Web Cache Vulnerability Scanner v1.0.1 releases: CLI tool for testing for web cache poisoning

Web Cache Vulnerability Scanner

Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit.

The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficient testing. It is highly customizable and can be easily integrated into existing CI/CD pipelines.

Features

• Support for 9 web cache poisoning techniques:
  1. Unkeyed header poisoning
  2. Unkeyed parameter poisoning
  3. Parameter cloaking
  4. Fat GET
  5. HTTP response splitting
  6. HTTP request smuggling
  7. HTTP header oversize (HHO)
  8. HTTP meta character (HMC)
  9. HTTP method override (HMO)
• Analyzing a web cache before testing and adapting to it for more efficient testing
• Generating a report in JSON format
• Crawling websites for further URLs to scan
• Routing traffic through a proxy (e.g., Burp Suite)
• Limiting requests per second to bypass rate limiting

Usage

WCVS is highly customizable using its flags. Many of the flags can either contain a value directly or the path to a file.

The only mandatory flag is -u/–url to provide the target URL which should be tested for web cache poisoning. The target URL can be provided in different formats,

WCVS needs two wordlists in order to test for the first 5 techniques – one wordlist with header names and one with parameter names. The wordlists can either be present in the same directory WCVS is executed from or specified using the –headerwordlist/-hw and –parameterwordlist/-pw flags.

Changelog v1.0.1

Readme: install methods

• fixed install option 2 – fetch repository using go (Thanks to @hahwul) 218f0af
• added install option 3 – docker (Thanks to @hahwul) 218f0af 9fd92dc 5f5d58b

web cache poisoning techniques

• improved HTTP Method Override DOS technique: added more HTTP request methods f4ca674
• added new DOS variant: X-Forward-Scheme c7b3b7c
• added new DOS variant: Set User-Agent to a probable blacklisted security scanner f17e0f5
• added new DOS variant: DOS via illegal header name (currently disabled, because of limitations of the go net/http module) 79ea4c5 b15374e

bug fixes

• fixed rate limiting bug rate Wait: rate: Wait(n=1) exceeds limiter's burst 0 ddfe105
• added missing string 9856114

minor improvements

• converting OnlyTest and SkipTest Value to lowercase cc1c14f
• improved header/parameter wordlist and other file read error messages 7d3f09d
• added check if proxy cert could be added 150090c
• typo fix d1dfcca

miscellaneous

• added bash script to generate binaries and sha256 sums 9ada6c8
• changed go module from /v2 to / afedc51
• upgraded golang.org/x/net from v0.0.0-20211020060615-d418f374d309 to v0.0.0-20220107192237-5cfca573fb4d afedc51
• upgraded golang.org/x/time from v0.0.0-20210723032227-1f47c861a9ac to v0.0.0-20211116232009-f0f3c7e86c11 afedc51

Download & Tutorial