Security News

External Links

Home
Resources
Free Tools

STS Scanner

The Security Technology Science (STS) Scanner's humble beginnings began as a Ruby port of the Perl version of ExtendedScanner presented in Ch 8 and 9 of Network Security Tools by Justin Clarke et al. You can find out more information about this progression by visiting the educational sections of our website starting with the Simple Scanner and then moving to the Extended Scanner.

Today the scanner has a lot more additional features that will continue to grow and be freely available for the open source community to expand upon. Hopefully providing a freely available Web Application Scanner that can deliver an adequate level of security to a broad community.

Technical Features

Web Engine

The STS Scanner's internal engine acts much the same as the browser you are currently using to view this page. The scanner's internal core uses Mechanize for automating interactions with websites. This allows the scanner to automatically store and send cookies, follow redirects, follow links, submit forms, run over SSL connections and understand HTTP 0.9, 1.0, 1.1. Mechanize also keeps track of the sites that you have visited as a history and provides a detailed log of all requests.

The following authentication schemes are also recognised:

Proxy authentication
Basic authentication
Digest authentication
Cookie authentication
SSL Certificate authentication
CA verification

Web Crawler

Note: The crawler is in the alpha stage of development. Only use for simple applications, otherwise use Burp Crawler

The STS Scanner is capable of intelligently crawling a web application and/or parsing a Burp log file to build the application attack surface. It's important that this attack surface be as close to 100% of the application's actual surface to provide the best possible level of assurance that all avenues are being tested. As such, the crawling functionality currently uses Hricot to flexibly and quickly parse HTML web pages identifying the following types of URLs:

Frames, iFrames src value
Anchor tags href with a standard value
Anchor tags href with a javascript value
Anchor tags onclick with an ajax value
Image tags with src value
Form tags and fields to build GET/POST requests with query strings

Web Scanner

Note: The scanner is in the stable stage of development.

The STS Scanner is capable discovering the following web application vulnerabilities:

SQL Injection
Cross Site Scripting
Directory Listing

The scanner has intelligent capabilities to perform enumeration and exploits on discovered sql injection points. The following information is enumerated:

Validate SQL injection (i.e., reduces false positives)
Enumerate backend database type (currently supports MS SQL, Oracle and MySQL)
Enumerate the number of columns at the injection point
Enumerate the data type of each column identified

The scanner uses the pages identified from the web crawl to test the following attack vectors:

URL parameters in all GET and POST requests
POST parameters in all GET and POST requests
HTTP headers including referer, user-agent and cookie
Pages
Directory listings

Information

Version: 1.0.1
Release Date: January 8, 2008
License: GPL v3
MD5 Sum: 1d722ce3948e797fcd79e44f1f9f4b13 sts-scanner.tar.gz

Documentation

Library interfaces can be found here
The tutorial can be found here

Downloads

Download this tool now
Download the tutorial now