Write your own Acunetix Wvs Vulnerability Scan script in detail tutorial

AWVS provides a custom scripting interface, but there is very little information on the web, only an official few introductions and reference manuals, recently studied how to write a Awvs of the vulnerability script to write a simple article

This article takes 8.0 as an example, first of all install the Acunetix Web Vulnerability Scanner 8 (the cracked hack, the paid fee), and then we need to WVS public little sdk,:http://www.acunetix.com/ Download/tools/wvssdk.zip, after downloading the WVSS.exe to the WVS installation directory under the extracted bin directory, this is the WVS scripting tool. In addition, there are 3 simple script small examples and wvs_sdk_quick_introduction.pdf in the SDK, patience can be seen.

The following is the WVS Code script tool.

Open the WVS data directory, usually under C:\Documents and Settings\All Users\Application Data\acunetix WVS 8\data\scripts, you can see that there are 10 of folders , Network, Perfile, Perscheme, Postscan, Perfolder, PerServer, Postcrawl, WebApps, XML. Let's meet first:

Network: The script files in this directory are executed when the scanner completes the Port scan module, which detects the opening of the TCP port, such as whether the 21 port of FTP is open and whether anonymous logons are allowed;

Perfile: The script in this directory is executed when the scanner crawler crawls to the file, for example, you can check whether the current test file exists backup file, the contents of the current test file, etc.;

Perfolder: The script in this directory is executed when the scanner crawler crawls to the directory, for example, you can detect the current test directory for the existence of a column directory vulnerability;

Perscheme: The script in this directory detects the GET and post structure parameters for each URL, and Awvs defines the parameters including HTTP headers, Cookies, get/post parameters, file uploads (multipart/form-data) ... For example, you can detect XSS, SQL injection, and other application testing;

PerServer: The script in this directory is executed only once at the beginning of the scan, such as you can detect the Web server middleware type;

Postscan: The script in this directory only executes once after the scan is finished, such as you can detect storage-type XSS, storage-type SQL injection, storage-type file inclusion, storage-type directory traversal, storage-type code execution, storage-type file tampering, storage-type PHP code execution, etc.

XML: A detailed description of the vulnerability document is here.

The vulnerability demonstrated today is Discuz 7.2 of faq.php SQL injection, about vulnerability: Http://ha.cker.in/1087.seo

Let's use the POC to write a bug script!

Detection principle:

A special request is constructed based on a public POC, and if SQL injection is present, the SQL statement constructed will execute successfully and return to the response content, constructing the POC as follows:

Faq.php?action=grouppermission&gids[99]= ' &gids[100][0]=)%20and%20 (select%201%20from%20 (Select%20count ( *), concat ((select%200x4861636b656442795365636572), Floor (rand (0))) x%20from%20information_schema%20.tables% 20group%20by%20x) a)%23

Exploit, the presence of a vulnerability would return the word "hackedbysecer":

We need to use Wvs's script to request this URL and process the returned content to determine if there is a vulnerability.

Open Awvs,tools-Vulnerability Editor, right-click vulnxmls node, select ' Add vulnerability '

Create a new vulnerability, vulnxml filename to discuz7.2faqsqlinjection, click the Add button (the new vulnxml will be saved to the XML folder.)

Next, register the information about the vulnerability

Then go to Wvss script and save it as discuz7.2faqsqlinjection.script into the PerServer folder.

Test script:

Crawl sites using Awvs's web crawler and save results,

Select the root directory here

Click the Small triangle button to test

The complete code is as follows

Test succeeded, I went to the WVS scan to test the scan to see ~

Our new vulnerability script here, scanning profiles– "Perfolder directory, create a new scan template check the script to be tested and save it, save it as" Test_ha. Cker. In, then use this template to scan the target station for testing.

Select a template and start scanning

When the scan is complete, the results

The vulnerability script has been repeatedly detected many times and the next update fixes the problem.

I am not, this time on the Awvs custom script to write a simple introduction to this, just to do an example to show you, these APIs are not very detailed I am not very good at writing, more APIs and so you go to dig it!

Reference:

Http://www.acunetix.com/vulnerability-scanner/scriptingreference/index.html

http://www.acunetix.com/blog/docs/creating-custom-checks-acunetix-web-vulnerability-scanner/

Write your own Acunetix Wvs Vulnerability Scan script in detail tutorial