Title: Remember the "Security Scan Tool Linkage" automated scanning vulnerability process

0x01 Tools used

The download address and installation method of the tool are placed after the introduction of each tool. If necessary, you can download it yourself.

1.AWVS Tools

awvs introduction:

Acunetix Web Vulnerability Scanner (AWVS) is a platform used to test and manage the security of web applications. It can automatically scan the Internet or local LAN for vulnerabilities and report vulnerabilities. Any Web site that is accessed and followed by HTTP/HTTPS rules can be scanned. Intranet, extrinsic network and web sites for customers, employees, vendors and other personnel for any small and medium-sized and large enterprises. AWS can review the security of web applications by checking for SQL injection attack vulnerabilities, XSS cross-site scripting vulnerabilities, etc. AWVS features and features: 1) Automatic client script analyzer, allowing security testing of Ajax and Web2.0 applications

2) The most advanced and in-depth SQL injection and cross-site scripting test in the industry

3) Advanced penetration testing tools such as HTPP Editor and HTTP Fuzzer

4) Visual macro recorder helps you easily test web forms and password-protected areas

5) Support pages containing CAPTHCA, single start instruction and Two Factor (two-factor) verification mechanism

6) Rich reporting features including VISA PCI compliance reporting

7) High-speed multithreaded scanner easily retrieves thousands of pages

8) Intelligent crawler detects web server type and application language

9) Acunetix retrieves and analyzes websites, including flash content, SOAP and AJAX

10) Port scans the web server and performs security checks on the network services running on the server

11) Can export website vulnerability files

awvs tool installation tutorial address: https://blog.csdn.net/shandongjiushen/article/details/128377981

awvs tool cracked version download address (Baidu Netdisk) link: https://pan.baidu.com/s/1KayUhIShgUjozphx41CqsQ Extraction code: qbe0

2. Appscan Tools

Appscan introduction:

appscan is a dynamic application security testing tool designed specifically for security experts and testers. This can easily help users develop safer software and effectively avoid expensive vulnerabilities in the later stage of the development life cycle. The software has a powerful scanning engine built-in, which can automatically crawl target applications and test vulnerabilities, and the test results will be presented in a priority manner, which will enable operators to classify problems faster and be the first to discover the most critical vulnerabilities. At the same time, appscan will automatically provide users with clear and feasible repair suggestions, so that each discovered problem can be remediated more easily. Moreover, the software has a comprehensive security testing suite that supports testing web applications, web services, and mobile backends, and will use operation-based proprietary technology and tens of thousands of built-in scans to continuously check, so that this continuous testing and evaluation of risk checks on web services and applications can help prevent destructive security vulnerabilities. Introduction to Appscan functions: 1) Active and passive scanning Appscan supports active and passive scanning technology. In active scanning mode, it simulates the behavior of an attacker, sends malicious requests and attack payloads to discover known web vulnerabilities such as cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF), etc. In passive scanning mode, Appscan will listen to the application's communication and interaction process, analyze data flow and response, and look for potential security vulnerabilities and problems.

2) Support Web application and mobile application scanning Appscan is suitable for both Web application scanning and mobile application security assessment. For web applications, Appscan can automatically discover and evaluate common web vulnerabilities, such as XSS, SQL injection, sensitive information leakage, etc. For mobile applications, Appscan is able to analyze the binary code of the application and discover vulnerabilities and security issues in the application.

3) Penetration testing support Appscan provides penetration testing support, which means it is not just a vulnerability scanning tool, but also can simulate real attacks for testing. Penetration testing can help discover some vulnerabilities that are difficult to detect and have more in-depth testing capabilities for complex vulnerabilities and business logic problems.

