Acunetix web vulnerability scanner version 4.0

Acunetix WVS automatically checks for the following vulnerabilities among others:

Version Check

• Vulnerable Web Servers
• Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.

CGI Tester

• Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
• Verify Web Server Technologies

Parameter Manipulation

• Cross-Site Scripting (XSS) – over 25 different XSS variations are tested.
• SQL Injection
• Code Execution
• Directory Traversal
• File Inclusion
• Script Source Code Disclosure
• CRLF Injection
• Cross Frame Scripting (XFS)
• PHP Code Injection
• XPath Injection
• Full Path Disclosure
• LDAP Injection
• Cookie Manipulation

MultiRequest Parameter Manipulation

• Blind SQL/XPath Injection

File Checks

• Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
• Cross Site Scripting in URI
• Checks for Script Errors

Directory Checks

• Looks for Common Files (such as logs, traces, CVS)
• Discover Sensitive Files/Directories
• Discovers Directories with Weak Permissions
• Cross Site Scripting in Path and PHPSESSID Session Fixation.
  Web Applications

Text Search

• Directory Listings
• Source Code Disclosure
• Check for Common Files
• Check for Email Addresses
• Microsoft Office Possible Sensitive Information
• Local Path Disclosure
• Error Messages

GHDB Google Hacking Database

• Over 1200 GHDB Search Entries in the Database
• Other vulnerability tests may also be preformed using the manual tools provided, including:

Input Validation

• Authentication attacks
• Buffer overflows

[This software has been added to our SD Tools Watch Process]