View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007531 | Kali Linux | [All Projects] Queued Tool Addition | public | 2022-01-10 14:59 | 2022-05-04 12:55 |
| Reporter | m10x.de | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | acknowledged | Resolution | open | ||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0007531: Web Cache Vulnerability Scanner (WCVS) - fast and versatile CLI scanner for web cache poisoning | ||||
| Description | [Name] - Web Cache Vulnerability Scanner (WCVS) [Version] - 1.0.0 or newer if available [Homepage] - https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner [Download] - https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner/releases/latest [Author] - https://hackmanit.de/ [Licence] - Apache 2.0 [Description] - The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficient testing. It is highly customizable and can be easily integrated into existing CI/CD pipelines. [Dependencies] - A standalone binary can be compiled with go [Similar tools] - The burp suite plugin "Param Miner" comes nearest to it, however doesn't support all features and web cache poisoning techniques that [Activity] - It is actively deployed and what started April 2021 [How to install] - Compile a binary yourself using go >= 1.16 or use a precompiled binary from the release page Go version >= 1.17: go install -v github.com/Hackmanit/[email protected] Go version <= 1.16: go get -u github.com/Hackmanit/Web-Cache-Vulnerability-Scanner [How to use] - What are some basic commands/functions to demonstrate it? Scan example.com for web cache poisoning using a specified header and parameter wordlist: wcvs -u https://example.com -hw "file:/home/user/Documents/wordlist-header.txt" -pw "file:/home/user/Documents/wordlist-parameter.txt" Generate a JSON report while scanning: wcvs -u https://example.com -hw "file:/home/user/Documents/wordlist-header.txt" -pw "file:/home/user/Documents/wordlist-parameter.txt" -gr Route the traffic through a proxy (e.g. Burp Suite) wcvs -u https://example.com -hw "file:/home/user/Documents/wordlist-header.txt" -pw "file:/home/user/Documents/wordlist-parameter.txt" -ppath /home/user/Documents/cacert.pem -purl http://127.0.0.1:8081 [Packaged] - No | ||||
|
|
@kali-team, please could this be packaged up. @author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-01-10 14:59 | m10x.de | New Issue | |
| 2022-03-25 13:41 | g0tmi1k | Note Added: 0015938 | |
| 2022-03-25 13:41 | g0tmi1k | Category | New Tool Requests => Queued Tool Addition |
| 2022-05-04 12:54 | g0tmi1k | Status | new => acknowledged |
| 2022-05-04 12:55 | g0tmi1k | Summary | Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for web cache poisoning => Web Cache Vulnerability Scanner (WCVS) - fast and versatile CLI scanner for web cache poisoning |