[W3af-develop] Wivet - Web Input Vector Extractor Teaser

Wed, 11 Feb 2009 04:37:28 -0800 

Hi everyone,

I'm not sure whether this has been mentioned before on the mailing list or not. 
I've came across wivet [0]. From the project description:

"WIVET is a benchmarking project that aims to statistically analyze web
link extractors. In general, 
web application vulnerability scanners
fall into this category. These VAs, given a URL(s), try to extract 
as
many input vectors as possibly they can to increase the coverage of the
attack surface."

The w3af webSpider scores a total of 46%. For example: links embedded in 
"p onmousedown window.location.href" won't be detected. 

I've attached the wivet output. I used the latest w3af svn version to get these 
results.
I thought someone might find this interesting.

Cheers,
Kevin

[0] http://code.google.com/p/wivet/

_________________________________________________________________
More than messages–check out the rest of the Windows Live™.
http://www.microsoft.com/windows/windowslive/

BACK

Coverage :  %46
Started at :  2009 02 11 12:54:00
Details :

purple rows indicate missed cases, other rows indicate hit.

URI Description Number of Accesses IP Address User Agent
16_1b14f302 redirection 2127.0.0.1w3af.sourceforge.net
4_1c3f8link href js protocol 3127.0.0.1w3af.sourceforge.net
11_1f2e4link href jquery 3127.0.0.1w3af.sourceforge.net
18_1a2f3a href _javascript_ protocol window.open 3127.0.0.1w3af.sourceforge.net
7_16a9cform submit button onclick 3127.0.0.1w3af.sourceforge.net
13_10ad3xhr initiating 3127.0.0.1w3af.sourceforge.net
2_2b7a3self referencing link with random query string 15127.0.0.1w3af.sourceforge.net
2_1f84bself referencing link 4127.0.0.1w3af.sourceforge.net
15_1c95aform action with _javascript_ protocol set 3127.0.0.1w3af.sourceforge.net
9_2ff21span onmouseout window.location.href 1127.0.0.1w3af.sourceforge.net
9_1a1b2span onclick window.location 1127.0.0.1w3af.sourceforge.net
9_4b82dspan onmouseup document.location 1127.0.0.1w3af.sourceforge.net
9_3a2b7span onmousedown document.location.href 1127.0.0.1w3af.sourceforge.net
1_12c3blink creation after some time w/ setTimeout 1127.0.0.1w3af.sourceforge.net
1_25e2alink creation after button click 1127.0.0.1w3af.sourceforge.net
5_1e4d2div onmouseover window.open 1127.0.0.1w3af.sourceforge.net
19_1f52alink attached to a swf simple button onclick event 1127.0.0.1w3af.sourceforge.net
8_2b6f1relative link in html comment 1127.0.0.1w3af.sourceforge.net
14_1eeabmeta refresh tag 1127.0.0.1w3af.sourceforge.net
12_1a2cfiframe 1127.0.0.1w3af.sourceforge.net
12_3a2cfiframe created dynamically 1127.0.0.1w3af.sourceforge.net
12_2a2cfframe created dynamically 1127.0.0.1w3af.sourceforge.net
10_17d77link href js protocol window.location w/ alert override 1127.0.0.1w3af.sourceforge.net
20_1e833html encoded links1127.0.0.1w3af.sourceforge.net
13_25af3link created thru xhr response 3127.0.0.1w3af.sourceforge.net
3_45589multi-page form with a single path to final destination N/AN/AN/A
6_14b3cform submit thru select onchange w/ simple alert N/AN/AN/A
8_1b6e1link in html comment N/AN/AN/A
9_5ee31p onclick window.location.href N/AN/AN/A
9_6ee31p onmouseout window.location.href N/AN/AN/A
9_7ee31p onmousedown window.location.href N/AN/AN/A
9_8ee31p onmouseup window.location.href N/AN/AN/A
9_9ee31div onclick window.location.href N/AN/AN/A
9_10ee31div onmouseout window.location.href N/AN/AN/A
9_11ee31div onmousedown window.location.href N/AN/AN/A
9_12ee31div onmouseup window.location.href N/AN/AN/A
9_13ee31td onclick window.location.href N/AN/AN/A
9_14ee31td onmouseout window.location.href N/AN/AN/A
9_15ee31td onmousedown window.location.href N/AN/AN/A
9_16ee31td onmouseup window.location.href N/AN/AN/A
9_17ee31tr onclick window.location.href N/AN/AN/A
9_18ee31tr onmouseout window.location.href N/AN/AN/A
9_19ee31tr onmousedown window.location.href N/AN/AN/A
9_20ee31tr onmouseup window.location.href N/AN/AN/A
9_21ee31li onclick window.location.href N/AN/AN/A
9_22ee31li onmouseout window.location.href N/AN/AN/A
9_23ee31li onmousedown window.location.href N/AN/AN/A
9_24ee31li onmouseup window.location.href N/AN/AN/A
9_25ee31radio onclick window.location.href N/AN/AN/A
16_2f41a302 redirection link in response body N/AN/AN/A
17_143efxhr with a busy mode page 1 N/AN/AN/A
17_2da76xhr with a busy mode page 2 N/AN/AN/A
18_2ced3heavy js library standard form creation N/AN/AN/A
19_2e3a2link attached to a swf simple button parameterized onclick event N/AN/AN/A
 


------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to