Appscan tool installation tutorial address: https://blog.csdn.net/qq_39720249/article/details/121248901

Appscan tool cracked version download address (Baidu Netdisk): https://pan.baidu.com/s/1UnAZBFwYvEvzUQPC1eQaBA Extraction code: ime6

3. Yakit Tools

yakit introduction:

YAK is the first vertical development language in the world dedicated to the integration of underlying capabilities of network security, providing very powerful security capabilities. Yak is a superset of most "data description languages/container languages". It has all Go capabilities and library ecosystems, VSCode plug-ins, etc. The syntax is customizable. It is a Turing-complete scripting language, completely domestic. Provide various underlying security capabilities through functions, including port scanning, fingerprint recognition, poc framework, shell management, MITM hijacking, powerful plug-in systems, etc. Yakit is a cybersecurity individual tool developed based on the yak language, aiming to create a network security tool library covering the entire process of penetration testing. Due to the Yak usage format, users must learn the Yak language and have a certain understanding of security at the same time. In order to make Yak's own security capabilities easier to be accepted and used by everyone, we wrote a gRPC server for Yak and built a client: Yakit, which lowers the threshold for everyone to use Yak through the interface GUI. A brief introduction to yakit functions (too many functions): Yakit is a highly integrated output platform for Yak language security capabilities. Using Yakit, we can do:

1) MITM hijacking operation table similar to Burpsuite

2) View the history of all hijacked requests and analyze the parameters of the requests

3) The world's first visual web fuzzer tool: Web Fuzzer

4) Yak Cloud IDE: Yak Language Cloud IDE with built-in smart prompts

5) ShellReceiver: Turn on the TCP server to receive rebound interactive shell anti-connection

6) Third-party Yak module store: a community-led third-party Yak module plug-in, you have everything you want

7.

Yakit tool installation tutorial address: https://blog.csdn.net/m0_60045654/article/details/134645164

Yakit tool download address: https://yaklang.com/

4. Burp Suite

Introduction to burp suite:

burp suite is an integration platform for attacking web applications. Burp Suite is an integration platform for attacking web applications and contains many tools. Burp Suite designs many interfaces for these tools to speed up the process of attacking applications. All tools share a request and can handle corresponding HTTP messages, persistence, authentication, proxy, logs, and alerts. Introduction to the functions of the burp suite tool: 1) Target (target) —— displays a function of the target directory structure

2) Proxy (Proxy) —— intercepts HTTP/S proxy server, acting as an intermediary between the browser and the target application, allowing you to intercept, view, and modify the original data flow in both directions.

3) Spider (spider) —— uses intelligent sensing web crawler, which can fully enumerate the content and functions of the application.

4) Scanner (scanner) —— advanced tool, after execution, it can automatically discover security vulnerabilities in web applications.

5) Intruder (Intruder) —— A customized highly configurable tool that automates web applications such as enumerating identifiers, collecting useful data, and using fuzzing technology to detect conventional vulnerabilities.

6) Repeater (repeater) —— A tool that relies on manual operations to trigger separate HTTP requests and analyze application responses.

7) Sequencer (session) —— is a tool used to analyze the randomness of unpredictable application session tokens and important data items.

8) Decoder (decoder) —— is a tool for manual execution or intelligently decoding and encoding application data users.

9) Comparer (comparison) —— usually obtains a visual 'difference' of the two data through some related requests and responses.

10) Extender (Extension) —— allows you to load Burp Suite extensions and use your own or third-party code to extend the functions of Burp Suite.

11) Options (Settings) —— Some settings for Burp Suite

Burp suite tool installation tutorial address: https://blog.csdn.net/m0_60045654/article/details/134645164

Burp suite tool jar crack package: **https://link.zhihu.com/?target=https%3A//github.com/lzskyline/BurpLoaderKeygen/raw/main/BurpLoaderKeygen.jar

Burp suite tool download address: https://link.zhihu.com/?target=https%3A//portswigger.net/burp/releases/

5. Xray

Introduction to xray tool:

Xray is a powerful security assessment tool launched by Changting Technology. It is created by many experienced front-line security practitioners. It supports active and passive scanning methods, supports multiple operating systems such as Windows, Linux, and macOS, and supports user-defined POCs.

It can quickly detect vulnerabilities in target websites. Compared with traditional manual vulnerability scanning, xray has the following advantages:

1. High degree of automation, reducing the time and energy of manual operation;

2. Supports scanning of multiple vulnerability types;

3. Support distributed deployment;

4. Support web interface management.

xray function introduction: The POC framework has built-in pocs contributed on Github by default, and users can also build and run them by themselves as needed.

