This project aims to simplify the field of Dynamic Application Security Testing. The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, ZAP, Nuclei, SkipFish, and Wapiti.
This software offers a user-friendly graphical interface which presents a comprehensive report for each scan, making the scanning process effortless and straightforward.
The main focus of this scanner is on web injection vulnerabilities such as SQL injection, XSS injection, OS command injection, XML injection, and many more. Additionally, it provides a list of vulnerabilities supported by each scanner, apart from injection vulnerabilities.
We offer two types of reports. The first is a consolidated report in JSON format, which includes important reports from each scanner. It contains details such as the vulnerability, the corresponding URL, the parameter used, the Curl command, the attack vector, a description of the vulnerability, and more.
The second report is an HTML file format that specifically highlights successful injection attacks. Our results and decisions are based on a novel learning algorithm proposed during the ("A Meta-Scan based approach for the detection of injection vulnerabilities in Web applications.", -University May 8, 1945 -Guelma -, Computer Science Department, Presented by: SEYYID TAQY EDINE OUDJANI, Supervised by: DR. ABDELHAKIM HANNOUSSE. 2023). [https://dspace.univ-guelma.dz/jspui/handle/123456789/15028].
List of Main Vulnerabilities supported:
The installation process requires a specific set of requirements. While this project is primarily supported on Kali Linux, it can also be compatible with other operating systems:
ZAP:
Wapiti:
Skipfish:
Nikto :
Nuclei:
Python 3 * Libraries:
optional requirments for more features:
(Note: Please note that I will be creating a bash script to automate the installation steps for Linux users as soon as possible.)
After cloning the repository to your local machine, you can initiate the application by executing the command python3 Metascan.py.
Then, you can navigate through the interface of the application.
A Docker image is available in OSTEscaner directory. It is based on kali linux and will need a xserver to display the python GUI. On linux, you probably already have one runnig, on windows (including WSL) good oss servers are vcxsrv or xming.
first export your display:
Linux: export DISPLAY=:0.0
Windows (wsl): export DISPLAY="$(grep nameserver /etc/resolv.conf | sed 's/nameserver //'):0"
then build & run the docker image:
docker build -t metascan .
docker run -e DISPLAY=$DISPLAY --network=host metascan
troubleshooting:
_tkinter.TclError: couldn't connect to display
error. As it is based on network communication, yo may need to include your local ip address: e.g. export DISPLAY:192.168.100.5:0.0
, on windows you may look for tutorial on xming and install additional fonts.Failed to fetch http://http.kali.org/
) just retry the buildWe welcome contributions to enhance and improve this project.
either by donation :
or by your power of mind .contribute, please follow these guidelines:
Please note that all contributions will be reviewed by the project maintainers. We appreciate your effort and will do our best to provide timely feedback.
If you have any questions or need further clarification, feel free to reach out to us through the issue tracker or by contacting the project maintainers directly.
This project is under GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007.
This project is intended for educational purposes and aims to simplify the overall assessment of cybersecurity. However, we want to emphasize that we are not liable for any malicious use of this application. It is crucial that users of this software exercise responsibility and ethical behavior. We strongly recommend notifying the targets or individuals involved before utilizing this software.
linkdin:(https://www.linkedin.com/in/oudjani-seyyid-taqy-eddine-b964a5228)