INTRODUCTION OF WiKi-WS
OVERVIEW (WiKi WS Scanner Website)
This our powerful Web Application Scanner swiftly scans over 50 well-known vulnerabilities and accurately categorizes them into four severity levels: High, Medium, Low, and Information. Each detected vulnerability is analyzed according to OWASP Top10, CWE, and WASC standards, providing detailed causes and remediation steps to enhance security. This scanner is the optimal choice for strengthening your web application security.
- OWASP Top 10: A widely recognized list that identifies the ten most critical security risks to web applications. It is updated regularly by the Open Web Application Security Project (OWASP) and serves as a guideline for developers and security professionals to improve web application security. (https://owasp.org/www-project-top-ten)
- CWE (Common Weakness Enumeration): A comprehensive list of software weaknesses and vulnerabilities. It categorizes and organizes various types of coding errors and vulnerabilities that could lead to security issues, helping developers and organizations prevent and mitigate these weaknesses. (https://cwe.mitre.org)
- WASC (Web Application Security Consortium) Threat Classification: A framework that classifies web application security threats. It provides a detailed list of common web security issues and their potential impacts, helping organizations to better understand and address these threats. (http://projects.webappsec.org/Threat-Classification)
SCAN FEATURES
Scan Ruleset
This scanner applies over 50 Web Application Vulnerability Rulesets and is constantly developing and applying newly discovered vulnerabilities.
Information Gathering
.env Information Leak
.htaccess Information Leak
Directory Browsing
ELMAH Information Leak
Heartbleed OpenSSL Vulnerability
Hidden File Finder
Remote Code Execution - CVE-2012-1823
Source Code Disclosure - /WEB-INF Folder
Source Code Disclosure - CVE-2012-1823
Spring Actuator Information Leak
Trace.axd Information Leak
User Agent Fuzzer
.htaccess Information Leak
Directory Browsing
ELMAH Information Leak
Heartbleed OpenSSL Vulnerability
Hidden File Finder
Remote Code Execution - CVE-2012-1823
Source Code Disclosure - /WEB-INF Folder
Source Code Disclosure - CVE-2012-1823
Spring Actuator Information Leak
Trace.axd Information Leak
User Agent Fuzzer
Injection
Buffer Overflow
Cloud Metadata Potentially Exposed
CRLF Injection
Cross Site Scripting (Persistent)
Cross Site Scripting (Reflected)
Format String Error
Parameter Tampering
Remote OS Command Injection
Server Side Code Injection
Server Side Include
Server Side Template Injection
Server Side Template Injection (Blind)
Spring4Shell
SQL Injection
SQL Injection - Hypersonic SQL
SQL Injection - MsSQL
SQL Injection - MySQL
SQL Injection - Oracle
SQL Injection - PostgreSQL
SQL Injection - SQLite
XML External Entity Attack
XPath Injection
XSLT Injection
Cloud Metadata Potentially Exposed
CRLF Injection
Cross Site Scripting (Persistent)
Cross Site Scripting (Reflected)
Format String Error
Parameter Tampering
Remote OS Command Injection
Server Side Code Injection
Server Side Include
Server Side Template Injection
Server Side Template Injection (Blind)
Spring4Shell
SQL Injection
SQL Injection - Hypersonic SQL
SQL Injection - MsSQL
SQL Injection - MySQL
SQL Injection - Oracle
SQL Injection - PostgreSQL
SQL Injection - SQLite
XML External Entity Attack
XPath Injection
XSLT Injection
Miscellaneous
External Redirect
Generic Padding Oracle
GET for POST
Log4Shell
Script Active Scan Rules
SOAP Action Spoofing
SOAP XML Injection
Generic Padding Oracle
GET for POST
Log4Shell
Script Active Scan Rules
SOAP Action Spoofing
SOAP XML Injection
Server Security
Path Traversal
Remote File Inclusion
Remote File Inclusion
HOW TO USE
1.1 Create a user account
step 1
This scanner can be used after creating a user account according to the established procedure to prevent user misuse.
1.2 Scanner Menu
step 1
In the 'Scanner' menu, enter the url to scan and the login information for that url.
And click the 'scan' button to start scan:
(* Login url, id, pw is only required if it is a page that requires login.)
And click the 'scan' button to start scan:
(* Login url, id, pw is only required if it is a page that requires login.)
step 2
When the scan is complete, the scan results are output below:
step 3
You can view previously scanned results in the history box on the right:
1.3 Scan History Menu
step 1
In the scan history menu, you can view the history of your scan and the results of your previous scan:
step 2
Click the view button in the table to view the results of that scan history:
step 3
Click the download button in the table to download the results of that scan history:
