Table of contents
Introduction to AWVS
AWVS is an automated web application security testing tool that scans any web site and web application that is accessible through a web browser and follows HTTP/HTTPS rules. Intranet, extranet and Web site for customers, employees, manufacturers and others for any small, medium and large enterprise. AWVS can audit the security of web applications by checking for vulnerabilities such as SQL injection attack vulnerabilities, XSS cross-site scripting attack vulnerabilities, etc.
AWVS function introduction
- WebScanner: core function, web security vulnerability scanning (depth, width, limit 20)
- Site Crawler: Site crawling, traversing the site directory structure
- Target Finder: Host discovery, find out the hosts with ports 80 and 443 opened on a given network segment
- Subdomian Scanner: Subdomain scanner, using DNS query
- Blind SQL Injector: Blind Injection Tool
- Http Editor http: protocol packet editor
- HTTP Sniffer: HTTP protocol sniffer (fiddler, wireshark, bp)
- HTTP Fuzzer: Fuzzing Tool (bp)
- Authentication Tester: Web authentication cracking tool
Installation of AWVS
Download address: Baidu network disk
Link: https://pan.baidu.com/s/1mH0SOaDeElZ_NTuK2NSArw
Extraction code: zgqq
After decompressing on Windows, copy the awvs installation package to the root directory of the kali system.
Configure awvs13-linux directory access permissions
sudo chmod 755 ./awvs13-linux/
Enter the awvs13-linux directory and give execute permission to all files in this directory
cd awvs13-linux
sudo chmod +x *
Run the acunetix_13.0.200217097_x64_.sh script
sudo ./acunetix_13.0.200217097_x64_.sh
Enter Enter
enter q
enter yes
Then enter IP: 127.0.0.1, account and password
Note: The password must contain one lowercase letter, one uppercase letter, Chinese numbers and special symbols.
After the final installation is complete, this address will be automatically generated,
Enter the following two commands at the command line before logging in to crack the activation.
sudo cp -rf wvsc /home/acunetix/.acunetix/v_200217097/scanner/
sudo cp -rf license_info.json /home/acunetix/.acunetix/data/license/
Access via browser.
Use of AWVS
It is very simple to operate, similar to the nessus tool to use.
Click Scan, click New Scan, enter the URL or IP to start scanning. Here is an example of the dc-4 shooting range.
After the scan is complete, we open the loopholes and we can see the loopholes that were swept out.
At the same time, we can export the scanned results in the form of reports.