Revision as of 05:14, 9 January 2012

The end-user is liable for his-or her own actions with the use of this software. Running this against a system you do not own without written authorization is a criminal act.

Description

Vanguard is a comprehensive web pen testing tool that identifies vulnerabilities in web applications.

Features

Main application features:

• Fully Configurable
• WebCrawlers crawl all open HTTP and HTTPS ports output from nmap
• LibWhisker2 For HTTP IDS Evasion (Same options as nikto)
• Tests via GET,POST, and COOKIE

Web penetration tests:

• SQL injection
• LDAP Injection
• XSS
• File inclusion
• Command Injection

Usage

 perl scan.pl -h [hostname] -e [evasion option]

Installation

Application Dependencies

You must have nmap from http://nmap.org installed to run this application correctly.

Perl Dependencies

Configuration

Main Configuration

--- rewrite: 0 use_whitelist: 1 module_whitelist:

 - WEBAPPS
 - SHELL
 - NMAP
 - CRAWL
 - XSS_GET
 - SQL_GET
 - LFI_GET
 - RCI_GET

CRAWL.yml

--- depth: 20

NMAP.yml

--- flags: "-P0 --defeat-rst-ratelimit -sSV -F"

Local File Inclusion

--- lfi_test: '%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' lfi_match: "root\:.\:0\:0" lfi_exits:

 - '%00'
 -

LDAP

--- ldap_true:

 - ")(&"
 - ")(&)("

ldap_false:

 - ")(|"
 - ")(|)("

RFI

--- rfi_test: http://asdf.com/ rfi_match: 89asdf.gi

Command Injection

--- entries:

 - '|'
 - ';'
 - '&&'

SQL injection

 - '%20'
 - '+'

 - ""
 - '%27'
 - '%bf%27'

 - --
 - /*
 - )--
 - )/*

Download