Web Proxy Scanner

Web Proxy Scanner


Web proxy scanner is a tool to check vulnerabilities of web servers( this scanner can work as a port scanner if Check CGI Vulnerabilities is not enabled).

It is evident that CGI probes are sent against web servers. This tool provides an ability to configure the scanner for running CGI probes through that proxy ( if Enable Proxy is turned on ) or without proxy (if Enable Proxy is turned off ) .

Here is a brief description of each field located in Host Scan Settings. The field Command contains the command type ( GET, PUT,POST, etc.), the field Scheme contains the protocol type (http, ftp, gopher ), the field Host contains the host name ( ex. Camelot, www.nsauditor.com ), the field URL contains the URL, the field User Agent contains the name of the client program ( Nsauditor/1.0, Mozilla/5.0, Mozilla/4.0 ) , the field Timeout contains the timeout interval to wait for responses, the field Ports contains port numbers( you can select port numbers by clicking on the browse button).

Web Proxy Scanner

Turning on Check CGI Vulnerabilities allows you to select the service( Common, Apache, etc .) for checking vulnerabilities. Note that if the selected service is Front Page or IIS than the operating system of destination host should be Windows. You can use Ping to check the operating system.

To connect through proxy turn on the Enable Proxy setting and select one of anonymous proxy servers from the list.

The probe that will be sent to the target host is based on the mentioned parameters. There are some known vulnerability tests for each service.

You can configure these tests using Options/Configuration ( CGI Abuses ).

Double clicking on the scan entry you can view the CGI Abuse details. The dialog below shows all the details of the selected row.

Web Proxy Scanner

Selecting the appropriate CGI from the CGI Groups allows you to see all the check probes for the selected CGI including CGI Name and CGI Description. Selecting one of the CGI checks will show the CGI Abuse Details for that check including Risk Level, Abuse Name, Method, Directories, RCode ( return code ), Directories, Check URL, BagtraqID, Comment.

These well known tests are used to create the probes. You can hide the name of your real user agent by selecting any other from the list( it will seem that the probe is sent not from the real sender Nsauditor ).

You can add, delete and save the information in the page by clicking on the Add, Delete, Save buttons accordingly.

If View All Responses is turned on the Responses List of Network Security Auditor window will contain all responses. Otherwise the list will contain only the responses with open ports. You can double click on the row to view http header, source and data of each response ( left, middle , right parts of bottom section ). 

Nsauditor Network Security Auditor
Nsauditor Network Security Auditor is a network security scanner that allows to audit and monitor remote network computers for possible vulnerabilities
Nsauditor Network Security Auditor is a network security scanner that allows to audit and monitor network computers for possible vulnerabilities, checks your network for all potential methods that a hacker might use to attack it. Nsauditor is a complete networking utilities package that includes a wide range of tools for network auditing, scanning, monitoring and more. You can discover network services and check them for vulnerabilities, list all TCP and UDP endpoints with their associated process, discover NetBios names, audit MS SQL servers, scan for common Adware traces and more. The program also includes real-time network packet filtering and analyzing, web proxy scanning, password auditing, IP address lookup and more than 45 network tools for scanning, sniffing, enumerating and gaining access to machines, DNS and WHOIS lookups, e-mail validation, HTTP traffic generator and intrusion detection based on security events log. Reports can be generated in HTML and XML format. Overall, this is a very complete package for a surprisingly low price.

Download Now

Product Key Explorer
Backup Key Recovery
SpotAuditor Password Recover
"Very broad collection of network audit tools. We think this is one of the best integrated network multi-tools we have looked at."
SC Magazine
More Testimonials »
Nsasoft Awards
More Awards »
Free 24 / 7 Support
Free Lifetime Upgrades
Visit Our Site
Email us Here
Home Products Ordering Downloads Company Support Partners