Synopsis

Command line interface to the Simple Scanner. This is a Ruby port of the Perl version of Simple Scanner presented in Ch 8 of Network Security Tools by Justin Clarke et al. Refer to www.oreilly.com/catalog/networkst/ for the sample chapter and perl source code. The book is definitely worth a read for any serious security professional.

The scanner is capable of parsing a Burp log file (Refer to portswigger.net/proxy/) and discovering the following web application vulnerabilities:

 1. SQL Injection
 2. Cross Site Scripting
 3. Directory Listings

Has the capability of operating through a HTTP proxy tunnel and sending a static cookie.

Original Code

Copyright (c) 2005 O‘Reilly Media, Inc. All rights reserved.<br> Network Security Tools By Justin Clarke, Nitesh Dhanjani <br> Note: The original code and chapter was authored by Brian Holyfield

New Code

Copyright (c) 2007 by Security Technology Science Pty Ltd. All rights reserved.

License

Licensed under the same terms as GNU GPL v2. Refer to LICENSE in the downloaded package.

Example

Using a static cookie

 ruby simplescanner.rb -c "cid=1234; nonce=abc" burplog.txt http://www.example.com

Using a proxy to tunnel requests

 ruby simplescanner.rb -p "127.0.0.1:8080" burplog.txt http://www.example.com

Required files