i Pentest website using acunetix (part 1) – All things in moderation

Pentest website using acunetix (part 1)

Table of contents

  1. Introduction
  2. Installing Acunetix
  3. Overview
  4. Sanning a website(gui)
  5. Scanning a website (command line)
  6. Analysing Scan results
  7. Scanning Web services
  8. Generating Reports
  9. Acunetix Reports
  10. Scheduling Scans

 

  1. Introduction

    Acunetix web vulnerability scanner is a tool designed to discover security holes in your web applications that an at- tacker would likely abuse to gain illicit access to your systems and data. It looks for multiple vulnerabilities including SQL injection, cross site scripting, and weak passwords.
    The application can be used to perform scanning for web and application vulnerabilites and to perform penetration testing against the identified . Mitigation suggestions are then provided for each weakness and can be used to increase the security of the webserver or application being tested.

  2. Installing Acunetix|

    You can download from official website : http://www.acunetix.com/vulnerability-scanner/download/
    and intall like commons software .
    Note: After you entered information to download , you don’t received link download maybe range ip in your location not support ,
    you can change ip to US through extension on firefox : anonymosX .
    Acunetix only run on Window  Operation.

  3. Overview

    This is user interface when you start acunetix.
    aunetixAcunetix Web Vulnerability Scanner allows you to secure your website quickly and efficiently.
    It consists of the following components

    1. Web scanner
      acuntetix_web_scanner

      acuntetix_web_scanner

      The Web Scanner launches an automatic security audit of a website. A website security
      scan typically consists of two phases:
      1. Crawling – Making use of Acunetix DeepScan, Acunetix Web Vulnerability Scanner
      automatically analyzes and crawls the website in order to build the site’s structure.
      The crawling process enumerates all files and is vital to ensure that all the files of
      your website are scanned.
      2. Scanning – Acunetix Web Vulnerability Scanner launches a series of web vulnerability
      checks against each file in your web application – in effect, emulating a hacker. The
      results of a scan are displayed in the Alert Node tree and include comprehensive
      details of all the vulnerabilities found within the website.

    2. Port scanner

      The Port Scanner performs a port scan against the web server hosting the scanned website.
      Where open ports are found, Acunetix Web Vulnerability Scanner will perform network level
      security checks against the network service running on that port. These include DNS Open
      Recursion tests, badly configured proxy server tests, weak SNMP community strings, and
      many other network level security checks.
    3. Target Finder

      acunetix_target_finder

      acunetix target finder

      The Target Finder is a scanner that allows you to locate web servers (generally on ports 80,
      443) within a given range of IP addresses. If a web server is found, the scanner will also
      display the response header of the server and the web server software. The port numbers to
      scan are configurable.

    4. Subdomain Scanner
      acunetix_subdomain_scanner

      acunetix subdomain scanner

      Using various techniques, the Subdomain scanner allows fast and easy identification of
      active sub domains of a top­level domain. The Subdomain Scanner can be configured to use
      the target’s DNS server or any other DNS server specified by the user

    5. Blind SQL injector

      acunetix blind sql injector

      acunetix blind sql injector

      Ideal for penetration testers, the Blind SQL injector is an automated database data extraction
      tool with which you can make manual tests to further analyze SQL injections reported during
      a scan.

    6. HTTP editor

      acunetix_http_editor

      acunetix_http_editor

      The HTTP Editor allows you to create, analyze, and edit client HTTP requests and server
      responses. It also contains an encoding and decoding tool to encode / decode text and URL’s
      to MD5 hashes, UTF­7 formats and many other formats.

    7. HTTP sniffer

      The HTTP Sniffer acts as a proxy and allows you to capture, examine and modify HTTP
      traffic between an HTTP client and a web server. You can also enable, add or edit traps to
      capture traffic before it is sent to the web server or back to the web client.
    8. HTTP Fuzzer

      acunetix_http_fuzzer

      acunetix_http_fuzzer

      The HTTP Fuzzer enables you to launch a series of sophisticated fuzzing tests to audit the
      web application’s handling of invalid and unexpected random data. The HTTP Fuzzer also
      allows you to easily create input rules for further testing in Acunetix Web Vulnerability
      Scanner.

    9. Authentiation Tester

      acunetix_authentication_tester

      acunetix_authentication_tester

      With the Authentication Tester you can perform a dictionary attack against login pages that
      use both HTTP (NTLM v1, NTLM v2, digest) or form based authentication. This tool uses two predefined text files (dictionaries) containing a list of common usernames and passwords.
      You can add your own combinations to these text files.

    10. Webservice Scanner and webservice editor

      acunetix_webservice_scanner

      acunetix_webservice_scanner

      The Web Services Scanner allows you to launch automated vulnerability scans against
      WSDL based Web Services. Web Services are commonly used to exchange data and
      generally vulnerabilities in Web Services can easily be exploited in order to leak sensitive
      information.

      In this post, I’ve show you introduction and overview about Acunetix Vulnerability Scanner , I hope it’s userful . The next post I’ll show you how to install and sanning a website with Acunetix .
      References:
      http://www.acunetix.com/resources/wvsmanual.pdf

      Part2: http://hydrasky.com/2016/08/04/pentest-website-using-acunetix-part-2/

19 Comments

  1. investasi August 15, 2016
    • Win Stark August 16, 2016
  2. AndyCRempe August 26, 2016
  3. MyrtleCBatas August 26, 2016
    • Stephen Stinson August 27, 2016
  4. KoreyFRatner August 31, 2016
  5. HerthaPFloer September 2, 2016
  6. LyndonGBlehm September 4, 2016
  7. LuannSBuxton September 8, 2016
  8. FerminIParry September 12, 2016
  9. DanaOEmory September 15, 2016
  10. LarisaIEun September 16, 2016
    • Stephen Stinson November 25, 2016
  11. VanPGellatly October 9, 2016
    • Stephen Stinson November 25, 2016
  12. EdgarCFilmer October 11, 2016
    • Stephen Stinson November 25, 2016
  13. NishaVCarn October 12, 2016
    • Stephen Stinson November 25, 2016

Leave a Reply