.

Tools to find XSS and SQL Injection Vulnerabilities

<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Jul 07, 2010 6:56 am

Tools to find XSS and SQL Injection Vulnerabilities

Hi,

I am looking for tools to find XSS and SQL Injection flaws in web applications. I know Acunetix, Nessus and Nikto can find these types of vulnerabilities, but with limited success (at least for Nessus and Nikto, I have never tried Acunetix).

So what tool do you use for this task?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Jul 07, 2010 7:13 am

Re: Tools to find XSS and SQL Injection Vulnerabilities

I also forgot to mentioned XSS-Me and SQL Inject-Me from Seccom Labs: http://labs.securitycompass.com/index.php/exploit-me/
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Wed Jul 07, 2010 9:31 am

Re: Tools to find XSS and SQL Injection Vulnerabilities

You should try Netsparker, I've used the free version and got good results
<<

secureseve

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Apr 08, 2010 10:40 pm

Location: DMZ

Post Wed Jul 07, 2010 9:49 am

Re: Tools to find XSS and SQL Injection Vulnerabilities

You can also try w3af. It's a very nice framework for web application testing.
http://twitter.com/mikesantillana
eLearnSecurity Team Member.
<<

sachitre

Newbie
Newbie

Posts: 22

Joined: Sat Jan 09, 2010 7:55 am

Post Wed Jul 07, 2010 8:27 pm

Re: Tools to find XSS and SQL Injection Vulnerabilities

Hi,

Paros has some limited scanning capabilities. I have only only used it in labs against Webgoat and OwaspBWA though.

Cheers.
CISSP, GPEN, CCNA
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Jul 08, 2010 7:21 am

Re: Tools to find XSS and SQL Injection Vulnerabilities

Ok, so far, I have tried a few tools. Here are my humble findings:

  • Nessus- very limited for web apps. More checks are done against the web server and almost nothing is done for the web applications. This is obviously normal since Nessus scans way more than the web app.
  • Nikto - good for what it does, but tests more the web server than the web application. Also search for hidden files and default configuration.
  • XSS-Me and SQL Injection-Me - Not bad at all. Closer to what I was looking for. This Firefox plugin really helps finding XSS and SQL Injection vulnerabilities (among other things). I recommend all developers to start using this tool.
  • Community version of Netsparker - Pretty good too. As expected, Netsparker and XSS-Me/SQL Injection-Me found different things. So they complete each other quite well.

My conclusion is more or less the same with other security tools: run them all and compare the results! Running these 4 tools against the same target will definitively give you a good idea of what is going on.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

vekarman

User avatar

Newbie
Newbie

Posts: 28

Joined: Thu Mar 19, 2009 1:21 am

Post Thu Jul 08, 2010 7:31 am

Re: Tools to find XSS and SQL Injection Vulnerabilities

For Xss only - use XSSploit. written in Python and very lean structure, no frills. Try it.
CISSP
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Jul 08, 2010 8:15 am

Re: Tools to find XSS and SQL Injection Vulnerabilities

Ok, I just tried XSSploit, but I get mixed feelings. The spider functionality didn't work well with our web site (which is xhtml compliant). It only found 30 pages out of about 2600... So I had to manually go to every form and start analyzing them.

And since our new web site is quite secure, the tool didn't find anything, not even a warning (which is quite good for us!).

So I will try it again against another web site, but XSS-Me gave me a better feeling.

But thanks vekarman for your suggestion!

Now I will try w3af...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Jul 08, 2010 11:21 am

Re: Tools to find XSS and SQL Injection Vulnerabilities

WebScarab is another great tool.  It has a fuzzing capability that can test for XSS and SQLi.  You do need a good fuzz template file.
~~~~~~~~~~~~~~
Ketchup
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Jul 08, 2010 11:49 am

Re: Tools to find XSS and SQL Injection Vulnerabilities

You do need a good fuzz template file


Do you know where I can find a good one?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

JollyJokker

Post Fri Jul 09, 2010 3:15 pm

Re: Tools to find XSS and SQL Injection Vulnerabilities

Since you mentioned Acunetix, the Acunetix free edition is XSS capable only. So it can probably meet your XSS requirements and probably give you a good idea on its overall effectiveness.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sat Jul 10, 2010 8:52 am

Re: Tools to find XSS and SQL Injection Vulnerabilities

H1t M0nk3y wrote:
You do need a good fuzz template file


Do you know where I can find a good one?


You can convert this one to a template:
http://ha.ckers.org/xss.html

Also, check out this blog post on WebScarab's fuzzing functionality.  It actually links you a cool and very inclusive template:

http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/
~~~~~~~~~~~~~~
Ketchup

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software