How to do a Basic Website Vulnerability Assessment with Pentest-Tools.com
May 24, 2019 • Adrian Furtuna
Let’s see how to perform a basic security evaluation of your web application with the tools from Pentest-Tools.com.
The outcome of this assessment will be a rough security posture of your web application and you will also get the chance to see the capabilities of the platform in terms of web security testing.
Here are the main topics of this article:
- Getting started
- Choosing the tools
- Light scan versus Full scan
- Running a Full Website Vulnerability Scan
- Viewing the Scan Results
- Vulnerability Details and Recommendations
- Reporting Capabilities
At the beginning you need to add your target URL(s) in the Targets page. You can add targets one by one (use the Add button) or import multiple targets from a text file.
The targets will be added in your current workspace by default. It is recommended to have a dedicated workspace for each of your engagements in order to group the targets and their associated scan results.
For a basic web application assessment we recommend you to start with the Website Vulnerability Scanner, which is a comprehensive tool that tries to discover a broad range of specific web application vulnerabilities (ex. SQL Injection, XSS, Directory Listing, detection of sensitive files, outdated server software and many more). You can see the complete list of tests performed on the tool’s web page - scroll down to Technical Details section.
The Website Vulnerability Scanner can perform a Light scan and a Full scan (will be detailed below). Please note that the Full scan already tests for SQL Injection and Cross-Site-Scripting so it is not necessary to run the other tools on top like the SQLi Scanner or XSS Scanner.
You can see that many of our tools have two scan types: Light and Full. The Light scans are designed to be used whenever you don’t want to raise any alarms. They are mainly passive, performing just a few legitimate requests against the target system. However, as you can expect, the Light scans don’t go into much depth and they just scratch the surface in terms of security testing.
The Full scans go into much more depth and they attempt to cover all the attack surface of the target system (crawl the application, discover hidden files, use many more attack vectors, etc). A Full scan contain all the tests performed by a Light scan so it is not necessary to run them both.
Starting a Full Website Vulnerability Scan is just a matter of going to the Targets page, select which targets you want to scan, then choose the tool from the ‘Scan with’ dropdown. Note that you can easily start scans against multiple targets at once which is useful for bulk scanning.
You will see a popup with the scan options for the Website Vulnerability Scanner. Here you have also the option to configure authentication options (will be discussed in a separate article):
- user / password authentication
- cookie authentication
After pressing ‘Start Scan’ you will be taken into the Scans page, where you can see in real time the progress of the scans and the summary of the findings.
The result of a vulnerability scan contains a short summary of the findings followed by a section with the finding details. Here you can see the results against an instance of DVWA (Damn Vulnerable Web Application), which contains numerous intentional web vulnerabilities:
All vulnerabilities returned by the Website Vulnerability Scanner contain detailed Risk Descriptions and a Recommendation section which allows you to easily understand the vulnerability and learn how to fix it.
Furthermore, the evidence for the vulnerability also contains the Attack Vector which you can use to trigger the vulnerability and validate it. Here is an example on how to trigger the Cross-Site Scripting on a vulnerable form using the POST method. You need to click on the rocket sign and the POST request will be done automatically against the target application with the attack parameters prefilled.
You can download simple reports as PDF or HTML, which contain the result of a single scan against a single target.
However, the platform also has an Advanced Reporting capability which you can use to generate editable docx reports with the findings from all the targets in the current workspace. Read more in the Advanced Reporting Page and this blog post Pentest Report Writing in 5 Minutes.
The simple report can be obtained by pressing the ‘Export as’ dropdown and choose the desired format.
Note: By default, the report contains the Pentest-Tools.com logo. But if you have the Enterprise package, you have the option of setting your company’s logo in the pdf report.
This article has just scratched the surface on what you can do with Pentest-Tools.com, the online platform for penetration testing and vulnerability assessment.
There is much more to it, from advanced information gathering tools to network infrastructure testing and exploitation tools.
Checkout our Pricing page to get full access to the platform.
- BlueKeep, the Microsoft RDP vulnerability – What we know so far
- Exploiting Magento SQL Injection with Sqlmap
- How to do a Basic Website Vulnerability Assessment with Pentest-Tools.com
- Analysis of a WordPress Remote Code Execution Attack
- Common SQL Injection Attacks
- Exploiting OGNL Injection in Apache Struts
- Inside Nmap, the world’s most famous port scanner
- Pentest report writing in 5 minutes (Defcamp 2018 talk)
- Essential HTTP Headers for Securing Your Web Server
- 5 Practical Scenarios for XSS Attacks
- All posts ...