Web proxy scanner is a tool to check vulnerabilities of web servers( this scanner can work as a port scanner if Check CGI Vulnerabilities is not enabled).
It is evident that CGI probes are sent against web servers. This tool provides an ability to configure the scanner for running CGI probes through that proxy ( if Enable Proxy is turned on ) or without proxy (if Enable Proxy is turned off ) .
Here is a brief description of each field located in Host Scan Settings. The field Command contains the command type ( GET, PUT,POST, etc.), the field Scheme contains the protocol type (http, ftp, gopher ), the field Host contains the host name ( ex. Camelot, www.nsauditor.com ), the field URL contains the URL, the field User Agent contains the name of the client program ( Nsauditor/1.0, Mozilla/5.0, Mozilla/4.0 ) , the field Timeout contains the timeout interval to wait for responses, the field Ports contains port numbers( you can select port numbers by clicking on the browse button).
Turning on Check CGI Vulnerabilities allows you to select the service( Common, Apache, etc .) for checking vulnerabilities. Note that if the selected service is Front Page or IIS than the operating system of destination host should be Windows. You can use Ping to check the operating system.
To connect through proxy turn on the Enable Proxy setting and select one of anonymous proxy servers from the list.
The probe that will be sent to the target host is based on the mentioned parameters. There are some known vulnerability tests for each service.
You can configure these tests using Options/Configuration ( CGI Abuses ).
Double clicking on the scan entry you can view the CGI Abuse details. The dialog below shows all the details of the selected row.
Selecting the appropriate CGI from the CGI Groups allows you to see all the check probes for the selected CGI including CGI Name and CGI Description. Selecting one of the CGI checks will show the CGI Abuse Details for that check including Risk Level, Abuse Name, Method, Directories, RCode ( return code ), Directories, Check URL, BagtraqID, Comment.
These well known tests are used to create the probes. You can hide the name of your real user agent by selecting any other from the list( it will seem that the probe is sent not from the real sender Nsauditor ).
You can add, delete and save the information in the page by clicking on the Add, Delete, Save buttons accordingly.
If View All Responses is turned on the Responses List of Network Security Auditor window will contain all responses. Otherwise the list will contain only the responses with open ports. You can double click on the row to view http header, source and data of each response ( left, middle , right parts of bottom section ). |