Questions about this topic? Sign up to ask in the talk tab.
Vanguard
From NetSec
Revision as of 06:16, 9 January 2012 by LashawnSeccombe (Talk | contribs)
Contents
Description
Vanguard is a comprehensive web pen testing tool that identifies vulnerabilities in web applications. |
Features
Main application features:
- Fully Configurable
- WebCrawlers crawl all open HTTP and HTTPS ports output from nmap
- LibWhisker2 For HTTP IDS Evasion (Same options as nikto)
- Tests via GET,POST, and COOKIE
- SQL injection (This test is signature free!)
- LDAP Injection
- XSS
- File inclusion
- Command Injection
Usage
perl scan.pl -h [hostname] -e [evasion option]
Installation
Application Dependencies
You must have nmap from http://nmap.org installed to run this application correctly. |
Notice: You must run this application as root.
Protip: You can undo the root requirement by removing the check for root and modifying the nmap configuration.
Perl Dependencies
Configuration
Main Configuration
This is the configuration in config.yml. |
--- rewrite: 0 use_whitelist: 1 module_whitelist: - WEBAPPS - SHELL - NMAP - CRAWL - XSS_GET - SQL_GET - LFI_GET - RCI_GET
WebCrawler
This configuration is located in /modules/recon/CRAWL/conf.yml |
--- depth: 20
Nmap Module
--- flags: "-P0 --defeat-rst-ratelimit -sSV -F"
Protip: The S in -sSV is the reason this scan requires root.
Local File Inclusion
You can find this blah |
--- lfi_test: '%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' lfi_match: "root\:.\:0\:0" lfi_exits: - '%00' -
LDAP
you can find blah |
--- ldap_true: - ")(&" - ")(&)(" ldap_false: - ")(|" - ")(|)("
RFI
You can find this blah |
--- rfi_test: http://asdf.com/ rfi_match: 89asdf.gi
Command Injection
--- entries: - '|' - ';' - '&&'
SQL injection
You can find these configuration files & options in modules/test/SQL_GET/conf.yml and modules/test/SQL_POST/conf.yml. |
This file defines several variables for automated SQL injection testing. --- sql_spacers: - '%20' - '+' sql_entries: - "" - '%27' - '%bf%27' sql_exits: - -- - /* - )-- - )/* |