例。

WebCruiser Web Vulnerability Scanner 3.1.0 Test Report

1. Test Report

1.1. SQL Injection Test Report

Input Vector	Test Cases	Cases Count	Report	Pass Rate
GET Input Vector	Erroneous 500 Responses	19	19	100%
	Erroneous 200 Responses	19	19	100%
	200 Responses With Differentiation	19	19	100%
	Identical 200 Responses	8	8	100%
POST Input Vector	Erroneous 500 Responses	19	19	100%
	Erroneous 200 Responses	19	19	100%
	200 Responses With Differentiation	19	19	100%
	Identical 200 Responses	8	8	100%
GET Input Vector – Experimental	Insert / Delete / Other	1	1	100%
POST Input Vector - Experimental	Insert / Delete / Other	1	1	100%

1.2. XSS Test Report

Input Vector	Test Cases	Cases Count	Report	Pass Rate
GET Input Vector	ReflectedXSS	32	32	100%
POST Input Vector	ReflectedXSS	32	32	100%
Cookie Input Vector - Experimental	ReflectedXSS	1	1	100%
GET Input Vector - Experimental	ReflectedXSS	11	11	100%
POST Input Vector - Experimental	ReflectedXSS	11	11	100%
GET Input Vector - Experimental	DomXSS	4	4	100%

1.3. LFI Test Report

Input Vector	Test Cases	Cases Count	Report	Pass Rate
Get Input Vector	Erroneous HTTP 500 Responses	68	68	100%
	Erroneous HTTP 404 Responses	68	68	100%
	Erroneous HTTP 200 Responses	68	68	100%
	HTTP 302 Redirect Responses	68	68	100%
	HTTP 200 Responses With Differentiation	68	68	100%
	HTTP 200 Responses with Default File on Error	68	68	100%
POST Input Vector	Erroneous HTTP 500 Responses	68	68	100%
	Erroneous HTTP 404 Responses	68	68	100%
	Erroneous HTTP 200 Responses	68	68	100%
	HTTP 302 Redirect Responses	68	68	100%
	HTTP 200 Responses With Differentiation	68	68	100%
	HTTP 200 Responses with Default File on Error	68	68	100%

1.4. RFI Test Report

Input Vector	Test Cases	Cases Count	Report	Pass Rate
Get Input Vector	Erroneous HTTP 500 Responses	9	9	100%
	Erroneous HTTP 404 Responses	9	9	100%
	Erroneous HTTP 200 Responses	9	9	100%
	HTTP 302 Redirect Responses	9	9	100%
	HTTP 200 Responses With Differentiation	9	9	100%
	HTTP 200 Responses with Default File on Error	9	9	100%
POST Input Vector	Erroneous HTTP 500 Responses	9	9	100%
	Erroneous HTTP 404 Responses	9	9	100%
	Erroneous HTTP 200 Responses	9	9	100%
	HTTP 302 Redirect Responses	9	9	100%
	HTTP 200 Responses With Differentiation	9	9	100%
	HTTP 200 Responses with Default File on Error	9	9	100%

1.5. Redirect Test Report

Input Vector	Test Cases	Cases Count	Report	Pass Rate
Get Input Vector	HTTP 302 Redirect Responses	15	15	100%
Get Input Vector	HTTP 200 Responses With Javascript Redirect	15	15	100%
POST Input Vector	HTTP 302 Redirect Responses	15	15	100%
POST Input Vector	HTTP 200 Responses With Javascript Redirect	15	15	100%

1.6. False Positive Test Report

False Vuln	Test Cases	Cases Count	Report	Pass Rate
SQL Injection	False Positive	10	0	100%
XSS	False Positive	7	0	100%

2. Test Environment

2.1. Product and Test Cases

WAVSEP (Web Application Vulnerability Scanner Evaluation Project) v1.5

WAVSEP Environment: Windows8.1 + XAMPP (Tomcat + MySQL)

WebCruiser Web Vulnerability Scanner Enterprise Edition V3.1.0

2.2. Test Scope

This test report includes the following vulnerabilities:

SQL Injection
Cross-site Scripting(XSS)
LFI(Local File Inclusion)
RFI(Remote File Inclusion)
Redirect

Other test cases are not included.

2.3. Test Method

In order to get the test results quickly, we use a new feature of WebCruiser Web Vulnerability Scanner, which is “Scan Page”, which means it will scan all links in a page once a time. This function requires that the links locate under the same or sub directory, links under other directories will be skipped.

When start a new page scan, click “Reset Scanner” to clear previous result, and navigate to new page, and then click “ScanPage”

原始测试报告参见：http://www.janusec.com/download/WebCruiser_Web_Vulnerability_Scanner_Test_Report.pdf

转：WebCruiser Web Vulnerability Scanner 3.1.0 测评

声明：以上内容来自用户投稿及互联网公开渠道收集整理发布，本网站不拥有所有权，未作人工编辑处理，也不承担相关法律责任，若内容有误或涉及侵权可进行投诉：投诉/举报工作人员会在5个工作日内联系你，一经查实，本站将立刻删除涉嫌侵权内容。

联系
我们

首页 > 代码库 > 转：WebCruiser Web Vulnerability Scanner 3.1.0 测评

转：WebCruiser Web Vulnerability Scanner 3.1.0 测评

1. Test Report

1.1. SQL Injection Test Report

1.2. XSS Test Report

1.3. LFI Test Report

1.4. RFI Test Report

1.5. Redirect Test Report

1.6. False Positive Test Report

2. Test Environment

2.1. Product and Test Cases

2.2. Test Scope

2.3. Test Method

看完仍有疑问？有类似问题直接问程序猿