ComputersSecurity

Vulnerabilities of sites. Check the site. A program for scanning a site for a vulnerability

The problem of website security has never been more acute than in the 21st century. Of course, this is due to the comprehensive distribution of the Internet network in virtually all sectors and spheres. Every day hackers and security experts find several new vulnerabilities of sites. Many of them are immediately closed by the owners and developers, and some remain as they are. Than and are used by malefactors. But with the help of a hacked site, you can cause great harm to both its users and the servers on which it is hosted.

Types of site vulnerabilities

When creating web pages, many related electronic technologies are used. Some are perfect and time-tested, but some new and not yet run-in. In any case, there are a lot of varieties of vulnerabilities sites:

  • XSS. Each site has small forms. With their help, users enter data and receive any result, conduct registration or send messages. By substitution of special values into these forms, it is possible to provoke the execution of a certain script, which can lead to a violation of the integrity of the site and the compromise of data.
  • SQL injection. A very common and effective way to access confidential data. It can happen either through the address bar or through forms. The process is performed by substituting values that can not be filtered by scripts and execute queries in the database. And with proper knowledge, this can cause a security breach.

  • HTML errors. Almost the same as XSS, but it does not introduce script code, but HTML.
  • The vulnerability of sites associated with the placement of files and directories in the default locations. For example, knowing the structure of web pages, you can get to the code of the administrative panel.
  • Insufficient configuration of operating system security on the server. If such a vulnerability is present, then the attacker will be able to execute arbitrary code.
  • Bad passwords. One of the most obvious vulnerabilities of sites is the use of weak values to protect your account. Especially if it is with administrator rights.
  • Buffer overflow. Used when replacing data from memory, so you can make your own adjustments. Occurs when using imperfect software.
  • Replacement of pages of a web resource. Recreating an exact copy of the site, by going to which the user may not suspect a dirty trick and enter his personal data, after some time passing on to the attacker.
  • Denial of service. Basically, this term refers to an attack on a server when it receives a large number of requests that it can not process and simply "falls down" or becomes incapable of serving genuine users. The vulnerability is that the IP filter is not properly configured.

Search for site vulnerabilities

Security specialists conduct a special audit of web resources on the presence of errors and shortcomings that can lead to hacking. Such a verification of the site is called pentasting. In the process, the source code used by the CMS, the presence of vulnerable modules and many other interesting checks are analyzed.

SQL injection

This type of site check determines whether the script filters the received values when composing queries into the database. You can carry out the simplest testing manually. How to find vulnerability SQL on a site? Now it will be considered.

For example, there is a site my-site.rf. There is a catalog on its main page. Going into it, you can find in the address bar something like my-site.rf /? Product_id = 1. There is a possibility that this is a request to the database. To find the vulnerabilities of the site, you can first try to substitute a single quotation mark in this line. In the end, there should be my-site.rf /? Product_id = 1 '. If you see an error message when you press the "Enter" key on the page, then there is a vulnerability.

Now you can use different options for selecting values. Unification operators, exceptions, comments and many others are applied.

XSS

This type of vulnerability can be of two types - active and passive.

Active involves inserting a piece of code into a database or directly into a file on the server. He is more dangerous and unpredictable.

Passive mode involves luring the victim to a specific address of a site containing harmful code.

Using XSS, an attacker can steal cookies. And they can contain important user data. Even more terrible consequences are theft of the session.

Also, a hacker can use the script on the site in such a way that the form, when sent by the user, gives the information straight to the attacker's hands.

Automating the search process

In the network, you can find a lot of interesting vulnerability scanner site. Some are delivered separately, some come bundled with several similar ones and are combined into one common image, like Kali Linux. Next, an overview of the most popular tools for automating the process of gathering information about vulnerabilities will be presented.

Nmap

The simplest vulnerability scanner of the site, which can show details such as the operating system, ports and services used. Typical application example:

Nmap -sS 127.0.0.1, where instead of the local IP, you need to substitute the address of the actual site under test.

The output will tell you which services are running on it, and which ports are open at that time. Based on this information, you can try to use already identified vulnerabilities.

Here are a few nmap keys for a more biased scan:

  • -A. Aggressive scanning, which will throw out a lot of information, but it can take a considerable time.
  • -O. Tries to determine the operating system that is being used on the server.
  • -D. Replaces the IP addresses from which the check is performed, so that when viewing the server logs it was impossible to determine where the attack occurred.
  • -p. Range of ports. Checking several services for open.
  • -S. Allows you to specify the desired IP address.

WPScan

This program for scanning a site for a vulnerability is included in the distribution of Kali Linux. It is aimed at checking web resources on the content management system WordPress. It is written in Ruby, so it starts like this:

Ruby ./wpscan.rb --help. This command will show all available keys and letters.

To run a simple test, you can use the command:

Ruby ./wpscan.rb --url some-site.ru

In general, WPScan is a fairly easy-to-use utility for checking your site on WordPress for vulnerabilities.

