السلام عليكم ورحمة الله و بركاته
لقد ولت تلك الايام التي كان علينا ان نفتح ملفا ملوثا او نشغل برنامجا مصابا لينتشر فيروس او تروجان او سبايوير
................الى ما هنالك من اسماء جديدة م ومتجددة من الاخطار و التهديدات
يكفي اليوم ان تتصفح موقعا ملوثا ليصيب جهازك نصيبه من تلك الاخطار
و تلك المواقع الملوثة قصدا و عن عمد و منها ما هو ضحية اختراق لهاكرز او عصابات منظمة
و كثيرا ما تضطر تلك المواقع للتوقف لحين اصلاح الاضرار اذا كان بالامكان هذا
و لا شك ان المواقع الاكثر عرضة للاختراق هي المواقع الاضعف امنيا مثلها مثل الاجهزة الشخصية غير المؤمنة
و الحل يكون بوسيلة ما لفحص الثغرات و اعطاء تقرير تفصيلي لمعرفة مناطق الضعف و الثغرات الموجودة في هذا الموقع او ذاك و بالتالي تعديلها و تحديث ما يلزم منها
برنامج:
Acunetix Web Vulnerability Scanner v9.0
الشركة:
السعر:
بحسب نوع الترخيص و معنا الان النسخة الاعلى نسخة الاستشاريين Consultant Edition: Unlimited Websites
غير المحدودة و سعرها:
€ 4695 يورو او ما يعادل $ 6350 دولار
يمكن للبرنامج ان يتفحص اوتوماتيكيا و بشكل متعاقب المواقع لكشف الثغرات
In depth checking for SQL Injection, Cross Site Scripting (XSS) and Other Vulnerabilities
تفحص عميق ل SQL injection و هي تعديلات يجريها الهاكرز على الاوامر SQL commands ليدخلوا الى البيانات
بشكل كامل
و هذا الفحص يحتاج محركا قويا بالغ التعقيد كمحرك البرنامج و الذي يتفحص بالتفصيل:
Which Vulnerabilities does Acunetix WVS Check for?
Acunetix WVS automatically checks for the following vulnerabilities among others:
Version Check
Vulnerable Web Servers
Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
Web Server Configuration Checks
Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
Verify Web Server Technologies
Parameter Manipulation
Cross-Site Scripting (XSS) – over 40 different XSS variations are tested.
SQL Injection
Code Execution
Directory Traversal
File Inclusion
Script Source Code Disclosure
CRLF Injection
Cross Frame Scripting (XFS)
PHP Code Injection
XPath Injection
Path Disclosure (Unix and Windows)
LDAP Injection
****** Manipulation
Arbitrary File creation (AcuSensor Technology)
Arbitrary File deletion (AcuSensor Technology)
Email Injection (AcuSensor Technology)
File Tampering (AcuSensor Technology)
URL redirection
Remote XSL inclusion
MultiRequest Parameter Manipulation
Blind SQL/XPath Injection
File Checks
Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
Cross Site Scripting in URI
Checks for Script Errors
File Uploads
Unrestricted File uploads Checks
Directory Checks
Looks for Common Files (such as logs, traces, CVS)
Discover Sensitive Files/Directories
Discovers Directories with Weak Permissions
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
HTTP Verb Tampering
Text Search
Directory Listings
Source Code Disclosure
Check for Common Files
Check for Email Addresses
Microsoft Office Possible Sensitive Information
Local Path Disclosure
Error Messages
Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)
Weak Passwords
Weak HTTP Passwords
GHDB Google Hacking Database
Over 1200 GHDB Search Entries in the Database
Port Scanner and Network Alerts
Port scans the web server and obtains a list of open ports with banners
Performs complex network level vulnerability checks on open ports such as:
DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
Security and configuration checks for badly configured proxy servers
Checks for weak SNMP community strings and weak SSL cyphers
and many other network level vulnerability checks!
Other web vulnerability checks
Cross-site request forgery (CSRF)
Other vulnerability tests may also be peformed using the advanced penertation testing tools provided, including:
Input Validation (also performed automatically)
Authentication attacks (also performed automatically)
Buffer overflows
Blind SQL injection (also performed automatically)
Sub domain scanning
AcuSensor Technology – identify more vulnerabilities with less false positives
تفحص كبير و عالي النوعية مع اقل قدر من الانذارات الكاذبة بمحرك قوي قادر على تمييز موضع الخطورة
و يعطيك مكان الخطأ في source code و كيفية تعديلها debug information
مثال على تقرير بوجود تهديد
مثال على تهديد PHP code injection
Port Scanner and Network Alerts تفحص المنافذ و تهديدات الشبكة
Detailed reports enable you to meet Legal and Regulatory Compliance
تقارير مفصلة
Advanced penetration testing tools included
ادوات اضافية متطورة
تتضمن:
HTTP Editor - With this tool you can easily construct HTTP/HTTPS requests and analyze the web server response.
