Automatically detects SQL injection, cross site scripting and other web vulnerabilities
SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitor´s browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about SQL injection and cross site scripting at the Acunetix web site security centre.
Other detected Web Vulnerbilities
- CRLF injection attacks
- Code execution attacks
- Directory traversal attacks
- File inclusion attacks
- Authentication attacks
Detects Google hacking vulnerabilities
Google hacking is the term used for a hacker trying to find exploitable targets and sensitive data by entering queries in search engines. The Google Hacking Database (GHDB) contains queries that identify sensitive data such as portal logon pages, logs with network security information, and so on. Acunetix launches all the Google hacking database queries onto the crawled content of your web site, to find any sensitive data or exploitable targets before a “search engine hacker” does. The Google hacking feature is a unique, industry-first feature.
Extend attacks with the HTTP editor & sniffer
With the HTTP editor, you can construct HTTP/HTTPS requests and analyze the web server responses. Use it to perform custom SQL injection and cross site scripting attacks. With the HTTP sniffer you can log, intercept and modify all HTTP/HTTPS traffic, giving you an in-depth insight into what data your web application is sending.
HTTP fuzzer – Automated, rule based variable testing
The HTTP fuzzer tool allows you to create rules to automatically test for buffer overflows & input validation. For example, using the HTTP fuzzer you could create a rule which replaces the variable part in a URL (e.g.http://test.acunetix.com/listproducts.php?cat=1 with the numbers 1 – 999. This way you could launch a 1000 queries, only checking meaningful results, saving a great deal of time compared to manual testing.
Crawl password protected areas
Acunetix Web Vulnerability Scanner can be configured to scan password protected sections of the website with one or more user/password combinations. Using the login sequence tool, which works similarly to a macro recorder, one can easily configure the path the scanner must crawl, including links it should not follow, such as a logout link.
Automatic HTML form filler
The HTML form filler allows you to configure different inputs that you want the web scanner to give when it encounters an HTML form. This way you can automatically test how your website behaves for different types of inputs.
- Test password strength of login pages by launching a dictionary attack
- Report Generator: Creates reports specifying the vulnerabilities detected and suggests what can be done to resolve them.
- Create custom web attack & check or modify existing ones with the Vulnerability editor
- Supports all major web technologies, including ASP, ASP.NET, PHP and CGI
- Use different scanning profiles to scan websites with different identity and scan options
Compare scans & find differences with previous scans and discover new vulnerabilities
- Easily re-audit website changes
- Crawl & interpret Flash files
- Automatic Custom error page detection
- Discovers directories with weak permissions
- Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE) and inspects the HTTP version banners for vulnerable products.
Windows 2000/2003 or Windows XP, Internet Explorer 5.1 or higher, MS SQL Server/Access if database is enabled, 200MB of hard disk space.