Web Application Vulnerability Finder – Scant3R

Hey folks, in this tutorial we are going to talk about an automation tool that will help you to detect vulnerabilities in web applications. If you are a beginner then you can go with this tool as it will provide you with exploits so that you can easily find vulnerabilities on web application.

Lets take a look 🙂 !!

Installation

First we will download this tool from github page by execute git clone command on terminal. After downloading a directory will be created on the terminal. We need to install some other tool for that we will use pip tool.

git clone https://github.com/knassar702/scant3r
cd scant3r
python3 -m pip install -r requirements.txt
chmod x *
./scant3r

XVWA Vulnerable Lab

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. We recommend hosting this application in local/controlled environment and sharpening your application security ninja skills with any tools of your own choice. It’s totally legal to break or hack into this. The idea is to evangelize web application security to the community in possibly the easiest and fundamental way. Learn and acquire these skills for good purpose. How you use these skills and knowledge base is not our responsibility. We will use it to test our tool.
Author = s4n7h0
Github = https://github.com/s4n7h0/xvwa

OS Command Injection

Command injection is an attack in which attacker can execute the arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible due to input validation and when an application passes unsafe user supplied data (forms, cookies etc.) to a system shell. You can learn more about this attack on google in depth.

As we know that we are using the XVWA vulnerable web application. Now we will discover vulnerability of OS command injection on vulnerable server using following command.
Usage 🙂 ./scant3r -u ” –skip-headers –threads=50

• –threads = Max number of concurrent HTTP(s) requests (default 10)
• –skip-headers = Skip The Headers scanning processe

./scant3r -u '192.168.0.104/xvwa/vulnerabilities/cmdi/?target=' --skip-headers --threads=50

As you can see, this tool finds vulnerabilities on the web server without much effort.

Cross Site Scripting (XSS) – Reflected

Cross site Scripting allow an attacker to inject the malicious java script code into the web server but in case of reflected error message will be visible only to the current user.

Lets try to find the xss vulnerability by giving the required parameters in command.
Usage 🙂 ./scant3r -u ” –skip-headers –threads=50

./scant3r -u '192.168.0.104/xvwa/vulnerabilities/reflected_xss/?item=' --skip-headers --threads=50

As you can see that Its gives immediate results after gives the input. Here we have complete exploit by which uses we can check the vulnerability on the web server.

Server Side Template Injection (SSTI)

The advantage of ( SSTI ) is that you can generate dynamic HTML pages that, on the server side, read like static HTML Server-side. Server Side Template Injection is when an attacker is able to inject a malicious payload into a template. Next you can read from google.

Now we will only point to the unsafe input location in our command, after that it will automatically detect the vulnerability.
Usage 🙂 ./scant3r -u ” –skip-headers –threads=50

./scant3r -u 'http://192.168.0.104/xvwa/vulnerabilities/ssti/?name=cz&submit=' --skip-headers --threads=50

BOOM !! You can see that it gives the complete exploit by which we can check the vulnerability on the web application. For an example the multiplication are success.