This test performs a basic reconnaissance and initial analysis of the target website. It fetches the page content, checks for directory listings, common error messages (e.g., SQL errors), and analyzes server banners and `robots.txt` for publicly exposed information.
Attempts to detect SQL Injection vulnerabilities by sending malicious SQL queries through common input parameters. It checks for database error messages or changes in application behavior that indicate successful injection.
Probes for Cross-Site Scripting (XSS) vulnerabilities by injecting malicious scripts into input fields and analyzing the page's response or behavior. It looks for reflection of the script or execution in the client-side context.
Leverages the `testssl.sh` tool to perform a comprehensive analysis of the target's SSL/TLS configuration. It checks for supported protocols, cipher suites, certificate validity, and known SSL/TLS vulnerabilities (e.g., Heartbleed, POODLE, DROWN). This is a thorough and potentially long-running test.
Analyzes the HTTP response headers of the target URL for the presence and correct configuration of common security-related headers, such as HSTS, X-Frame-Options, X-Content-Type-Options, and Content-Security-Policy. Missing or misconfigured headers can expose the application to various client-side attacks.
Performs passive information gathering on the target. This includes checking DNS records, analyzing `robots.txt` for disallowed paths, and identifying potential subdomains or exposed services.
Attempts to detect CSRF vulnerabilities by simulating an attack where a malicious website forces a user's browser to perform an unwanted action on a trusted site. It checks for the presence and proper validation of CSRF tokens.
Checks for Open Redirect vulnerabilities, where an application allows a user to be redirected to an arbitrary external URL by manipulating a parameter. This can be exploited for phishing attacks.
Probes for Directory Traversal (Path Traversal) vulnerabilities by attempting to access files and directories outside of the intended web root using sequences like `../` (dot-dot-slash) in URL parameters.
Attempts to identify unintended exposure of sensitive data (e.g., API keys, database credentials, PII) in publicly accessible files, response bodies, or misconfigured resources. This test is generally heuristic and might require manual verification.
Simulates a token replay attack by attempting to reuse authentication or session tokens multiple times to gain unauthorized access, checking if the application properly invalidates tokens after single use or expiry.
Tests for session fixation vulnerabilities by trying to force a user into a known session ID before they log in. It checks if the application generates a new session ID after successful authentication.
A conceptual test that attempts common multi-factor authentication (MFA) bypass techniques, such as trying to access protected resources directly after supplying only the first factor, or guessing common OTPs.
Similar to SSL/TLS Configuration Check, this test specifically looks for misconfigurations in TLS settings, such as weak cipher suites, outdated TLS versions, or improper certificate chaining, which could lead to man-in-the-middle attacks.
Probes for missing or ineffective rate limiting mechanisms on login forms, API endpoints, or other critical functions by sending a high volume of requests. It identifies if brute-force or enumeration attacks are feasible.
Tests for mass assignment vulnerabilities by attempting to submit unintended or sensitive parameters (e.g., 'isAdmin', 'role', 'price') in a legitimate request to see if the application processes them, potentially leading to privilege escalation or data manipulation.
For detailed reports and deeper analysis, please use the main VAPT Explorer interface.
