Skip to content

1. Tool Overview

Jump to bottom
Prajal Kulkarni edited this page May 3, 2018 · 2 revisions

Scan Engine:

Nmap Skipfish Wapiti BuiltWith Phantalyzer Wappalyzer

Databases and collections:

Watchdog installs a local copy of CVE database which is a collection of following DB's :

cves (Common Vulnerabilities and Exposure items) - source NVD NIST cpe (Common Platform Enumeration items) - source NVD NIST cwe (Common Weakness Enumeration items) - source NVD NIST capec (Common Attack Pattern Enumeration and Classification) - source NVD NIST ranking (ranking rules per group) - local cve-search d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) - source d2sec.com MITRE Reference Key/Maps - source MITRE reference Key/Maps ms - (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) - source Microsoft exploitdb (Offensive Security - Exploit Database) - source offensive security info (metadata of each collection like last-modified) - local cve-search via4 VIA4CVE cross-references.

What happens when you run watchdog:

Test domain: www.scanthis.com

Watchdog will perform following task on this domain:

a. Scan the domain to find visible open ports.

{e.g. output}

  • 80 [Apache httpd 2.4.7 ((Debian))]
  • 443 [Apache httpd 2.4.7 ((Debian))]
  • 22 [OpenSSH 5.8p1_hpn13v10 (FreeBSD 20110102; protocol 2.0)]
  • 21 [ProFTPD 1.3.3e]
  • 993 [Plesk Courier imapd]

b. Perform tech-stack fingerprinting and identify all front-end and service level technologies running.

  • jquery [1.8.1]
  • php [5.5.9]
  • twitter bootstrap [2.3]
  • font awesome [**]
  • google analytics [**]
  • piwik []

c. Map the tech-stack versions with known vulnerabilities found in the master CVE database.

  • [e.g. jquery 1.8.1 version has multiple CVE's - CVE-2012-6708, CVE-2015-9251]
  • [e.g. php 5.5.9 version has multiple CVE's - CVE-2016-4073, CVE-2015-8835]
  • [e.g. apache 2.4.7 version has multiple CVE's - CVE-2017-7679, CVE-2014-0226]

d. If step 1 detects any http services running [80/443] it will go ahead and perform a web application security scanning with wapiti and Skipfish.

f. Once the scan is complete the data will get populated on Watchdog’s UI which can be found at http://localhost/index.php

Clone this wiki locally