Acunetix is a web vulnerability scanner that you can use to detect vulnerabilities in the web applications. It can also be used to perform penetration testing against the detected issues. During scanning, Acunetix can analyze the source code and pinpoint the exact line of code with vulnerability.
It also provides mitigation suggestions for the vulnerabilities -- you can use that to increase the security of the web app.
The scanner is super fast, it can crawl hundreds of thousands of pages in just few minutes.
Now let's talk about the Tools...
- Site Crawler: It collects referrer pages, headers, and variables within the pages. If the crawler is in the default mode, it will crawl the whole site but you can limit the extensions if you want.
- Target Finder: It is a port scanner that can find websites running in a range of given addresses. The range of addresses is not limited and you can specify which ports to look on in order to discover websites on nonstandard ports. It can also identify the type of the target web server.
- Subdomain Scanner: It can identify active sub domains of a top level domain very easily. It can be configured to use the target’s DNS server or any other DNS server specified by the user.
- Blind SQL Injector: This is a powerful tool that can enumerate databases and tables, dump data and also read specific files on the file system of the web server if an exploitable SQL injection is discovered. It is an automated database data extraction tool, but it also allows you to run custom SQL "Select" queries against the database.
- HTTP Editor: The HTTP Editor allows you to create, analyze, and edit client HTTP requests and server responses. It also contains an encoding and decoding tool to encode/decode text and URL’s to MD5 hashes, UTF7 formats and many other formats.
- HTTP Sniffer: The HTTP Sniffer acts as a proxy and allows you to capture, examine and modify HTTP traffic between an HTTP client and a web server. You can also enable, add or edit traps to capture traffic before it is sent to the web server or back to the web client. It can help you analyze how Session IDs are stored and how inputs are sent to the server, and alter any HTTP requests being sent back to the server before they get sent. It also allows you to navigate through parts of the website which cannot be crawled automatically, and import the results into the scanner to include them in the automated scan.
- HTTP Fuzzer: It enables you to launch a series of sophisticated fuzzing tests to audit the web application's handling of invalid and unexpected random data. The HTTP Fuzzer also allows you to create input rules for further testing in Acunetix Web Vulnerability Scanner.
- Authentication Tester: This is actually a dictionary attack tool that you can use to perform a dictionary attack against login pages that use both HTTP (NTLM v1, NTLM v2, digest) or form based authentication. This tool uses two predefined text files (dictionaries) containing a list of common usernames and passwords. You can add your own combinations to these text files if you want.
- Web Services Scanner: It allows you to launch automated vulnerability scans against WSDL based Web Services.
- Web Services Editor: This tool allows you to import an online or local WSDL for custom editing and execution of various web service operations over different port types for an indepth analysis of WSDL requests and responses. The editor also features syntax highlighting for all languages to easily edit SOAP headers and customize your own manual attacks.
Now let's learn to use the app...
How To Use Acunetix
First download and install Acunetix Web Vulnerability Scanner on your computer.
(download link is at the end of this article)
Then open it, you will see a window as shown below.
Click on "New Scan". A wizard window will appear.
Now enter the website address in the Website URL box. Then click on "Next >".
Now select a scanning profile or you can leave it as default. Then click on the "Next >" button.
Then click on "Next >".
Then configure the login details for password protected areas. If there no password required, then levae it as default and lcik on the "Next >" button.
It may show you additional hosts in the target website (see the above image), if you want to add those websites in the scan, then select those websites and click on "Finish". Now the Acunetix should start scanning the target website. wait for completion...
If you want to know more about a vulnerability, and how to fix it, just click on the web alert.
There are also a lot of things you can do with this tool, but I'm not going into that now. Because I want you to explore this software yourself.
That's all guys, I hope you liked this article. If you did, please share this article with your friends....
If you have any doubts, feel free to ask me anytime.
Peace out...
(download link is at the end of this article)
Then open it, you will see a window as shown below.
Click on "New Scan". A wizard window will appear.
Now enter the website address in the Website URL box. Then click on "Next >".
Now select a scanning profile or you can leave it as default. Then click on the "Next >" button.
Then click on "Next >".
Then configure the login details for password protected areas. If there no password required, then levae it as default and lcik on the "Next >" button.
It may show you additional hosts in the target website (see the above image), if you want to add those websites in the scan, then select those websites and click on "Finish". Now the Acunetix should start scanning the target website. wait for completion...
If you want to know more about a vulnerability, and how to fix it, just click on the web alert.
There are also a lot of things you can do with this tool, but I'm not going into that now. Because I want you to explore this software yourself.
That's all guys, I hope you liked this article. If you did, please share this article with your friends....
If you have any doubts, feel free to ask me anytime.
Peace out...
You might also like:
Acunetix - Web Vulnerability Scanner For Hackers
Reviewed by AC10 Tech
on
Monday, August 01, 2016
Rating:
Reviewed by AC10 Tech
on
Monday, August 01, 2016
Rating:
No comments: