SlideShare a Scribd company logo

Web App Scanners | Scanning Tools

Download as PPTX, PDF
Scantrics Scanning Tools
Scantrics Scanning Tools

Scantrics helps protect websites and web applications from malicious attacks. Website Scanner Online will show you exactly what is vulnerable about your website so that you can fix it before hackers exploit it. For more information, visit: https://scantrics.io

1 of 9
ScantricsTools S c a n t r i c s o ff e r 11 s e c u r i t y t e s t i n g t o o l s t h a t s c a n s a n d i d e n t i f i e s v u l n e r a b i l i t i e s i n we b s i t e s a n d we b a p p l i c a t i o n s .
Website Scanner How it works? A target URL is the parameter to be scanned by the Website Vulnerability Scanner. The tool needs the full URL of the target that includes http:// or https:// as the protocol. Since the tool does not follow any redirects, the exact URL will be scanned. The Website Vulnerability Scanner scans a web application by sending multiple HTTP requests to the particular web application. Quick Scan generates up to 20 HTTP requests to the server, while Full Scan can generate more than 10,000 HTTP requests to the server. As Full Scan does a more comprehensive website assessment than Quick Scan, several hours are needed to complete the task. During this period, the tool crawls the entire web application, performs multiple security tests, analyses the responses from the web application, finds the security vulnerabilities, and gathers all results in the report. In order to run the Full Scan, the Website Vulnerability Scanner has lots of plugins with a specific capability. For example, the SQL Injection plugin is built purposely to run SQL Injection query and to find if such vulnerability exists within the web application. Depending on the complexity of the web application itself, each plugin may generate a lot of requests and take time to complete the Full Scan.
TCP Port Scanner TCP Port Scanner is based on the most powerful port scanner, Nmap. Nmap is known as the de-facto tool for finding open ports and services, allowing users to run a set of scans against the target host. As such, TCP Port scanner functions the same way as Nmap does. Users only need to define the target IP/Hostname and the tool will do DNS resolution before sending the request to the target. Firstly, it will perform host discovery in order to check if the host is live before probing the ports on the target. Then, the tool will run open port detection script in order to detect the listening port on the target and it will also perform service detection for the particular port. For example, when TCP Port Scanner finds there is port 80/443 open on the target, it will check what services are running, such as Apache, Nginx along with other versions. How it works?
Subdomain Scanner How it works? • A target domain name is the parameter to be scanned by the Subdomain Scanner. The tool uses multiple techniques to discover subdomains such as: • Gathering the DNS Records (NS, MX, TXT, AXFR) • DNS Records consist of the IP address associated to each subdomain. Therefore, this tool will try to request DNS Zone Transfer of the target to gather all the records from the DNS server. • Performing DNS enumeration based on a specially chosen wordlist • The wordlist contains all the common name of subdomains that is usually used. The tool will brute-force the subdomain by trying each name listed on the wordlist one by one to see if any of the list returns a response when requested. • Querying on public search engines • The Subdomain Scanner will run queries on public search engines, such as Google or Bing, and gain the subdomains based on the results. For instance, if we type “site:example.com” on Google Search, we may find any associated subdomains in the search results. • Applying word mutation techniques • The tool will mutate the common name of subdomain by changing some of the letters within the wording or by changing the order of the subdomain name. • Searching in SSL certificates • Websites that use wildcard SSL certificates allow this tool to find the associated subdomain. By scanning the SSL certificate, the tool will be able to