Currently supported vulnerability detection types include : 1) XSS vulnerability detection (key: xss)

2) SQL injection detection (key: sqldet)

3) Command/code injection detection (key: cmd-injection)

4) Directory enumeration (key: dirscan)

5) Path crossing detection (key: path-traversal)

6) XML Entity Injection Detection (key: xxe)

7) File upload detection (key: upload)

8) Weak password detection (key: brute-force)

9) jsonp detection (key: jsonp)

10) Ssrf detection (key: Ssrf)

11) Baseline examination (key: baseline)

12)Arbitrary jump detection (key: redirect)

13) CRLF injection (key: crlf-injection)

14) Struts2 Series Vulnerability Detection (Advanced Edition, key: struts)

15) Thinkphp series vulnerability detection (advanced version, key: thinkphp)

16) XStream Series Vulnerability Detection (key: xstream)

17) POC framework (key: pantasm)

Xray tool installation tutorial address: https://blog.csdn.net/weixin_52244272/article/details/132278409

Xray11 tool cracked version download address: https://pan.baidu.com/s/1n5lqeSVXpk_CgBS7JMFkdA?pwd=amlj Extraction code:amlj

0x02 Tool linkage

Start linking five tools to automatically scan for vulnerabilities in the target website.

1. Set up appscan tool linkage preparation

Open the appscan tool interface and select--New-Scan web service--Next.

Select -- Let AppScan automatically select ports (the ports and addresses selected here are the addresses and ports that Awvs agent listens on) -- Local -- I need to configure other connection settings -- Next step

Select --Use custom proxy settings --Address: 127.0.0.1 --Port: 8083 (The proxy address and port set here are Yakit's proxy listening address) --Next.

No need to set it, just go next.

Without setting, just go to the next step and click Finish.

Get an external traffic recorder, and wait for the traffic to pass through here to display.

2. Set up Yakit tool linkage preparation

Start the Yakit tool

Open a temporary project

Select the penetration testing tool--MIMT interactive hijacking

Let me mention here that Yakit has only 15 scanning plug-ins downloaded by default. If you want to have a more comprehensive passive scanning vulnerability, you can go to the plug-in store to download the plug-in you need. You can download all the plug-ins with one click, but the scanning will be very slow. Just download some of the things you need.

Go back to MIMT interactive hijacking, set the hijacking agent listening host to: 127.0.0.1, the hijacking agent listening port to: 8083, and the downstream agent is: http://127.0.0.1:8080 (the downstream address set here is the proxy listening address and port of Burp Suite). Select Enable plug-in, set the plug-in on the left to Select All, and select configuration-free startup after setting (it is best to choose configuration-free startup, otherwise the traffic cannot pass when linking the Burp suite tool).

The vulnerabilities scanned later will be displayed here

3. Set up the linkage preparation for Buro Suite tool

Open the Burp Suite tool and select --Temporary Project --Next.

Use the default value of Burp Suite --Next.

Select Settings

Set up the proxy, the binding proxy port is: 8080, and the binding address is: loopback only (the proxy listening address and port set here are the downstream proxy addresses set by Yakit).

Set up the upstream proxy of burp suite, the target host is: * (all target hosts are allowed), the proxy host is: 127.0.0.1, and the proxy port is: 7777. (The Xray listening address and port are set here)

Added real-time tasks

Set passively scan all traffic passing through the proxy

Edit built-in scanning behavior.

Set the scan type, select all, turn on firepower, click Save.

Click OK and set the passive scan.

4. Set up Xray tool linkage preparation

Use Xray to listen for port 127.0.0.1:7777 (the port you listen to here is the upstream proxy set by Burp Suite), passively scan for vulnerabilities, and output vulnerabilities to 123.html.

0x04 Start testing linkage scanning

All preparations are in place, use the Awvs tool as the starting point for the first access scan target traffic.

1. Intercept traffic

First hijack the traffic of Yakit and Burp Suite to facilitate the viewing of traffic trends later.

2. Set awvs scanning target

Set the awvs scan target to access traffic. Add a scan target (this target is authorized), and click Save.