Site Vulnerabilities. Checking the site. Program for scanning a site for vulnerability

The problem of website security has never been as acute as in the 21st century. Of course, this is due to the comprehensive spread of the Internet in almost all industries and fields. Every day, hackers and security experts find several new site vulnerabilities. Many of them are immediately closed by the owners and developers, while some remain as they are. This is what attackers use. But with the help of a hacked site, you can do great harm to both its users and the servers on which it is hosted.

Types of site vulnerabilities

When creating web pages, many related electronic technologies are used. Some are perfect and time-tested, and some new and not yet run-in. In any case, there are a lot of varieties of site vulnerabilities:

• XSS Each site has small forms. With their help, users enter data and get any result, register or send messages. Substituting special values ​​into these forms can provoke the execution of a certain script, which can cause a violation of the integrity of the site and compromise the data.
• SQL injection. A very common and effective way to access sensitive data. This can happen either through the address bar or through forms. The process is carried out by substituting values ​​that may not be filtered out by scripts and execute queries to the database. And with proper knowledge, this can cause a security breach.

• HTML errors. Almost the same as XSS, but not script code is being implemented, but HTML.
• Site vulnerability associated with the placement of files and directories in default locations. For example, knowing the structure of web pages, you can get to the code of the administrative panel.
• Inadequate protection of the operating system on the server. If such a vulnerability is present, then the attacker will be able to execute arbitrary code.
• Bad passwords. One of the most obvious site vulnerabilities is the use of weak values ​​to protect your account. Especially if she is an administrator.
• Buffer overflow. It is used when replacing data from memory, as a result of which you can make your own adjustments. It occurs when using imperfect software.
• Replacing web resource pages. Recreating an exact copy of the site by going to which the user may not suspect a trick and enter their personal data, after some time passing to the attacker.
• Denial of Service. Basically, this term refers to an attack on a server when it receives a large number of requests that it cannot handle and simply “crashes” or becomes unable to serve real users. The vulnerability is that the IP filter is not configured properly.

Search for site vulnerabilities

Security experts conduct a special audit of web resources for errors and omissions that could lead to hacking. This site check is called pentesting. The process analyzes the source code used by CMS, the presence of vulnerable modules and many other interesting checks.

SQL injection

This type of site check determines whether the script filters the received values ​​when compiling queries into the database. The simplest test can be done manually. How to find SQL vulnerability on a site? Now it will be considered.

For example, there is a certain site my-site.rf. There is a directory on its main page. Going into it, you can find in the address bar something like my-site.rf /? Product_id = 1. There is a possibility that this is a request to the database. To search for site vulnerabilities, you can first try substituting a single quote in this line. As a result, there should be my-site.rf /? Product_id = 1 '. If an error message appears on the page when you press the Enter key, then there is a vulnerability.

Now you can use various options for selecting values. The operators of union, exclusion, commenting and many others are used.

Xss

This type of vulnerability can be of two types - active and passive.

Active involves embedding a piece of code in a database or directly in a file on the server. He is more dangerous and unpredictable.

Passive mode involves luring the victim to a specific address of the site containing the malicious code.

Using XSS, an attacker can steal cookies. And they may contain important user data. The theft of the session has even more dire consequences.

Also, the hacker can use the script on the site so that the form at the time of sending it by the user sends information directly to the attacker.

Search Automation

On the network you can find a lot of interesting site vulnerability scanners. Some are delivered separately, some are bundled with several similar ones and combined into one common image, like Kali Linux. The following is an overview of the most popular tools for automating the process of collecting vulnerability information.

Nmap

The simplest site vulnerability scanner that can show details such as the operating system, ports and services used. Typical application example:

nmap -sS 127.0.0.1, where instead of the local IP you need to substitute the address of the real tested site.

The output will tell you which services are running on it, and which ports are open at that moment. Based on this information, you can try to use already identified vulnerabilities.

Here are a few nmap keys for a more biased scan:

• -A. Aggressive scanning, which will dump a lot of information, but can take a considerable time.
• -Oh. Attempts to determine the operating system used on the server.
• -D. Replaces the IP addresses from which the check is performed so that when viewing the server logs it was impossible to determine where the attack originated.
• -p. Port range. Checking multiple services for open services at once.
• -S. Allows you to specify the desired IP address.

Wpscan

This program for scanning a site for vulnerability is included in the Kali Linux distribution. It focuses on checking web resources on the WordPress content management system. It is written in Ruby, so it starts like this:

ruby ./wpscan.rb --help. This command will show all available keys and letters.

To start a simple check, you can use the command:

ruby ./wpscan.rb --url some site.ru

In general, WPScan is a fairly easy-to-use utility for checking its website for WordPress vulnerabilities.

