Usage of OWASP VBScan on Kali Linux
In this section, we will see the practical usage of the OWASP VBScan tool on Kali Linux in terms of a practical example.
Step 1: Launch the Tool
Once you have successfully installed VBScan, you can launch it in interactive mode. In this mode, you can input options to customize the scan. Use the following command:
perl vbscan.pl
This command will start VBScan in interactive mode, allowing you to input various options for the scan.
Step 2: Vulnerability Scanning
In this step, we’re going to Scan the Vulnerabilities of the domain w3wiki.org. To do that we have to use the following command.
./vbscan.pl ( Target_Website )
This will initiate a vulnerability scan of the live web application running on w3wiki.org using OWASP VBscan
Following the initiation of the vulnerability scan, a prompt will appear, asking if you want to continue. To proceed, type “y“. This choice enables you to decide whether to extend the scan to additional pages of the website or terminate the current scan.
Upon completion of the task, you will see the following message displayed.
These scan reports contain full descriptions and debugging information about every issue so your development team can replicate and fix them.
Step 3: Locating the Report
After our task is completed our report will be saved in the vbscan folder. Open a file explorer window and navigate to the Desktop and then the vbscan installation directory.
Inside this directory, you should find a “reports” folder. Double-click to open it.
Within the “reports” folder, you will find files named after your target.
Within the “w3wiki.org” folder, you will find files such as “w3wiki.orgReport.html.”
Open the HTML report in your preferred web browser, such as Firefox or Chrome. The browser will render the report, allowing you to interactively review the vulnerabilities found.
OWASP VBScan – A Black Box VBulletin Vulnerability Scanner
OWASP VBScan is an open-source tool for testing VBulletin forum software for security vulnerabilities. It works as an automated black box vulnerability scanner. This means it tests VBulletin installations from the outside without access to source code or system files. It sends multiple HTTP requests to detect known vulnerabilities and misconfigurations. The issues it identifies include SQL injection, cross-site scripting, and information disclosure among others. It summarizes potential security risks in the VBulletin setup along with remediation guidance.
Features of OWASP VBScan Tool:
- Scanning for Known Vulnerabilities: VBScan scans web applications for known vulnerabilities, including common security issues such as SQL injection, cross-site scripting (XSS), and others.
- Fingerprinting Technology: The tool uses fingerprinting techniques to identify the underlying technologies and components of a web application, aiding in the discovery of potential vulnerabilities associated with specific platforms.
- Multiple Scan Modules: VBScan incorporates multiple scan modules that focus on different aspects of web application security. These modules help in detecting various types of vulnerabilities, providing a comprehensive assessment.
- Dynamic URL Analysis: The tool dynamically analyzes URLs and parameters, attempting to identify potential security weaknesses in the web application’s structure.
Contact Us