gather the subdomains that use the same wildcard SSL certificate. • Parsing HTML links • This tool performs website crawling on the target domain to find if any HTML links (href) are pointing to another hostname instead of the same hostname. For example, www.example.com might have an HTML link to admin.example.com. However, this technique will only find the subdomain if it is inside the HTML href attribute. • Reverse DNS lookup on target IP ranges • The Subdomain Scanner will perform reverse DNS lookup on the target IP ranges to find the subdomains that might be residing on the target IP range and get the subdomains through the PTR record in the DNS.
XSS Scanner How it works? A target URL is the parameter to be scanned by the XSS Vulnerability Scanner. The tool needs the full URL of the target that includes http:// or https:// as the protocol. Since the tool does not follow any redirects, the exact URL will be scanned. This tool runs a security check by replacing the original parameters of a test step with harmless strings, which resemble the malicious strings that are used in real attacks. It injects these strings to both XML elements and JSON fields. The XSS scanner then uses assertions to validate requests and responses and check if they include any information about potential web application vulnerabilities. ‘PASS’ will be logged for all
How it works? Users of Virtual Host Scanner only need to insert either the IP address or Hostname as the target parameter. This tool should find the virtual host if it resides on the same IP address as the apex/root domain. The tool will then perform the scan by using multiple discovery techniques such as: Querying on public search engines The query itself is usually a Google Dork query, such as “site:example.com” that will return a list of subdomains indexed on Google Search Engine. DNS resolutions By translating the IP address into the hostname. This task usually will need to contact the DNS server and request the PTR record of a specific IP that can give responses in hostname form as responses. Analysing web redirects Some of websites might have a link that will redirect the user to another subdomain when clicked by the user. Hence, the Virtual Host Scanner also crawls websites and check for any web redirects contained in the HTML page through certain HTML tags, such as href. Searching in SSL certificates By finding the subdomains associated with the SSL certificate. Any subdomain that uses the same SSL certificate (wildcard) can be found by scanning through the information in the SSL certificate. Most of the time, the web developer/network administrator will apply the same SSL certificate for the domain and subdomains associated for the purpose of manageability. Virtual Host Scanner
SQL Injection Scanner How it works? It’s important to secure your web applications from SQL injection attacks by implementing proper security mechanisms, such as query sanitization before hackers find out. Our SQL injection scanner is based on the OWASP ZAP engine. OWASP ZAP is currently one of the most popular open- source vulnerability assessment tools that is supported by hundreds of developers and other community members. This tool conducts SQL injection testing by inserting special characters in all form fields of the target web application and affects the webpage behaviour to be observed. In most cases, database errors showing in the webpage indicates that the web application might be vulnerable to SQL injection attacks.
Reach Us Contact Us We are here to help. • Get in touch to learn more about how we can help you. • Whether you have a question about our products, services, pricing, need a consultation session, or anything else, our team is ready to answer all your questions. • We want to ensure that we are reachable to you whenever you need help. Reach us from any channel below at your convenience.  Sales Inquiries  sales@primaryguard.com  Partnerships  corporatePR@primaryguard.com  Technical Support  techdev@primaryguard.com Our Offices CYBERJAYA, MALAYSIA (Headquarter) Blok 4805-02-08, Jalan Flora CBD Perdana 2,​ Cyber 12, Cyberjaya, Selangor 63000, Malaysia Tel: +603 8601 0561
Thank you

Recommended

Dive in burpsuite
Dive in burpsuiteDive in burpsuite
Dive in burpsuite
Nadim Kadiwala
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
karthik menon
 
IRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine OptimizationIRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine Optimization
IRJET Journal
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s canners
Rashid Khatmey
 
Web Services Security
Web Services SecurityWeb Services Security
Web Services Security
amiable_indian
 
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
ClubHack
 
Senior Project Documentation.
Senior Project Documentation.Senior Project Documentation.
Senior Project Documentation.
Seedy Ahmed Jallow
 
Using Thinking Sphinx with rails
Using Thinking Sphinx with railsUsing Thinking Sphinx with rails
Using Thinking Sphinx with rails
Rishav Dixit
 

Recommended

Dive in burpsuite
Dive in burpsuiteDive in burpsuite
Dive in burpsuite
Nadim Kadiwala
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
karthik menon
 
IRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine OptimizationIRJET - Review on Search Engine Optimization
IRJET - Review on Search Engine Optimization
IRJET Journal
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s canners
Rashid Khatmey
 
Web Services Security
Web Services SecurityWeb Services Security
Web Services Security
amiable_indian
 
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
ClubHack
 
Senior Project Documentation.
Senior Project Documentation.Senior Project Documentation.
Senior Project Documentation.
Seedy Ahmed Jallow
 
Using Thinking Sphinx with rails
Using Thinking Sphinx with railsUsing Thinking Sphinx with rails
Using Thinking Sphinx with rails
Rishav Dixit
 
A Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET TechnologyA Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET Technology
IOSR Journals
 
Detection of Phishing Websites
Detection of Phishing Websites Detection of Phishing Websites
Detection of Phishing Websites
Nikhil Soni
 
Working Of Search Engine
Working Of Search EngineWorking Of Search Engine
Working Of Search Engine
NIKHIL NAIR
 
DomainTools Fingerprinting Threat Actors with Web Assets
DomainTools Fingerprinting Threat Actors with Web AssetsDomainTools Fingerprinting Threat Actors with Web Assets
DomainTools Fingerprinting Threat Actors with Web Assets
DomainTools
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
Chris Gates
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
Apache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analyticsApache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analytics
ANKIT GUPTA
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
Proxy log review and use cases
Proxy log review and use casesProxy log review and use cases
Proxy log review and use cases
Mostafa Yahia
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumeration
Blueinfy Solutions
 
How a search engine works slide
How a search engine works slideHow a search engine works slide
How a search engine works slide
Sovan Misra
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
Frank Victory
 
Seminar on crawler
Seminar on crawlerSeminar on crawler
Seminar on crawler
Sanjeev Kumar Jaiswal
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wp
Felipe Prado
 
Colloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web CrawlerColloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web Crawler
Akshay Pratap Singh
 
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreUsing Proxies To Secure Applications And More
Using Proxies To Secure Applications And More
Josh Sokol
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encoding
Eoin Keary
 
scanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testingscanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testing
maryjanebataluna19
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
CLIVE MINCHIN
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 

More Related Content

Similar to Web App Scanners | Scanning Tools

A Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET TechnologyA Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET Technology
IOSR Journals
 
Detection of Phishing Websites
Detection of Phishing Websites Detection of Phishing Websites
Detection of Phishing Websites
Nikhil Soni
 
Working Of Search Engine
Working Of Search EngineWorking Of Search Engine
Working Of Search Engine
NIKHIL NAIR
 
DomainTools Fingerprinting Threat Actors with Web Assets
DomainTools Fingerprinting Threat Actors with Web AssetsDomainTools Fingerprinting Threat Actors with Web Assets
DomainTools Fingerprinting Threat Actors with Web Assets
DomainTools
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
Chris Gates
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
Apache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analyticsApache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analytics
ANKIT GUPTA
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
Leon Teale
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 
Proxy log review and use cases
Proxy log review and use casesProxy log review and use cases
Proxy log review and use cases
Mostafa Yahia
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumeration
Blueinfy Solutions
 
How a search engine works slide
How a search engine works slideHow a search engine works slide
How a search engine works slide
Sovan Misra
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
Frank Victory
 
Seminar on crawler
Seminar on crawlerSeminar on crawler
Seminar on crawler
Sanjeev Kumar Jaiswal
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wp
Felipe Prado
 
Colloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web CrawlerColloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web Crawler
Akshay Pratap Singh
 
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreUsing Proxies To Secure Applications And More
Using Proxies To Secure Applications And More
Josh Sokol
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encoding
Eoin Keary
 
scanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testingscanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testing
maryjanebataluna19
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 

Similar to Web App Scanners | Scanning Tools (20)

A Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET TechnologyA Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET Technology
 
Detection of Phishing Websites
Detection of Phishing Websites Detection of Phishing Websites
Detection of Phishing Websites
 
Working Of Search Engine
Working Of Search EngineWorking Of Search Engine
Working Of Search Engine
 
