Logo | Scanner | Version | Vendor |
![]() | Andiparos | 1.0.6 | Compass Security AG |
Tested Against WAVSEP Version: |
Detection Accuracy | Chart | ||||
77.21% Detection Rate 40.00% False Positives | (105/136) (4/10) |
Response Type | Input Vector | Detection Rate | Details |
Errorneous 500 Responses | HTTP GET (Query String Parameters) | 19 out of 20 | Cases Detected: 1(1st&2nd),2-18 Cases Missed: 19 |
Errorneous 500 Responses | HTTP POST (Body Parameters) | 18 out of 20 | Cases Detected: 1(1st),2-18 Cases Missed: 1(2nd),19 |
Errorneous 200 Responses | HTTP GET (Query String Parameters) | 19 out of 20 | Cases Detected: 1(1st&2nd),2-18 Cases Missed: 19 |
Errorneous 200 Responses | HTTP POST (Body Parameters) | 19 out of 20 | Incosistent Results (Case 19). Cases Detected: 1(1st),2-19 Cases Missed: 1(2nd) |
Valid 200 Responses | HTTP GET (Query String Parameters) | 13 out of 20 | Incosistent Results (Minor). Cases Detected: 1(2nd),3, 5-8,11-13,15-18 Cases Missed: 1(1st),2,4,9,10,14,19 |
Valid 200 Responses | HTTP POST (Body Parameters) | 11 out of 20 | Cases Detected: 3, 6-8,11-13,15-18 Cases Missed: 1(1st&2nd),2,4,5,9,10,14,19 |
Identical 200 Responses | HTTP GET (Query String Parameters) | 3 out of 8 | Cases Detected: 1,2,3 Cases Missed: 4-8 |
Identical 200 Responses | HTTP POST (Body Parameters) | 3 out of 8 | Cases Detected: 1,2,3 Cases Missed: 4-8 |
False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 4 out of 10 | 2,4,6,8 |
Detection Accuracy | Chart | ||||
27.27% Detection Rate 42.86% False Positives | (18/66) (3/7) |
Response Type | Input Vector | Detection Rate | Details |
Reflected XSS | HTTP GET (Query String Parameters) | 9 out of 33 | Cases Detected: 1-6,30(1st&2nd),32 Cases Missed: 7-29,31 |
Reflected XSS | HTTP POST (Body Parameters) | 9 out of 33 | Cases Detected: 1-6,30(1st&2nd),32 Cases Missed: 7-29,31 |
False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 3 out of 7 | 1,2,6 |
The application was crawled and tested in two different methods: a single scan performed after crawling the main index page, and several individual crawling & scanning operations that were performed against each individual directory.
The scanning process was performed after enabling all the plugins in the following categories: HTML Injection, SQL Injection, Miscellaneous . The output word ?SQL? seems to be a key word in the detection process, and every appearance of it causes the tool to identify the page as vulnerable (and as a result it was removed from the static HTML of all the tested pages). The tool is still prone to various bugs, such as failure to generate reports, issues related to the alerts tab auto-refresh and unstable spider that sometimes requires several crawling operations. Updated Obsoelte File Scans: Plugins used: "Obsolete file", "Obsolete file extended check", "directory browsing". Scan process: used the spider twice on the obsolete files root directory, scanned twice from the obsolete files directory root, and once more from wavsep's root directory (so the scanner will have a chance to detect WEB-INF compressed folders). Updated Unvalidated Redirect Scan: Plugins used: "External Redirect". Scan process: I limited the spider and scanner to run only with a single thread. Executed the spider on all the directories twice, but for some reasons it didn't locate all the files and requests, so I manually submitted all the missing requests and accessed all the missing files. After verifying that all the files existed in each directory, I executed the scanner on each directory separately, and twice, before counting the results. |
Detection Accuracy | Chart | ||
10.0% Detection Rate |
Initialized WIVET's session, limited the spider threads to 1 single thread and the depth to the max, defined the upstream proxy to fiddler, in which I used the filter features to define a valid session identifier, and finally, I edited menu.php in WIVET and excluded the logout URL (100.php). |