README : Image update

master
Swissky 2017-09-12 12:04:03 +02:00
parent 153c7d86b1
commit 62d77ece01
3 changed files with 9 additions and 4 deletions

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
*.pyc *.pyc
Server/__pycache__/* Server/__pycache__/*
TODO.md

View File

@ -2,6 +2,8 @@
Another web vulnerabilities scanner, this extension works on Chrome and Opera. Another web vulnerabilities scanner, this extension works on Chrome and Opera.
The extension is working on the background and will notify you if it finds any vulnerability. The extension is working on the background and will notify you if it finds any vulnerability.
![Image of a noticiation](https://github.com/swisskyrepo/DamnWebScanner/blob/master/Screens/Notification.png?raw=true)
Currently it scans for: Currently it scans for:
- SQL Injection - SQL Injection
- Cross Site Scripting - Cross Site Scripting
@ -18,9 +20,9 @@ All the features are:
- Export vulnerabilities into a CSV file - Export vulnerabilities into a CSV file
- Launch scan when a form is submitted or a page is opened via the URL bar - Launch scan when a form is submitted or a page is opened via the URL bar
**Warnings :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a **BETA version**, many improvements will come don't worry **Warning :** Do not use this extension for illegal purpose, the main goal of it is to simplify the life of bug hunters. It's a **BETA version**, many improvements will come don't worry
**Warnings 2:** XSS Scanner seems to be broken due to an update in the Ghost lib. I'm working on a fix. **Warning 2:** XSS Scanner seems to be broken due to an update in the Ghost lib. I'm working on a fix.
## Install ## Install
You need to install and configure the server, it uses ghost and flask. You need to install and configure the server, it uses ghost and flask.
@ -40,8 +42,10 @@ var config_server = "http://127.0.0.1:8000";
4. Browse the internet ! (Don't forget to start the extension by clicking the 'START' button) 4. Browse the internet ! (Don't forget to start the extension by clicking the 'START' button)
You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App. You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App.
The SQL Injection scanner was also tested on https://pentesterlab.com/badges/essential. The SQL Injection scanner was also tested on https://pentesterlab.com/badges/essential.
![Image of DVWA Result](https://github.com/swisskyrepo/DamnWebScanner/blob/master/Screens/Results%20DVWA.png?raw=true)
## Debugging ## Debugging
@ -56,7 +60,7 @@ STDOUT
---[ POST - New parameter rememberme for url: http://[REDACTED]/login.php ]--- ---[ POST - New parameter rememberme for url: http://[REDACTED]/login.php ]---
XSS Failed  for rememberme with the payload : jaVasCript:alert(1)//" name=alert(1) ]'"><!-- XSS Failed  for rememberme with the payload : jaVasCript:alert(1)//" name=alert(1) ]'"><!--
LFI Failed  for rememberme with the payload : /etc/passwd LFI Failed  for rememberme with the payload : /etc/passwd
SQLi Failed  for rememberme with the payload : ' SQLi Detected  for rememberme with the payload : '
Time Based SQLi ( MySQL ) Failed  for rememberme with the payload : SLEEP(4) /*' || SLEEP(4) || '" || SLEEP(4) || "*/ Time Based SQLi ( MySQL ) Failed  for rememberme with the payload : SLEEP(4) /*' || SLEEP(4) || '" || SLEEP(4) || "*/
Time Based SQLi ( SQLite ) Failed  for rememberme with the payload : substr(upper(hex(randomblob(55555555))),0,1) /[*' or substr(upper(hex(randomblob(55555555))),0,1) or '" or substr(upper(hex(randomblob(55555555)])),0,1) or "*/ Time Based SQLi ( SQLite ) Failed  for rememberme with the payload : substr(upper(hex(randomblob(55555555))),0,1) /[*' or substr(upper(hex(randomblob(55555555))),0,1) or '" or substr(upper(hex(randomblob(55555555)])),0,1) or "*/
Time Based SQLi ( PostgreSQL ) Failed  for rememberme with the payload : (SELECT 55555555 FROM PG_SLEEP(4)) /*' || (SELECT 55555555 FROM PG_SLEEP(4)) || '" || (SELECT 55555555 FROM PG_SLEEP(4)) || "*/ Time Based SQLi ( PostgreSQL ) Failed  for rememberme with the payload : (SELECT 55555555 FROM PG_SLEEP(4)) /*' || (SELECT 55555555 FROM PG_SLEEP(4)) || '" || (SELECT 55555555 FROM PG_SLEEP(4)) || "*/

BIN
Screens/Notification.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 34 KiB