DomainTools Fingerprinting Threat Actors with Web Assets
DomainTools Fingerprinting Threat Actors with Web AssetsDomainTools Fingerprinting Threat Actors with Web Assets
DomainTools Fingerprinting Threat Actors with Web Assets
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Apache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analyticsApache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analytics
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Proxy log review and use cases
Proxy log review and use casesProxy log review and use cases
Proxy log review and use cases
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumeration
 
How a search engine works slide
How a search engine works slideHow a search engine works slide
How a search engine works slide
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 
Seminar on crawler
Seminar on crawlerSeminar on crawler
Seminar on crawler
 
DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wp
 
Colloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web CrawlerColloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web Crawler
 
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreUsing Proxies To Secure Applications And More
Using Proxies To Secure Applications And More
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encoding
 
scanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testingscanning and analysis tools Fuzz testing
scanning and analysis tools Fuzz testing
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 

Recently uploaded

Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
CLIVE MINCHIN
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
aragme
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
hartfordclub1
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
Adnet Communications
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
ssuser567e2d
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
Susan Laney
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
ABHILASH DUTTA
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Lviv Startup Club
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
taqyea
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
my Pandit
 

Recently uploaded (20)

Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Chapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .pptChapter 7 Final business management sciences .ppt
Chapter 7 Final business management sciences .ppt
 
buy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accountsbuy old yahoo accounts buy yahoo accounts
buy old yahoo accounts buy yahoo accounts
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
 
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...
 

Web App Scanners | Scanning Tools

  • 1. ScantricsTools S c a n t r i c s o ff e r 11 s e c u r i t y t e s t i n g t o o l s t h a t s c a n s a n d i d e n t i f i e s v u l n e r a b i l i t i e s i n we b s i t e s a n d we b a p p l i c a t i o n s .
  • 2. Website Scanner How it works? A target URL is the parameter to be scanned by the Website Vulnerability Scanner. The tool needs the full URL of the target that includes http:// or https:// as the protocol. Since the tool does not follow any redirects, the exact URL will be scanned. The Website Vulnerability Scanner scans a web application by sending multiple HTTP requests to the particular web application. Quick Scan generates up to 20 HTTP requests to the server, while Full Scan can generate more than 10,000 HTTP requests to the server. As Full Scan does a more comprehensive website assessment than Quick Scan, several hours are needed to complete the task. During this period, the tool crawls the entire web application, performs multiple security tests, analyses the responses from the web application, finds the security vulnerabilities, and gathers all results in the report. In order to run the Full Scan, the Website Vulnerability Scanner has lots of plugins with a specific capability. For example, the SQL Injection plugin is built purposely to run SQL Injection query and to find if such vulnerability exists within the web application. Depending on the complexity of the web application itself, each plugin may generate a lot of requests and take time to complete the Full Scan.
  • 3. TCP Port Scanner TCP Port Scanner is based on the most powerful port scanner, Nmap. Nmap is known as the de-facto tool for finding open ports and services, allowing users to run a set of scans against the target host. As such, TCP Port scanner functions the same way as Nmap does. Users only need to define the target IP/Hostname and the tool will do DNS resolution before sending the request to the target. Firstly, it will perform host discovery in order to check if the host is live before probing the ports on the target. Then, the tool will run open port detection script in order to detect the listening port on the target and it will also perform service detection for the particular port. For example, when TCP Port Scanner finds there is port 80/443 open on the target, it will check what services are running, such as Apache, Nginx along with other versions. How it works?
  • 4. Subdomain Scanner How it works? • A target domain name is the parameter to be scanned by the Subdomain Scanner. The tool uses multiple techniques to discover subdomains such as: • Gathering the DNS Records (NS, MX, TXT, AXFR) • DNS Records consist of the IP address associated to each subdomain. Therefore, this tool will try to request DNS Zone Transfer of the target to gather all the records from the DNS server. • Performing DNS enumeration based on a specially chosen wordlist • The wordlist contains all the common name of subdomains that is usually used. The tool will brute-force the subdomain by trying each name listed on the wordlist one by one to see if any of the list returns a response when requested. • Querying on public search engines • The Subdomain Scanner will run queries on public search engines, such as Google or Bing, and gain the subdomains based on the results. For instance, if we type “site:example.com” on Google Search, we may find any associated subdomains in the search results. • Applying word mutation techniques • The tool will mutate the common name of subdomain by changing some of the letters within the wording or by changing the order of the subdomain name. • Searching in SSL certificates • Websites that use wildcard SSL certificates allow this tool to find the associated subdomain. By scanning the SSL certificate, the tool will be able to gather the subdomains that use the same wildcard SSL certificate. • Parsing HTML links • This tool performs website crawling on the target domain to find if any HTML links (href) are pointing to another hostname instead of the same hostname. For example, www.example.com might have an HTML link to admin.example.com. However, this technique will only find the subdomain if it is inside the HTML href attribute. • Reverse DNS lookup on target IP ranges • The Subdomain Scanner will perform reverse DNS lookup on the target IP ranges to find the subdomains that might be residing on the target IP range and get the subdomains through the PTR record in the DNS.
  • 5. XSS Scanner How it works? A target URL is the parameter to be scanned by the XSS Vulnerability Scanner. The tool needs the full URL of the target that includes http:// or https:// as the protocol. Since the tool does not follow any redirects, the exact URL will be scanned. This tool runs a security check by replacing the original parameters of a test step with harmless strings, which resemble the malicious strings that are used in real attacks. It injects these strings to both XML elements and JSON fields. The XSS scanner then uses assertions to validate requests and responses and check if they include any information about potential web application vulnerabilities. ‘PASS’ will be logged for all
  • 6. How it works? Users of Virtual Host Scanner only need to insert either the IP address or Hostname as the target parameter. This tool should find the virtual host if it resides on the same IP address as the apex/root domain. The tool will then perform the scan by using multiple discovery techniques such as: Querying on public search engines The query itself is usually a Google Dork query, such as “site:example.com” that will return a list of subdomains indexed on Google Search Engine. DNS resolutions By translating the IP address into the hostname. This task usually will need to contact the DNS server and request the PTR record of a specific IP that can give responses in hostname form as responses. Analysing web redirects Some of websites might have a link that will redirect the user to another subdomain when clicked by the user. Hence, the Virtual Host Scanner also crawls websites and check for any web redirects contained in the HTML page through certain HTML tags, such as href. Searching in SSL certificates By finding the subdomains associated with the SSL certificate. Any subdomain that uses the same SSL certificate (wildcard) can be found by scanning through the information in the SSL certificate. Most of the time, the web developer/network administrator will apply the same SSL certificate for the domain and subdomains associated for the purpose of manageability. Virtual Host Scanner
  • 7. SQL Injection Scanner How it works? It’s important to secure your web applications from SQL injection attacks by implementing proper security mechanisms, such as query sanitization before hackers find out. Our SQL injection scanner is based on the OWASP ZAP engine. OWASP ZAP is currently one of the most popular open- source vulnerability assessment tools that is supported by hundreds of developers and other community members. This tool conducts SQL injection testing by inserting special characters in all form fields of the target web application and affects the webpage behaviour to be observed. In most cases, database errors showing in the webpage indicates that the web application might be vulnerable to SQL injection attacks.
  • 8. Reach Us Contact Us We are here to help. • Get in touch to learn more about how we can help you. • Whether you have a question about our products, services, pricing, need a consultation session, or anything else, our team is ready to answer all your questions. • We want to ensure that we are reachable to you whenever you need help. Reach us from any channel below at your convenience.  Sales Inquiries  sales@primaryguard.com  Partnerships  corporatePR@primaryguard.com  Technical Support  techdev@primaryguard.com Our Offices CYBERJAYA, MALAYSIA (Headquarter) Blok 4805-02-08, Jalan Flora CBD Perdana 2,​ Cyber 12, Cyberjaya, Selangor 63000, Malaysia Tel: +603 8601 0561