-
-
Notifications
You must be signed in to change notification settings - Fork 222
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Damn Vulnerable Application Scanner (DVAS) #198
Conversation
The following issues were identified: Summary
|
I’m confused is this a target for learning or a tool to scan things? If the later this is not the place to add it. |
Yes, that is quite an unusual perspective :). DVAS is an intentionally vulnerable web scanner that is meant to demonstrate and teach about "responsive" attacks. Basically, when someone makes a scan, she/he might become the target of a counterattack if a vulnerable scanner is used. Understanding this attack scenario is subtle and DVAS comes with an attack tool (called revok) that one can use to see the attack in action. However, the attack should be done manually when the goal is education/awareness. |
@gabriele-costa nice research! OK for us (ZAP team) to reference it? If so is that the best URL for us to use? |
And any more feedback on your ZAP testing would be appreciated, e.g. details of the 4 tained flows.. |
@psiinon Thank you! Yes, we would be very glad about that. Here are more details about the attacker model and vulnerabilities we found.
Let me know if I can provide further details |
I'm checking this out |
Here we are. We found 4 tainted flows (but no actual vulnerability) with destination in the HTML report exported by ZAP. In particular, the following HTTP response headers were included: X-Powered-By, Location, X-Content-Type, and X-AspNet-Version. |
Thanks. Any of the authors have twitter accounts I can mention? |
Andrea has one https://twitter.com/avalz_ |
DVAS contains a collection of web-based (vulnerable) security scanners, including (but not limited to) the vulnerabilities from "Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners". DVAS also contains a simulation of CVE-2020-7354 and CVE-2020-7355 for Metasploit Pro.