Website Vulnerability Scanner

Scan Website Online for Common Vulnerabilities & Server Configuration Issues

Scan Website Online for Common Vulnerabilities & Server Configuration Issues

Contents of the Report

Here is what you can expect in Scantrics’ Website Vulnerability Scanner report:
Website Scanner

Use Cases for Website Vulnerability
Scanner

Scantrics’ automated scanning tool crawls and analyses the entire website. It inspects all discoverable webpages, files, and directories.

The Website Vulnerability Scanner will be able to obtain the website structure and audit for common security vulnerabilities in web applications, and then a series of security tests will be performed. It will cross-match the vulnerabilities found with the listed CVE (Common Vulnerabilities and Exposures) to be included in the report.

Performing a web vulnerability assessment will help your developer to keep updated with the latest web technology and platform. Web developers will be able to identify certain issues on websites that might be using a specific technology/platform, such as PHP, MySQL, WordPress CMS, and so on.

It’s important to know the issues and vulnerabilities related to certain web technology, as malicious actors will use attacks based on a particular vulnerability.

For example, a WordPress-based site might have several issues with the current plugins installed that can be exploited by an attacker. Thus, the developer needs to prevent the breach by mitigating or upgrading the plugins to the latest version.

Developing a website is a long and complicated process, especially when building a complex web application that performs lots of different functions and transactions. Developers might miss or overlook some web configurations that are vulnerable.

Attackers will always find a way to breach the web application. They might make use of a web configuration where the developer might not aware of. Some misconfiguration might let the attacker see what’s inside a directory within the web server and steal the sensitive file from it.

For example, attackers might leverage the HTTP PUT method to upload malicious file and execute it to get the OS shell of the web server. There are lots of misconfiguration that might be overlooked, thus the Website Vulnerability Scanner will help the web developer determine the right configuration that cannot be exploited by attackers.

Technical Details

A website is a collection of webpages and related contents that is identified by a common domain name and published on a web server. It can consist of several technologies, including front-end programming, back-end programming, and database. Each technology has its own purpose along with the vulnerabilities that can serve as an entry point for attackers to perform web attacks.

The Website Vulnerability Scanner is a specially-designed tool that performs security assessments on any type of web application, capable of providing a comprehensive report of a website’s security vulnerabilities.

The Website Vulnerability Scanner has two types of scans, which are Quick Scan and Full Scan.
Swipe right to see more detail »
Test Performed Quick Full
Web server fingerprinting checked checked
Check for any known vulnerabilities on the server checked checked
Analyse HTTP headers for any security misconfiguration checked checked
Analyse for strange URLS in robots.txt checked checked
Check the HTTP cookies security checked checked
Check the server’s SSL certificate checked checked
Check for interesting files with different extension checked checked
Discover common issues in web server configuration, such as Directory Listing checked checked
Find administrative pages checked
Check for SQL Injection checked
Check for Cross-Site Scripting (XSS) checked
Check for Local File Inclusion (LFI) and Remote File Inclusion (RFI) checked
Check for OS Command Injection checked
Check for outdated JavaScript libraries checked
Check for sensitive files (archives, backups, certificates, and key stores) checked
Attempt to find interesting files/functionality checked
Check for information disclosure issues checked
alert-icon
IMPORTANT: When performing Full Scan, a high amount of requests will be generated in the network. For most properly configured firewalls, this scan will be identified as attack traffic. Users must acquire proper authorisation from the target website owner before using.

How it works?

How it works

A target URL is the parameter to be scanned by the Website Vulnerability Scanner. The tool needs the full URL of the target that includes http:// or https:// as the protocol. Since the tool does not follow any redirects, the exact URL will be scanned.

The Website Vulnerability Scanner scans a web application by sending multiple HTTP requests to the particular web application. Quick Scan generates up to 20 HTTP requests to the server, while Full Scan can generate more than 10,000 HTTP requests to the server.

As Full Scan does a more comprehensive website assessment than Quick Scan, several hours are needed to complete the task. During this period, the tool crawls the entire web application, performs multiple security tests, analyses the responses from the web application, finds the security vulnerabilities, and gathers all results in the report.

In order to run the Full Scan, the Website Vulnerability Scanner has lots of plugins with a specific capability. For example, the SQL Injection plugin is built purposely to run SQL Injection query and to find if such vulnerability exists within the web application. Depending on the complexity of the web application itself, each plugin may generate a lot of requests and take time to complete the Full Scan.

Explore More of Our Tools