Using Web Application Scanners

Web application scanners are essential tools for penetration testers to identify and assess vulnerabilities in web applications. They automatically analyze web applications for common security issues such as SQL injection, cross-site scripting (XSS), and security misconfigurations that attackers might exploit. Using these scanners, testers can efficiently detect vulnerabilities, helping organizations protect their applications by addressing weaknesses before malicious actors find them.

Mahran Al-Zyoud
|
8 steps

- **Virtualization Software:** Oracle VirtualBox 7.1.4 - **Host Operating System:** Windows 11 - **Guest Operating Systems:** Kali Linux, Metasploitable 2, and Metasploitable 3. - **Tools**: whatweb, Nmap. - **Last Updated:** November 2024 - **Created by**: Mahran Al-Zyoud. For any improvements, corrections, or suggestions, please feel free to contact me at [mahran.alzyoud@gmail.com](mailto:mahran.alzyoud@gmail.com). Your feedback is appreciated!

WhatWeb

You will use various tools to gather information about web servers and identify security vulnerabilities. **WhatWeb** is a web fingerprinting tool that helps you analyze a target web server's components, revealing details such as the web application, its versions, the technologies in use, and the host operating system. By examining the version numbers of these technologies, you can uncover potential exploits that may target vulnerabilities. The next section will focus on using Nmap to discover web application vulnerabilities.

Ensure that both Kali Linux and Metasploitable 3 virtual machines are running.

Run **[[nmap -p 80,443,8080 172.17.2.23]]** Remember that web application protocols such as HTTP and HTTPS operate on ports 80, 443, and 8080. Note: The IP address of my Metasploitable 3 virtual machine is 172.17.2.23. Please verify yours.

Run **[[whatweb http://172.17.2.23]]** to identify the web application and additional web technologies on the targeted system.

Nmap

Run **[[ls /usr/share/nmap/scripts/http\*]]** to see a list of all the Nmap scripts that begin\ with http

You can select a script from the list to scan for HTTP vulnerabilities on a specific system. Assume you want to know whether a web application is vulnerable to Structured Query Language (SQL) Injection attacks. The http-sql-injection NSE script will detect such security issues.

Run **[[nmap --script http-sql-injection -p 80 172.17.2.21]]** to invoke the SQL Injection script and perform a scan on a target that has port 80 open for web services. Note: The IP address of my Metasploitable 2 virtual machine is 172.17.2.21. Please verify yours. As shown below, the Nmap script was able to automate the process of checking\ whether various URLs and paths are susceptible to a possible SQL Injection attack.