1
00:00:03,460 --> 00:00:09,330
So far we learned how to manually discover a number of very dangerous vulnerabilities.

2
00:00:09,590 --> 00:00:13,660
We've seen how to how they work and how to exploit them.

3
00:00:13,750 --> 00:00:20,500
In today's video I'd like to show you a tool that will allow you to automatically discover vulnerabilities

4
00:00:20,500 --> 00:00:22,160
in web applications.

5
00:00:22,160 --> 00:00:25,150
It will allow you to discover the vulnerabilities that we learned.

6
00:00:25,150 --> 00:00:26,520
Plus much more.

7
00:00:26,890 --> 00:00:32,550
The reason why I didn't teach you this at the start because I wanted you to learn how to do it manually.

8
00:00:32,680 --> 00:00:36,710
I also wanted you to know how these vulnerabilities occur.

9
00:00:36,760 --> 00:00:41,450
So to understand the reason behind them also these are just tools.

10
00:00:41,470 --> 00:00:43,440
So this program is just a tool.

11
00:00:43,480 --> 00:00:46,470
It can make mistakes and it can show false positives.

12
00:00:46,570 --> 00:00:48,430
It can also miss vulnerabilities.

13
00:00:48,430 --> 00:00:52,720
In some cases therefore I wanted you to know how to do this stuff manually.

14
00:00:52,720 --> 00:00:57,940
So if the program doesn't work or if the program misses something then you'll be able to find it.

15
00:00:58,870 --> 00:01:05,560
The best way to use these programs is as a backup or as just a tool to help you with your penetration

16
00:01:05,560 --> 00:01:09,620
testing so using the tool is very simple.

17
00:01:09,700 --> 00:01:12,670
I'm going to go in my application and then I'm going to Taipans up

18
00:01:16,210 --> 00:01:25,590
and ask me if I want to save the current session when I search for something so I'm going to say no.

19
00:01:25,790 --> 00:01:29,040
And this is the main view of the tool.

20
00:01:29,050 --> 00:01:35,310
So on the left here you'll see the websites that you're targeting on the right you can attack and said

21
00:01:35,320 --> 00:01:43,600
the Web site you're Al and in here you'll see the results for your attacking or for your scan.

22
00:01:43,820 --> 00:01:51,500
If we go here on the car on the left it'll allow you to modify the options for the program so you can

23
00:01:51,500 --> 00:01:57,740
modify certain aspects of it the way the father works the way the spider works the way the scanner is

24
00:01:59,280 --> 00:02:05,580
I'm going to leave everything the same and other things that you can modify as the policies used in

25
00:02:05,580 --> 00:02:06,000
this can.

26
00:02:06,000 --> 00:02:11,620
So something similar to this cause that we were using with AdMob the intense scan and all that.

27
00:02:11,640 --> 00:02:15,480
So I'm going to press on the plus and get a press on the active scan.

28
00:02:16,110 --> 00:02:24,160
And if you press on this on the left here and I'm going to press on the default policy now you can create

29
00:02:24,160 --> 00:02:26,740
your own policies by using the bottom.

30
00:02:26,950 --> 00:02:33,130
I'm going to press on the default one and I'm going to go on modify it to see you to show you the aspects

31
00:02:33,130 --> 00:02:35,780
that you can modify.

32
00:02:35,800 --> 00:02:44,650
So right here you can modify the name the threshold and the strength for the global policy.

33
00:02:44,760 --> 00:02:52,830
Clicking on each of these categories will allow you to modify the specific scans that will be performed

34
00:02:52,840 --> 00:02:58,870
for example and the injection tab here we can see all the injection scans that the program is going

35
00:02:58,870 --> 00:02:59,290
to try.

36
00:02:59,290 --> 00:03:05,380
For example we can see Eskdale injections here can see cross-site scripting here and present on the

37
00:03:05,380 --> 00:03:13,480
threshold right here we can set this to default low medium or high certainly to the default we'll just

38
00:03:13,480 --> 00:03:17,030
default to the value selected here which is medium right now.

39
00:03:17,950 --> 00:03:22,900
Or you can have for example of Asgill injection is what you're looking for if you're what you're looking

40
00:03:22,900 --> 00:03:29,470
for is access for the database then you can set this to high so that it'll try everything and try to

41
00:03:29,470 --> 00:03:35,100
find it in even difficult places.

42
00:03:35,120 --> 00:03:37,750
So I'm going to close all of this I'm leaving everything the same.

43
00:03:37,800 --> 00:03:41,460
I know when I started my attack against the Matildas script.

44
00:03:41,600 --> 00:03:42,680
So we have it.

45
00:03:42,740 --> 00:03:51,270
And then in 2014 to 0 4 running in the US floatable machine and if we go on till date right here that's

46
00:03:51,270 --> 00:03:52,090
the or else.

47
00:03:52,290 --> 00:03:54,240
So it's really I'm just going to copy this

48
00:03:57,760 --> 00:03:58,840
and paste it here.

49
00:04:01,200 --> 00:04:07,420
And then I'm going to talk now to all is first going to try to find all the or else.

50
00:04:07,450 --> 00:04:14,290
And then it's going to try and attack these you are Elle's based on this current policy that we used.

51
00:04:14,310 --> 00:04:17,590
I'm going to post the video and resume it once this comes over.