Banner 1


The Web Application Vulnerability Scanner Evaluation Project
Estas son algunas características:

Project WAVSEP currently includes the following test cases:

  • Path Traversal/LFI: 816 test cases, implemented in 816 jsp pages (GET & POST)
  • Remote File Inclusion (XSS via RFI): 108 test cases, implemented in 108 jsp pages (GET & POST)
  • Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
  • Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST)
  • Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST)
  • Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST)
  • Passive Information Disclosure/Session Vulnerabilities (inspired/imported from ZAP-WAVE): 3 test cases of erroneous information leakage, and 2 cases of improper authentication / information disclosure - implemented in 5 jsp pages
  • Experimental Tase Cases (inspired/imported from ZAP-WAVE): 9 additional RXSS test cases (anticsrf tokens, secret input vectors, tag signatures, etc), and 2 additional SQLi test cases (INSERT) - implemented in 11 jsp pages (GET & POST)
False Positives:
  • 7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )
  • 10 different categories of false positive SQL Injection vulnerabilities (GET & POST)
  • 8 different categories of false positive path traversal/LFI vulnerabilities (GET & POST)
  • 6 different categories of false positive remote file inclusion vulnerabilities (GET & POST)
Additional Features:
  • A simple web interface for accessing the vulnerable pages
  • An auto-installer for the mysql database schema (/wavsep-install/install.jsp)
  • Sample detection & exploitation payloads for each and every test case
  • Database connection pool support, ensuring the consistency of scanning results 
Facil instalación:


(@) Use a JRE/JDK that was installed using an offline installation (the online installation caused unknown bugs for some users).
(1) Download & install Apache Tomcat 6.x
(2) Download & install MySQL Community Server 5.5.x (Remember to enable remote root access if not in the same station as wavsep, and to choose a root password that you remember).
(3) Copy the wavsep.war file into the tomcat webapps directory (Usually "C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps" - Windows 32/64 Installer)
(4) Restart the application server
(5) On WinXP, as long as you are using a high privileged user - you can skip this phase, on Win7, make sure you run the tomcat server with administrative privileges (right click on and execute),and on Ubuntu Linux, run the following commands:
sudo mkdir /var/lib/tomcat6/db
sudo chown tomcat6:tomcat6 /var/lib/tomcat6/db/
(6) Initiate the install script at: http://localhost:8080/wavsep/wavsep-install/install.jsp
(7) Provide the database host, port and root credentials to the installation script, in additional to customizable wavsep database user credentials.
(8) Access the application at: http://localhost:8080/wavsep/
 Estare probandola y comentare que tal su funcionamiento.

Saludos roboticos.


No hay comentarios:

Powered by Bad Robot
Helped by Blackubay