• Home
• Services
• Resources
• Blog
• Contact Us

Security News

External Links

• Home
• Resources
• Free Tools

STS Scanner

The Security Technology Science (STS) Scanner's humble beginnings began as a Ruby port of the Perl version of ExtendedScanner presented in Ch 8 and 9 of Network Security Tools by Justin Clarke et al. You can find out more information about this progression by visiting the educational sections of our website starting with the Simple Scanner and then moving to the Extended Scanner.

Today the scanner has a lot more additional features that will continue to grow and be freely available for the open source community to expand upon. Hopefully providing a freely available Web Application Scanner that can deliver an adequate level of security to a broad community.

Technical Features

Web Engine

The STS Scanner's internal engine acts much the same as the browser you are currently using to view this page. The scanner's internal core uses Mechanize for automating interactions with websites. This allows the scanner to automatically store and send cookies, follow redirects, follow links, submit forms, run over SSL connections and understand HTTP 0.9, 1.0, 1.1. Mechanize also keeps track of the sites that you have visited as a history and provides a detailed log of all requests.

The following authentication schemes are also recognised:

• Proxy authentication
• Basic authentication
• Digest authentication
• Cookie authentication
• SSL Certificate authentication
• CA verification

Web Crawler

The STS Scanner is capable of intelligently crawling a web application and/or parsing a Burp log file to build the application attack surface. It's important that this attack surface be as close to 100% of the application's actual surface to provide the best possible level of assurance that all avenues are being tested. As such, the crawling functionality currently uses Hricot to flexibly and quickly parse HTML web pages identifying the following types of URLs:

• Frames, iFrames src value
• Anchor tags href with a standard value
• Anchor tags href with a javascript value
• Anchor tags onclick with an ajax value
• Image tags with src value
• Form tags and fields to build GET/POST requests with query strings

Web Scanner

The STS Scanner is capable discovering the following web application vulnerabilities:

• SQL Injection
• Cross Site Scripting
• Directory Listing

The scanner has intelligent capabilities to perform enumeration and exploits on discovered sql injection points. The following information is enumerated:

• Validate SQL injection (i.e., reduces false positives)
• Enumerate backend database type (currently supports MS SQL, Oracle and MySQL)
• Enumerate the number of columns at the injection point
• Enumerate the data type of each column identified

The scanner uses the pages identified from the web crawl to test the following attack vectors:

• URL parameters in all GET and POST requests
• POST parameters in all GET and POST requests
• HTTP headers including referer, user-agent and cookie
• Pages
• Directory listings

Information

Version: 1.0.1
Release Date: January 8, 2008
License: GPL v3
MD5 Sum: 1d722ce3948e797fcd79e44f1f9f4b13 sts-scanner.tar.gz

Documentation

Library interfaces can be found here
The tutorial can be found here

Downloads

Download this tool now
Download the tutorial now

© 2006 - 2008 Security Technology Science
ABN: 46 121 607 243

• Home
• Privacy Policy
• Contact Us

   Design by GetTemplate.com