Nikto

The program checks the site for vulnerabilities, which is also available in the Kali Linux distribution. It has rich functionality with all its simplicity:

• protocol scanning with HTTP and HTTPS;
• bypass many built-in detection tools;
• multiple port scanning, even in a non-standard range;
• support for the use of proxies;
• it is possible to implement and connect plugins.

To run nikto, you need perl installed on your system. The simplest analysis is done like this:

perl nikto.pl -h 192.168.0.1.

The program can "feed" a text file that lists the addresses of web servers:

perl nikto.pl -h file.txt

This utility will help not only security experts to conduct pentests, but also administrators of networks and resources to maintain the health of sites.

Burp suite

A very powerful tool for checking not only sites, but monitoring any network. It has a built-in function to modify transmitted requests to the server under test. A smart scanner that can automatically search for several types of vulnerabilities at once. It is possible to save the result of current activities, and then resume it. Flexibility that allows not only using third-party plugins, but also writing your own.

The utility has its own graphical interface, which is undoubtedly convenient, especially for novice users.

Sqlmap

Probably the most convenient and powerful tool for finding SQL and XSS vulnerabilities. The list of its advantages can be expressed as follows:

• support for almost all types of database management systems;
• the ability to use six basic ways to identify and apply SQL injections;
• mode of enumerating users, their hashes, passwords and other data.

Before using SQLmap, they usually first find a vulnerable site through dorks, which are search engine blanks that help you tentatively filter out the necessary web resources.

Then the address of the pages is transferred to the program, and it checks. If the vulnerability is successfully identified, the utility can use it itself, gaining full access to the resource.

Webslayer

A small utility that allows you to conduct a brute force attack. It can “brute force” resource forms, sessions, site parameters. It supports multithreading, which has a great effect on performance. It can also recursively select passwords in subpages. There is proxy support.

Resources for Verification

The network has several tools for checking the vulnerability of online sites:

• coder-diary.ru. A simple site to test. It is enough to enter the address of the checked resource and click "Check". The search may take a long time, so it is possible to specify your email address so that at the end of the check the result will come directly to the mailbox. There are about 2500 known vulnerabilities in the database of the site.
• https://cryptoreport.websecurity.symantec.com/checker/. Symantec SSL and TLS Certificate Online Validation Service. Only the address of the resource being checked is required.
• https://find-xss.net/scanner/. The project scans a separate file of PHP sites for vulnerabilities or their archive in ZIP format. You can specify the types of files to be scanned and the characters by which the data in the script is escaped.
• http://insafety.org/scanner.php. A scanner for testing sites on the 1C-Bitrix platform. Simple and intuitive interface.

Vulnerability Testing Algorithm

Any network security professional performs a simple algorithm check:

1. First, he manually or using automated tools analyzes whether the site has vulnerabilities. If so, then it determines their type.
2. Depending on the type of vulnerability present, he builds further moves. For example, if CMS is known, then the appropriate attack method is selected. If this is an SQL injection, then queries to the database are selected.
3. The main task is to gain privileged access to the administrative panel. If this could not be achieved, it may be worth trying the forms and faking the address with the introduction of a script into it and then passing it to the victim.
4. If any attack or penetration succeeds, then data collection begins: are there any more vulnerabilities, what are the flaws.
5. Based on the data received, a security specialist informs the site owner about existing problems and how to resolve them.
6. Vulnerabilities are eliminated by his hands or with the involvement of third-party masters.

A few safety tips

Those who are independently engaged in the development of their own site will be helped by simple tips and tricks.

Incoming data must be filtered in such a way that scripts or requests cannot start autonomously or send data from the database.

Use complex and strong passwords to enter the administrative panel to avoid possible brute force.

If the site is built on the basis of any CMS, you need to update it as often as possible and apply only proven plugins, templates and modules. Do not overload the site with unnecessary components.

More often check server logs for suspicious occurrences or actions.

Check your own site with several scanners and services.

Correct server configuration is the key to its stable and safe operation.

If possible, use an SSL certificate. This will prevent the interception of personal and confidential data between the server and the user.

Security Tools. It makes sense to install or connect software to prevent intrusions and external threats.

Conclusion

The article turned out to be voluminous, but even it is not enough to describe in detail all the aspects of network security. In order to cope with the task of protecting information, you will have to study a lot of materials and instructions. And also master a bunch of tools and technologies. You can seek the advice and help of professional companies that specialize in conducting pentests and auditing web resources. Although such services will result in a good amount, nevertheless site security can be much more expensive both economically and in reputation.