工具分类：扫 描 器
** wpoison, web stress tool.
What is wpoison ?
Wpoison is a tool primary designed for pen-testers and/or system administrators.
The objective of this tool is to find any potential SQL-Injection vulnerabilities
in dynamic web documents which deals with databases: php, asp, etc..
How does this work ?
This is quite simple, wpoison fetch the document you want to scan, and extracts any urls
in <a> and <form> tags.
Any url that contains arguments (eg: /doc.php?aa=bb&cc=dd) will be stress tested
each value of any arguments are replaced with known buggy SQL strings, in order
to make the remote database print errors on the document.
/doc.php?aa=bb&cc=dd will be stressed like this:
After each poisoned request, the HTTP reply is analysed for finding common
SQL error strings.
If any string match, this document is flagged as vulnerable.
SQL error strings are stored in a signature file (poison.sig), it becomes
easy for anyone to add is own signatures for a particular web application.
(see poison.sig for more details).
Wpoison is based on thoses excelent white papers:
The SPI Labs whitepaper on SQL injection :
Chris Anley 's white paper :
wpoison is known to compile on FreeBSD and Linux plateform.
For now, you need to have [f]lex installed, and gcc.
Just run `make`.
Please report compilation problems at email@example.com or firstname.lastname@example.org.
The simplest way to use wpoison is to run:
$ wpoison http://www.somewhere.tld/page.php
or $ wpoison my-web.tld
or $ wpoison "www.my.tld/page.php?aa=bb&cc=dd"
This will stress test any urls in the link you provided.
It's important to note that wpoison *does not* follow links that are outside your domain.
Sometimes, it's usefull to force the values of the cookie, if your website deals with some
$ ./wpoison -C "sessionhash=123456789; path=/" -C "ID=meadele; path=/myforum" www.my-web.tld
Note that the -C option takes a full "Set-Cookie" header value.
If the -C option is missing, wpoison will use the original cookie of your document for each test.
When the scan is done it will print out the result, this example show the
result of a scan on a vulnerable Snitz asp forum:
40 links tested:
__ /forum/forum.asp [Possible SQL-injection detected]
|___ FORUM_ID * * * * * *
|___ CAT_ID * * * * * * *
1 potential security problems found
This means that FORUM_ID and CAT_ID arguments *may* be used for SQL-Injection exploitation.
N.B: The report system will be improved soon.
At this time wpoison is in alpha stage, and will be improved.
- incorrect handling of redirection messages.
- doesn't analyse headers.
- sever performance problem due to stupid use of regexec().
- incorrect handling of 'radio' <input> values.
Please send feedback or any suggestions to email@example.com or firstname.lastname@example.org
>> 下载 <<