Expand the owasp branch with more web application attacks/scans

evyatarmeged / Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

MIT License

3.07k stars 396 forks source link

Expand the owasp branch with more web application attacks/scans #28

Open evyatarmeged opened 5 years ago

evyatarmeged commented 5 years ago

I started coding some attacks/scans into Raccoon - this is done in the owasp branch. This is supposed to broaden its vulnerability scanning abilities and help it assist with areas it is not addressing fully at the moment.

I have coded most/all of the directory traversal module but I currently have no time to add more scans and attacks from the web application world, let alone write unit tests for the existing ones.

I'd love to get assistance on this, from simple suggestions in this issue to proper PRs - everything is appreciated.

On a side note, I started working on an XSS module as part of this branch but decided to drop it. I don't believe XSS is a good fit for an automated scan. XSS is something that is best done manually - with implications being observed by the attacker immediately, while detecting them using an automated tool is a lot harder and can have a ton of false positives/negatives.

murksombra commented 4 years ago

Still want some help? I just faced this tool and it seems that no big updates have been done since 2018 :thinking: Are you trying to implement attacks/tests for the owasp top ten?

evyatarmeged commented 4 years ago

Still want some help? I just faced this tool and it seems that no big updates have been done since 2018 thinking Are you trying to implement attacks/tests for the owasp top ten?

Sure! I really can't find the time to invest in the project (or any others tbh) but I would love for you to contribute. What did you have in mind ?

murksombra commented 4 years ago

I was thinking of continue your efforts in implement the remainder of owasp top 10.. Which of these have you covered?

[ ] Injection
[ ] Broken Authentication
[ ] Sensitive Data Exposure
[ ] XML External Entities (XXE).
[ ] Broken Access Control.
[ ] Security Misconfiguration
[ ] Cross-Site Scripting XSS
[ ] Insecure Deserialization
[ ] Insufficient Logging & Monitoring

evyatarmeged commented 4 years ago

I was thinking of continue your efforts in implement the remainder of owasp top 10.. Which of these have you covered?

* [ ]   Injection

* [ ]      Broken Authentication

* [ ]      Sensitive Data Exposure

* [ ]      XML External Entities (XXE).

* [ ]      Broken Access Control.

* [ ]      Security Misconfiguration

* [ ]      Cross-Site Scripting XSS

* [ ]      Insecure Deserialization

* [ ]      Insufficient Logging & Monitoring

Honestly I didn't get by to finish any of the above. The project started as a recon tool with a plan to expand further later. You can prioritize the top 10 as you see fit. I would prefer starting with things that are not covered thoroughly in other tools (like XSS and Injection which there are plenty of other solutions for).