In Part 1, we saw what all IronWASP is capable of and how it handles a single page scan. In Part 2, we shall see how it reacts to a complex web application on localhost which requires a Login Sequence and how we can use an external model it is bundled with, WiHawk, and scan a route for vulnerabilities.
Scanning a complex application on Localhost
For a further test, we will be using Damn Vulnerable Web Application (DVWA). It is an open source application on which we can practice various security tests at various levels. It can be downloaded from https://github.com/ethicalhack3r/DVWA. Installation instructions and setup is present with it.
Since it requires the user to Login, we will be recording the Login.
Once that is opened, it will ask us to enter the username and password. Since we are doing a basic scan, we will leave the CSRF token for now:
Once entered, we will be taken to the Record page:
Now for us to do that, we will go back to IronWASP again and open the Browser Based Crawler which can be found under Tools:
Once opened, we will open the ‘Manual Crawler‘ (marked in blue):
This will open a blank page in Google Chrome along with a CMD (do not close this). Now we will go back to the Recording Page and Start recording:
IronWASP will now wait for us to enter the login credentials we had entered in the previous step. Once we enter the credentials, IronWASP will automatically move to the ‘TEST‘ page on which it will wait for 5 seconds, for the page to completely load, and the move on to the ‘SAVE‘ page where we can save the Login sequence for future use.
Now that we have the Login Sequence saved, we can start scanning. To do that, we go back and check the Sitemap. Once we find our main project that we want to put an Automated Scan on, we select it first, and the select ‘Scan Branch‘:
We will be presented with the same scanning options that we had discussed in our previous scan:
Except, in the ‘Customization‘ panel, we will have the ability to choose our Login Sequence (marked in blue):
Once the scanning is started, we can see the progress under ‘Automated Scanning‘:
Scanning a router using WiHawk
As mentioned in Part 1, IronWASP is bundled with additional modules created by independent security researchers. One of those modules in WiHawk which is used to find a vulnerability in a router. It is found under the modules tab, under Vulnerability Scanners:
When clicked, it will show you some information regarding the module and ask permission to Run it:
Once the module is loaded, it will show you three options:
- Scan Single IP
- Scan Range of IP’s
- Scan using Shodan
For now, we will be Scanning a Single IP:
Moreover, as we can see, the route is vulnerable and has default username and password as admin.
IronWASP is not a tool recommended for beginners. Although there are features that can be understood by them, it is UI, and unclear context makes it difficult to start right off the bat. Although there are numerous features available, the learning curve can be drastic for many.