OSTE-Meta-Scanner: A comprehensive web vulnerability scanner

comprehensive web vulnerability scanner

OSTE-Meta-Scanner

This project aims to simplify the field of Dynamic Application Security Testing. The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, OWASP ZAP, Nuclei, SkipFish, and Wapiti.

This software offers a user-friendly graphical interface which presents a comprehensive report for each scan, making the scanning process effortless and straightforward.

The main focus of this scanner is on web injection vulnerabilities such as SQL injection, XSS injection, OS command injection, XML injection, and many more. Additionally, it provides a list of vulnerabilities supported by each scanner, apart from injection vulnerabilities.

We offer two types of reports. The first is a consolidated report in JSON format, which includes important reports from each scanner. It contains details such as the vulnerability, the corresponding URL, the parameter used, the Curl command, the attack vector, a description of the vulnerability, and more.

The second report is an HTML file format that specifically highlights successful injection attacks. Our results and decisions are based on a novel learning algorithm proposed during the (“A Meta-Scan based approach for the detection of injection vulnerabilities in Web applications.”, -University May 8, 1945 -Guelma -, Computer Science Department, Presented by: SEYYID TAQY EDINE OUDJANI, Supervised by: DR. ABDELHAKIM HANNOUSSE. 2023).

Features

List of Main Vulnerabilities supported:

  1. Injection
  • SQL injection
  • Cross site scripting
  • OS command injection
  • XML injection
  • XSLT injection
  • XML External entites
  • code injection
  • host header injection
  • html injection
  • Template injection (server-side)
  • CRLF injection
  • OGNL injection
  1. Other vulnerabilities (refer to the repository of each scanner for a complete list.)
  • Skipfish Vulnerabilities support List.
  • Wapiti Vulnerabilities support List.
  • OWASP ZAP Active Attack list.
  • Nikto Vulnerabilities support List (Specified: Tunning 9 & 4).
  • Nuclei CVE-Template.

Install & Use

Copyright (C) 2024 OSTEsayed