-
-
Notifications
You must be signed in to change notification settings - Fork 746
HelpAddonsPscanrulesBetaPscanbeta
The following beta quality passive scan rules are included in this add-on:
This reports any cookies that do not have the SameSite attribute or that do not have a recognised valid value for that attribute.
Passively scan responses for Cross Domain MisConfigurations, which relax the Same Origin Policy in the web browser, for instance. The current implementation looks at excessively permissive CORS headers.
Attempts to identify the existence of sensitive details within the visited URIs themselves (this may include parameters, document names, directory names, etc.).
Identifies the existence of sensitive details within the the Referrer header field of HTTP requests (this may include parameters, document names, directory names, etc.).
Analyzes web content to identify comments which contain potentially sensitive details. Which may lead to further attack or exposure of unintended data.
This checks response headers for the presence of X-Powered-By details.
Searches response content for HTML forms which fail to specify an action element. Version 3 of the Java Servlet spec calls for aggregation of query string and post data elements which may result in unintended handling of user controlled data. This may impact other frameworks and technologies as well.
A timestamp was disclosed by the application/web server.
If any context contains defined users this scanner checks all responses for the presence of hashed values representing those usernames. Discovery of any such value may represent an Insecure Direct Object Reference (IDOR) vulnerability. Alerts are only raised as informational items as further manual testing is required in order to confirm and assess impact.
This checks response headers for the presence of X-AspNet-Version/X-AspNetMvc-Version details.
This checks response headers for the presence of X-Debug-Token and X-Debug-Token-Link details. Which indicates the use/exposure of Symfony's Profiler. Symfony's Profiler provides access to a significant amount of information of interest to malicious individuals and Security Testers.