Acunetix Web Vulnerability Scanner

Acunetix WVS literally conducts an attack on your web pages just as many hackers would. It will first crawl through the site to gather information and then conduct number of attacks for a large suite of vulnerabilities, more than all the hackers combined.

Acunetix WVS automatically checks for the following vulnerabilities among others:

Web Server Configuration Checks

Checks for Web Servers Problems ? Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
Verify Web Server Technologies
Vulnerable Web Server
Vulnerable Web Server Technologies - such as PHP 4.3.0 file disclosure and possible code execution.

Parameter Manipulation Checks

Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
SQL Injection
Code Execution
Directory Traversal
HTTP Parameter Pollution
File Inclusion
Script Source Code Disclosure
CRLF Injection
Cross Frame Scripting (XFS)
PHP Code Injection
XPath Injection
Path Disclosure (Unix and Windows)
LDAP Injection
Cookie Manipulation
Arbitrary File creation (AcuSensor Technology)
Arbitrary File deletion (AcuSensor Technology)
Email Injection (AcuSensor Technology)
File Tampering (AcuSensor Technology)
URL redirection
Remote XSL inclusion
DOM XSS
MultiRequest Parameter Manipulation : Blind SQL/XPath Injection
Input Validation
Buffer Overflows
Sub-Domain Scanning

File Checks

Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
Cross Site Scripting in URI
Checks for Script Errors

File Uploads

Unrestricted File uploads Checks

Directory Checks

Looks for Common Files (such as logs, traces, CVS)
Discover Sensitive Files/Directories
Discovers Directories with Weak Permissions
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
HTTP Verb Tampering

Text Search

Directory Listings
Source Code Disclosure
Check for Common Files
Check for Email Addresses
Microsoft Office Possible Sensitive Information
Local Path Disclosure
Error Messages
Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)

Weak Password Checks

Weak HTTP Passwords
Authentication attacks
Weak FTP passwords

GHDB Google Hacking Database

Over 1200 GHDB Search Entries in the Database

Port Scanner and Network Alerts

Finds All Open Ports on Servers
Displays Network Banner of Port
DNS Server Vulnerability: Open Zone Transfer
DNS Server Vulnerability: Open Recursion
DNS Server Vulnerability: Cache Poisoning
Finds List of Writable FTP Directories
FTP Anonymous Access Allowed
Checks for Badly Configured Proxy Servers
Checks for Weak SNMP Community Strings
Finds Weak SSL Cyphers

Other vulnerability tests may also be performed using advanced penertation testing tools provided, including:

Input Validation (also performed automatically)
Authentication attacks (also performed automatically)
Buffer overflows
Blind SQL injection (also performed automatically)
Sub domain scanning



Acunetix Pricing
Purchase Acunetix


 
© 2003 - 2017 ebusinessmantra All rights reserved