WAVS (Web App Vulnerability Scanner) is a tool to scan & test URLs for certain vulnerabilities & security issues by simply inspecting the corresponding client-side website. The overall system would include a virtual server with modules for detecting the different vulnerabilities, along with a proxy server, to direct requests from a browser to the virtual server first while visiting a website. The proxy could warn the user before redirecting to the website if some vulnerabilities are found during the scan done by our virtual server.
We intend to identify & assess the following security issues that a website may suffer from:
- Absence of Valid TLS Certificates
- Cross-Site Scripting (XSS)
- Potential Phishing Attempts
- Open Redirection
-
Fire up a terminal, clone this repository using
git clone https://github.com/tezansahu/WAVS.git&cdinto it -
Start the WAVS server using the following steps (Python 3 required):
$ cd server $ pip install -r requirements.txt # Install all the packages required for running the server $ python main.py
This will start the WAVS virtual server at
https://localhost:9000 -
Fire up another terminal & start the WAVS proxy using the following steps (Node.JS required):
$ cd proxy $ npm i # Install the packages necessary to run the proxy $ node wavs_proxy.js
This will start the WAVS proxy at
https://localhost:8000with default settings (full scan). To start the proxy for a selective scan, use the following:# Perform only SSL/TLS Certificate checking & XSS detection $ node wavs_proxy.js --scan selective --tls_cert --xss # Perform only Phishing & Open Redirct detection $ node wavs_proxy.js --scan selective --phishing --open_redirect
-
Now open a browser & type
http://localhost:8000/in the address bar. This will open up the WAVS landing page which should look as follows:
-
To perform a scan for any URL, just append
/<URL>to the proxy address in the address bar.For example, if you wish to perform a scan for
https://google.co.in, the contents of the address bar should look like:http://localhost:8000/https://google.co.inWAVS will perform the scan within 10-20 s & return a dashboard containing the details of the potential vulnerabilities present in the website.
After performing a scan, WAVS displays a dashboard containing details about the various vulnerabilities. Following are the results of a scan performed on https://bugslayers-cs416-open-redirect.herokuapp.com/
To demonstrate the full capacity of WAVS at once, we created a dummy website, with some inherent vulnerabilities that WAVS can detect:
- Open Redirect vulnerability was introduced by allowing redirects to any URL if mentioned as the
?url=query parameter in the address - Cross-Site Scripting has been introduced through a small vulnerable form, which allows JavaScript code input & executes it on the browser
- Since the website is recently deployed, & has very few backlinks, ranks low on PageRank & Alexa,it may be considered potentially phishy as well
- The certificate chain has some issue with the signature algorithm of one of the SSL certificates, hence the SSL certificate verification also fails
The website was developed using express (Node.js) & deployed on Heroku. It can be accessed at: https://bugslayers-cs416-open-redirect.herokuapp.com/
The code for this website can be found here.
Created with ❤️ by Tezan Sahu, Shreya Laddha, Saavi Yadav & Amol Shah