Next-generation online security audit software

Source: Internet
Author: User

Bugscan (bugscan.net) is a scanning platform for B/S segments recently developed by a Chinese god. You only need to set up a python environment locally to scan your website in an all-round way, the new scanner also provides plug-in APIs to allow users to write plug-ins themselves and share the plug-ins with users. Small make up local test, scanning speed and results are very powerful, especially the crawler is very in place.

The original text is as follows:
There are a wide variety of scanning software available on the market, which can be summarized as two types
1. Client software (such as wvs, nessus..., metaspo.pdf ..)
2. B/S mode (like 360 online scanning, know chuangyu ...)
Let's talk about the client. Some development companies are responsible for updating plug-ins. Billing accounts for a large part
In terms of the scanning effect, it is comprehensive. No matter what website, the scanning is complete anyway. Reports like wvs are exported several Mb, so I have to say it is the top level, but it is targeted? Does the Security Situation in China adapt ?, The person who uses the report must be clearer than me. It is an artifact to use the report. What should you do if you want to develop your own plug-ins? I am one of them.
The services provided by B/S can be said to be in a variety of ways. website monitoring and Trojan warning can be said to be a good choice for webmasters. It does not have much practical effect for professional security enthusiasts, poor customization. Poor controllability, not flexible.
Therefore, a scanning Platform combined with client and B/S was born.
If you are a network security enthusiast, you are crazy coders, are you a webmaster ??, All of them can meet one of your common requirements. The 360-degree scan of the website is not a normal scan. You can use the plug-ins shared by others, you can also share your own encoding plug-ins with others. You can comment on the plug-in's performance and Performance Online or give some comments. If you are a webmaster of dozens of sites, you can use your own nodes, you can scan one or more clusters. Let you play. If a website with a high-risk vulnerability is found, you must verify the vulnerability before you can view the vulnerability details. Scan the vulnerability and fix the vulnerability.
If you know a little about programming and want to share some security vulnerabilities, you can use a simple online example to write a scanning plug-in immediately. Someone asks, what can I do when I write this plug-in, will someone else pay me when I use it? If you ask this question, this is not suitable for you. It is only suitable for you. There is a bit of shared spirit in your mind. You once hoped that you would become a hacker, my fellow male, who is currently engaged in the network security industry, can tell me what I can do to the people who provide vulnerabilities. I can only say rank. Your contribution is always recorded on the website.
The above figure below,
 
Yes, as you can see, you are not scanning with the server we provide, you are building an engine scan by yourself, you just need to install a Python 2.7, everything is there, you do not need to download any third-party installation packages. You only need one command, complete memory execution, absolutely green, and most importantly, you can use the scan plug-in that someone else shares unselfishly to address the latest security vulnerabilities, you can learn from others' experiences and exchange knowledge.


The scanner identifies popular CMS in China
 
 


For Injection Vulnerability Detection, whether it is post cookie, get or referer user-agent
 

For the latest security vulnerabilities, the CMS 0-Day is also detected
 

 
The following is an instance scan report:
 
There are always people who share and talk about the updates and returns here, just like a try.

From: freebuf.com

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.