New Module (July 23): Virtual Penetration Testing

🚀 New Module Release 

We’ve just dropped a new module: Virtual Penetration Testing

🌟 New Features:

Dashboard

• Total Vulnerabilities Detected
• Severity Gauge 
• Penetration Activity
• Penetration Graph
• Top Vulnerabilities Detected
• Recent Penetration Test
• Top Exploitable Assets

Limitation: Widget currently not clickable.

Penetration Test Page

• List of Scans
• New Scan Button

New Scan: User can successfully add new scan

Limitation: 
1) Only "One Time" setting can be selected for Set Frequency 
2) Only "Now" setting can be selected for Start Time

Specific Scan Details

Known Issues:

• Actual progress percentage of the scan

Type of Attack Information: Only basic functionalities of each attack above are being performed by the tool. Wapiti Tool is currently being used. 

• Can only support limited type of attacks
  • backup (Search copies of scripts and archives on the web server)
  • brute_login_form (Brute Force login form using a dictionary list)
  • buster (DirBuster like module)
  • cms (Scan to detect CMS and their versions)
  • cookieflags (Checks Secure and HttpOnly flags)
  • crlf (CR-LF injection in HTTP headers)
  • csp (Detect lack of CSP or weak CSP configuration)
  • csrf (Detects forms not protected against CSRF or using weak anti-CSRF tokens)
  • exec (Code execution or command injection)
  • file (Path traversal, file inclusion, etc)
  • htaccess (Misconfigured htaccess restrictions)
  • htp (Identify web technologies used the HashThePlanet database)
  • xss (XSS injection module)
  • upload (File upload vulnerabilities)
  • nikto (Look for known vulnerabilities by testing URL existence and checking responses)