WEBSECURIFY

October 6, 2011, by | Start Discussion


About Websecurify
Website security is a major concern of developers and businesses today, because of growing attack vectors and easiness of exploitation, businesses spend thousands of dollars to find and patch vulnerabilities in their website. Websecurify can help you find OWASP top 10 vulnerabilities before hackers (read as crackers) do. Websecurify is a free and open source web application scanner from the good folks of GNUcitizen.org. Its very easy to use and its simple interface makes it stand out of the crowd.

GNUCITIZEN defines it as
―Websecurify is a powerful web application security testing environment
designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.‖ For a free tool it has a good number of features like:

  1. Multi platform, works on Linux, Mac, windows and even on your mobile devices.
  2. Extendible via scripts and extensions and you don‘t need to be a pro to extend it, just learning how to create extensions in Mozilla is more than enough.
  3. Modular in design
  4. Powerful Fuzzer and crawler
  5. Nice reporting capabilities (right now it‘s limited to limited to CSV, HTML and XML only).
  6. API which supports numerous commercial and free testing engines.
  7. Can be integrated with web applications
  8. Has support for upstream proxy support
  9. Supports client SSL

Why Websecurify?
You might be wondering why websecurify, when we have lots of tools like acunetix, wapiti, w3af etc. Because it‘s designed entirely in JavaScript, XHTML and CSS. It can be embedded into virtually any environment which supports JavaScript like Firefox, chrome, android devices etc. This gives websecurify over other tools in terms of flexibility and extensibility.

How to install Websecurify?

Installing Websecurify is as easy as a pie. On Windows:
Download exe from http://www.websecurify.com/ windows and install it. On Matriux: Just find it in the arsenal Arsenal > Framework > Websecurify. On Firefox and Chrome: Download and Install the websecurify add-on from tools –> add-ons. Similarly download and install websecurify extension from web store.

How to use Websecurify?

One of the good things about websecurify is its ease of use, you can start a scan by just giving URL of your site and login credentials (if you want) and clicking the start button, that‘s it :).

Figure 1

You can set your preferences like proxy and SSL certificate in Tools –> Preferences menu

Figure 2

  1. 1. Enter URL which you want to scan and press Enter
  2. 2. A warning message will be displayed to make sure that you know what you are doing, click continue if you have permission to scan the target.Figure 3
  3. If application needs login credentials, a popup will try to capture those credentials. However this step is optional if you don‘t want to scan deeply. You will see the status of your scan in the next screen.

Figure 4

          4. Once the scan is complete you will see a nice report.

Figure 5

If you want to compare the working of Websecurify with other tools, the following sites can be used. Scan any one (or all of them) with Websecurify and your tool of choice, and compare the results.

http://demo.testfire.net
http://testphp.vulnweb.com
http://testasp.vulnweb.com
http://testaspnet.vulnweb.com
http://zero.webappsecurity.com
http://crackme.cenzic.com
http://www.webscantest.com

References:

http://www.websecurify.com/
http://blog.websecurify.com/
http://groups.google.com/group/websecurify
http://code.google.com/p/websecurify/

That‘s it for this edition 🙂
Oh wait!! We have another news, Matriux Krypton R2 is set to release on Oct 7th 2011 at c0c0n (http://informationsecurityday.com/c0c0n) so be there to first grab it. Happy hacking :<)

Team Matriux
http://matriux.com/

Twitter : @matriuxtig3r

 

Author bio not avialable

Leave a Reply