Professional Documents
Culture Documents
ASSIGNMENT-1
WEB BASED VULNERABILITIES
B.MEGHANA,
121006099,
3RD YEAR,
EIE-B SECTION.
Domain Centric security- ASSIGNMENT-1
® What is ACUNETIX ?
Acunetix tool is available in various versions . We are using the version 7 acunetix tool which
is a 32 bit .
The tool requires licence in order to save the scan reports in the computer .
We can only perform the scanning of URL’s and can know the threats but cannot save them.
It is available to everyone. This can be downloaded from the below link
https://acunetix-web-vulnerability-
scanner.software.informer.com/download/#downloading
Once the executable file is downloaded we need to setup the software in the system’
STEP 1:
STEP 2: Accept the agreement
STEP 3: Select the folder in which you need the software to be installed.
STEP 4: Create an icon on the desktop.
®WORKING OF ACUNETIX
There are many tools present in it like site crawler, target finder, domain scanner, blind SQL
injector, HTTP sniffer, HTTP editor, HTTP fuzzer , Auth tester, compare results.
It also provides web services like web service scanner, webs service editor.
SCAN 1: Knowafest.com
As mentioned above for performing a scan we need to click on the new scan and setup the
URL.
The procedure that we need to follow for setting up the URL is as follows
Site crawling means scans a website and collect details about each page: titles,
images, keywords, other linked pages, etc. It also discovers updated content on the
web, such as new sites or pages, changes to existing sites and dead links.
STEP 4: Next step is that we need to select the scan options .By default the profile will be set to XSS
which means CROSS SITE SCRIPTING.
Here we need to select the kind of scan which we need to perform. Usually we prefer a quick
scan process. The other kinds of scans are heuristic and extensive scans.
The differences between these three scans are as follows.
In the similar way now we shall proceed for another two websites and at last compare the
threats.
SCAN 2: Orchid.myspecies.info
The steps stated above are same for any website URL.
So ,the scan results for this website are as follows:
For this website we have got 19 threats .
Of these 19 threats, 16 threats are rated as medium level threats and 3 threats are based on
information about the website.
SCAN 3:milk.com
The first website which we scanned has the low threat level when compared to other two
websites.
The last website milk.com has a vulnerability of cross site scripting ,which is considered as
the profile of our scan.
“bWlsay5jb20=”
Now let us try decoding the generated encoded URL using the base64.guru and
check whether we are getting the same URL back or not.
So ,after decoded the text which we got is as follows:
So, in this way acunetix can be not only used for web vulnerability scanning but also for URL
encoding, decoding and also for manipulation of header information.