Auto Web Application Penetration Testing: Vulnerability Scanning

On previous post, I did Intelligence Gathering phase. After gathering target info, i need to do Vulnerability Scanning.

  1. Run Auto-WebApp-PenTest.sh script, choose option 2
  2. All tools on this option will use “result.txt” file that you found on Intelligence Gathering phare.

    This script try to find all input on target website that you can “control” this input. All input will be save on target_domain.txt file

  3. Auto running all tools agains this url (sqlmap for finding sqli, xss scan for finding xss, lfi scan for finding lfi, server side tamplate injection, javascript vulerability and more…)                                                                                         Scanning sql,lfi, xss, javascript vulnerability                                                                                       Scanning SSTI, SQLi…

DEMO

https://www.youtube.com/watch?v=nYmNnI-4pbQ