the other form of discovery where you are going to
discuss here is automated a lot of awesome tools out there that will fuzz different Web applications to find
these vulnerabilities for you.
So we're gonna talk about a couple of them here that you could give free.
Vega's gooey based freeware found on Callie Callie, too.
Sequel mapas command line base and it's also free and found Kelly Kelly, too.
And map is also command line based.
Again. Bring us on Callie
Zap or the WASP zit Attack Proxy
is Gu ae base, and that can be found on the operating system as well.
Recognize, gooey based, However, you have to download it from the Iraq. My scanner website,
which we should you should have done earlier when we were setting up the environment. And then finally,
Barb suite is gooey. Basically, purchase from ports were Don't expect anybody actually purchase breath Sweet for this class. Burp suite is a
$300 program. However, there is a free version of burbs sweet on there
that does everything except the actual scanner portion of the of the program. So let's hop on the Cali and check out how Vega operates. All right, so here we are in our Callie to environment.
And remember, you will have to goto applications Web application, analysis and then click Vega in order to get the tool operational.
We'll take a second for pop up, but once it does, it'll be good to go.
V EMS network properly. See it because we were able to browse to the pen Tester Lab's website.
Now, in order to scan
with Vega, you will click new scan
well, starting to scam,
and then you'll want to enter the address
of what you'll be scanning.
Then in here, you want to select your different type of modules that you'll be scanning for,
we want to be scanning first. People injection.
So let's turn everything off.
Let's scroll down here and
sequel injection. So there's some blind sequel here.
Scroll down further. Make sure we did.
You don't miss anything.
Here we go. Buy a sequel. Injection. Missed that one.
Now. If you had an identity, you want to sign in as
that's where he would select here. You would have to set the identity up
in the configuration of Vega if you wanted to, but we don't need an identity
to skin site. As for the sequel injection,
have there any special parameters that you want to exclude? This is where you would
put those parameters. So if there's anything that might be sensitive on your network that you don't want getting fuzzed
um, that's where you put this at.
Now the scans gonna kick off here
and up here, we can see that some spider ring has been done.
So we see the address of 19268 11 And these air some links that were found
by Vega and it attempted toe spider out to them, however, says we're not connected.
It wasn't a successful with attempting despite her. If it was successful, you would see a whole lot like this here.
That is one reason why
we want to be careful with
how were performing our scans environment wise because anything that we spider could reach out and touch and, you know, continue aspiring other things that we might not have permission to might look like an attack.
So let's give Vegas sometime heydar scan
no scan is complete, and we see that.
Well, we have some sequel injection vulnerabilities here.
Let's come over to our scan alerts.
Drop it down. We see the I p. Address of the
the server, that website that we were scanning here
drop down again. Siarhei results. If there was anything else that was medium or low, this will be listed here,
Here we have all of our web pages that are,
supposed toe have sequel injection vulnerabilities. And we know for a fact that they do because that's all the lab is designed.
click on example one.
And it gives us this nice low breakdown here, so
the resource parameter that was used the method, So get methods. Oh,
that's how it performed the sequel injection
and it shows the exact request that was sent.
You see here in the request Ah, the escape characters that we had talked about earlier. They're being used
if we go further down.
discussion about the sequel injection vulnerability, The impact of it in the remediation
and as well as some references, is fortunately, report is awesome
because it helps you write your report very easily. So if you're a person who you're creating a report for doesn't really care about the impact. But once remediation, you give them these kind of remediation tabs, you know?
So it's very good free toilet you can use here.