HTTP Sniffer - Intercept, log and modify all HTTP/HTTPS traffic and reveal all data sent by a web application
HTTP Fuzzer - Performs sophisticated testing for buffer overflows and input validation. Test thousands of input variables with the easy to use rule builder of the HTTP fuzzer. Tests that would have taken days to perform manually can now be done in minutes.
Blind SQL Injector - Ideal for penetration testers, the Blind SQL injector is an automated database data extraction tool that is perfect for making manual tests that allow further testing for SQL injections.
Create custom attacks or modify existing ones with the Web Vulnerability Editor
Scan AJAX and Web 2.0 technologies for vulnerabilities
محرك CSA (client script analyzer) لفحص ال AJAX / Web 2.0 المعقدة لكشف التهديدات
Test password protected areas and web forms with Automatic HTML form filler
يتفحص الصفحات التي تتطلب باسوورد و التي تعجز البرامج التقليدية عنها
Acunetix Web Vulnerability Scanner is able to automatically fill in web forms and authenticate against web logins. Most web vulnerability scanners are unable to do this or require complex scripting to test these pages. Not so with Acunetix: Using the macro recording tool you can record a logon or form filling process and store the sequence. The scanner can then replay this sequence during the scan process and fill in web forms automatically or logon to password protected areas.
Analyzes your site against the Google Hacking Database
المستعملة من الهاكرز
The Google Hacking Database (GHDB) is a database of queries used by hackers to identify sensitive data on your website such as portal logon pages, logs with network security information, and so on. Acunetix launches the Google hacking database queries onto the crawled content of your web site and identifies sensitive data or exploitable targets before a “search engine hacker” does.
قائمة الفحص:
Which Vulnerabilities does Acunetix WVS Check for?
Acunetix WVS automatically checks for the following vulnerabilities among others:
Version Check
Vulnerable Web Servers
Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
Web Server Configuration Checks
Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
Verify Web Server Technologies
Parameter Manipulation
Cross-Site Scripting (XSS) – over 40 different XSS variations are tested.
SQL Injection
Code Execution
Directory Traversal
File Inclusion
Script Source Code Disclosure
CRLF Injection
Cross Frame Scripting (XFS)
PHP Code Injection
XPath Injection
Path Disclosure (Unix and Windows)
LDAP Injection
****** Manipulation
Arbitrary File creation (AcuSensor Technology)
Arbitrary File deletion (AcuSensor Technology)
Email Injection (AcuSensor Technology)
File Tampering (AcuSensor Technology)
URL redirection
Remote XSL inclusion
MultiRequest Parameter Manipulation
Blind SQL/XPath Injection
File Checks
Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
Cross Site Scripting in URI
Checks for Script Errors
File Uploads
Unrestricted File uploads Checks
Directory Checks
Looks for Common Files (such as logs, traces, CVS)
Discover Sensitive Files/Directories
Discovers Directories with Weak Permissions
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
HTTP Verb Tampering
Text Search
Directory Listings
Source Code Disclosure
Check for Common Files
Check for Email Addresses
Microsoft Office Possible Sensitive Information
Local Path Disclosure
Error Messages
Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)
Weak Passwords
Weak HTTP Passwords
GHDB Google Hacking Database
Over 1200 GHDB Search Entries in the Database
Port Scanner and Network Alerts
Port scans the web server and obtains a list of open ports with banners
Performs complex network level vulnerability checks on open ports such as:
DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
Security and configuration checks for badly configured proxy servers
Checks for weak SNMP community strings and weak SSL cyphers
and many other network level vulnerability checks!
Other web vulnerability checks
Cross-site request forgery (CSRF)
Other vulnerability tests may also be peformed using the advanced penertation testing tools provided, including:
Input Validation (also performed automatically)
Authentication attacks (also performed automatically)
Buffer overflows
Blind SQL injection (also performed automatically)
Sub domain scanning
البرنامج سهل الاستخدام و عند فتحه تظهر شاشة يمكن ادخال عنوان الموقع المراد فحصه
https://mega.co.nz/#!9A1SwZgT!BeVwNV1VU9ZhH-EMXqcsiYJBeB--kJ_JGI2PDq9jcJY
0 التعليقات