Nikto

The program checks the site for a vulnerability, which is also found in the distribution of Kali Linux. Has a rich functionality for all its simplicity:

  • Scanning via HTTP and HTTPS protocols;
  • Bypassing many built-in detection tools;
  • Multiple port scanning, even in the non-standard range;
  • Support for the use of proxy servers;
  • There is an opportunity to implement and connect plug-ins.

To run nikto, you need to have perl installed on your system. The simplest analysis is as follows:

Perl nikto.pl -h 192.168.0.1.

The program can "feed" a text file, which lists the addresses of web servers:

Perl nikto.pl -h file.txt

This utility will not only help security professionals to conduct pentests, but also network administrators and resources to maintain the functionality of the sites.

Burp Suite

Very powerful tool for checking not only sites, but monitoring any network. Has a built-in function to modify the transmitted requests to the server under test. Smart scanner, capable of automatically searching for several types of vulnerabilities at once. It is possible to save the result of the current activity, and then resume it. Flexibility, which allows you not only to use third-party plug-ins, but also to write your own.

The utility has its own graphical interface, which is undoubtedly convenient, especially for novice users.

SQLmap

Probably the most convenient and powerful tool for searching SQL and XSS vulnerabilities. The list of its merits can be expressed as follows:

  • Support for almost all types of database management systems;
  • The ability to use six basic ways to define and apply SQL injections;
  • Mode for enumerating users, their hashes, passwords and other data.

Before using SQLmap, it is usually first found a vulnerable site by means of search engines, search queries that help to tentatively weed out the necessary web resources.

Then the address of the pages is transferred to the program, and it checks. If the vulnerability is successfully detected, the utility can use it and get full access to the resource.

Webslayer

A small utility that allows you to conduct an attack by brute force. Can "brutfors" the form of the resource, the session, the parameters of the site. It supports multithreading, which is good for performance. It can also recursively select passwords in embedded pages. There is a proxy support.

Verification Resources

The network has several tools for testing the vulnerability of online sites:

  • Coder-diary.ru. A simple site for testing. It is enough to enter the address of the tested resource and click "Check". Search can take a long time, so it is possible to specify your email address so that when the check is completed, the result is sent directly to the mailbox. The database has about 2500 known vulnerabilities.
  • Https://cryptoreport.websecurity.symantec.com/checker/. Online service for checking for SSL and TLS certificates from Symantec. Only the address of the resource being checked is required.
  • Https://find-xss.net/scanner/. The project scans a separate file of PHP sites on the vulnerability or their archive in ZIP format. You can specify the types of files to be scanned and the characters by which the data in the script is escaped.
  • Http://insafety.org/scanner.php. Scanner for testing sites on the platform "1C-Bitrix." Simple and intuitive interface.

Algorithm for testing vulnerability

Any network security expert performs a simple algorithm check:

  1. First, it manually or with the help of automated tools analyzes whether there are any vulnerabilities on the site. If so, it determines their type.
  2. Depending on the variety of vulnerability present, it builds further moves. For example, if the CMS is known, then the appropriate attack method is selected. If this is an SQL injection, then the queries are selected into the database.
  3. The main task is to get privileged access to the administrative panel. If this can not be achieved, it may be worth trying the form and forgery of the address with the introduction of a script in it with the subsequent transfer to the victim.
  4. If any attack or penetration succeeds, then the collection of data begins: whether there are still vulnerabilities, what flaws are present.
  5. On the basis of the data received, the security specialist informs the site owner about the existing problems and the ways of their elimination.
  6. Vulnerabilities are eliminated by his hands or with the help of third-party masters.

A few safety tips

Those who develop their own website independently will benefit from simple advice and recommendations.

Incoming data must be filtered so that scripts or queries can not start autonomously or return data from the database.

Use complex and persistent passwords to enter the administrative panel to avoid possible bruteforce.

If the site is built on the basis of any CMS, you need to update it as often as possible and only use proven plug-ins, templates and modules. Do not overload the site with unnecessary components.

It is more common to check server logs for suspicious occurrences or actions.

Check your site with several scanners and services.

Proper configuration of the server is a guarantee of its stable and safe operation.

If possible, you must use an SSL certificate. This will prevent the interception of personal and confidential data between the server and the user.

Security tools. It makes sense to install or connect software to prevent intrusions and external threats.

Conclusion

The article turned out to be voluminous, but even it is not enough to describe in detail all aspects of network security. In order to cope with the task of protecting information, you will have to learn a lot of materials and instructions. And also master a bunch of tools and technologies. You can seek advice and help from professional companies that specialize in conducting pentests and auditing web resources. Although such services will pour into a good amount, the security of the site can be much more expensive both economically and in reputation.

Similar articles

 

 

 

 

Trending Now

 

 

 

 

Newest

Copyright © 2018 en.unansea.com. Theme powered by WordPress.