¾ÆÅ¥³×ƽ½ºÀÇ »õ·Î¿î À¥ Ãë¾à¼º ½ºÄ³³Ê!!
¾ÆÅ¥³×ƽ½ºÀÇ
»õ·Î¿î
À¥
Ãë¾à¼º
½ºÄ³³Ê!!
¾ÆÅ¥³×ƽ½º¿¡¼ »õ·Î¿î ¹öÀüÀÇ À¥ Ãë¾à¼º ½ºÄ³³Ê¸¦ 7¿ù 2°ÁÖ Áß¿¡ ½ÃÀå¿¡ Ãâ½ÃÇϱâ·Î °áÁ¤ÇÏ¿´½À´Ï´Ù. ÇØ´ç Á¦Ç°¿¡ ´ëÇÑ Á¦Ç° ÆǸŠ¹× ±â¼úÁö¿øÀ» ±¹³»¿¡¼´Â (ÁÖ)¾ÆÀ̽ÃÅ¥¾î°¡ ÇÑ´Ù°í ÇÕ´Ï´Ù. ÇÑ±Û ¸Å´º¾ó°ú ±â¼úÀڷḦ Á¦°øÇØ ÁÖ°í, Á¦Ç°¿¡ ´ëÇÑ Ç°Áú Áö¿øÀ» ÇöÀç ÁøÇàÇÏ°í ÀÖ´Ù°í ÇÕ´Ï´Ù.
¾ÆÅ¥³×ƽ½º WVS(Web
Vulnerability Scanner)À¥ Ãë¾à¼º ½ºÄ³³Ê)
¹öÀü
4¿¡¼´Â ´ÙÀ½°ú °°Àº ´ÙÀ½°ú °°Àº »õ·Î¿î ±â´ÉÀ» Æ÷ÇÔÇÏ°í ÀÖ½À´Ï´Ù.
l JavaScript
°ú AJAX
Áö¿ø:
AJAX¾ÖÇø®ÄÉÀ̼ÇÀ» Æ÷ÇÔÇÑ JavaScritp
±â¹ÝÀÇ À¥ »çÀÌÆ®¸¦ ÀÚµ¿À¸·Î °Ë»ç ¹× ºÐ¼® ÇÕ´Ï´Ù.
l Advanced
Scheduling:
Ãß°¡µÈ ½ºÄÉÁÙ¸µ ¸ðµâÀº ´ÜÀÏ ¶Ç´Â ´ÙÁß À¥ »çÀÌÆ®ÀÇ µ¿½Ã ȤÀº ¼øÂ÷ÀûÀÎ °Ë»çÀÇ ½ÇÇà¿¡ ´õ¿í °³¼±µÈ À¯¿¬¼º°ú ÀÚµ¿È°¡ °¡´ÉÇÏ°Ô ÇÕ´Ï´Ù. ½ºÄÉÁ층Àº °Ë»ç,
¼öÁý,
·Î±ëÀ» ±¸¼ºÇÏ°í °á°ú ³»¿ëÀ» ÀúÀåÇÏ´Â ¸ðµç ±â´ÉÀ» ½±°Ô »ç¿ëÀÚ°¡ È°¼ºÈ ÇÒ ¼ö ÀÖ´Â °ü·Ã °ü¸® Äְܼú ÇÔ²² ¼ºñ½ºÃ³·³ µ¿ÀÛÇÕ´Ï´Ù.
l Command Line
Áö¿ø:
´Ù¾çÇÑ ¼¼Æ®ÀÇ ¸Å°³º¯¼ö¸¦ ÀÌ¿ëÇÏ¿© Ä¿¸Çµå ¶óÀÎÀ» ÅëÇØ ½ÇÇà µÉ ¼ö ÀÖ½À´Ï´Ù.
l URL Rewrite
Áö¿ø: URL
°íÃľ²±â¸¦ ÀÌ¿ëÇÏ¿© À¥ »çÀÌÆ®¸¦ °Ë»çÇÕ´Ï´Ù.
l Advanced
Logging: WVS ¾ÖÇø®ÄÉÀ̼ǰú ¿¡·¯ ·Î±×´Â °Ë»çµ¿¾È¿¡ ¹ß»ýÇÏ´Â ¹®Á¦µé¿¡ ´ëÇÑ ´ë´ÜÇÑ °¡½Ã¼ºÀ» Á¦°øÇÕ´Ï´Ù.
l Custom
Cookies Áö¿ø
l Enhanced
Search ±â´É:
º¸´Ù ³ªÀº ¸®Æ÷Æ®¸¦ »ý¼ºÇϵµ·Ï º¸°í¼ ¼Ò½º¿¡ ´ëÇÑ ºü¸¥ °Ë»öÀ» Æ÷ÇÔÇÕ´Ï´Ù.
l Enhanced
Reporting ±â´É
l Scan Result
Export: XML°ú AVDL
Æ÷¸Ë
WVSÀÇ
Ãë¾à¼º
Á¡°Ë
Ç׸ñ
WVS´Â ´ÙÀ½¿¡ µû¸£´Â ºÎ·ùÀÇ À¥ Ãë¾àÁ¡µéÀ» °Ë»çÇϱâ À§ÇØ À¥ »çÀÌÆ®¿Í ¸ðµç °ü·ÃµÈ À¥ ¾ÖÇø®ÄÉÀ̼ÇÀ» ÀÚµ¿À¸·Î ¼öÁýÇÕ´Ï´Ù.
l Version
Check(¹öÀü È®ÀÎ)
¢® Ãë¾àÇÑ À¥ ¼¹ö
¢® Ãë¾àÇÑ À¥ ¼¹ö »ç¿ë ±â¼ú
¢® Pearl Forums
l CGI
Tester(CGI °Ë»çµµ±¸)
¢® À¥ ¼¹ö ¹®Á¦ °Ë»ç
¢® À¥ ¼¹ö »ç¿ë ±â¼ú È®ÀÎ
¢® À¥ ¼¹ö Á¤º¸ ¼öÁý
l Authentication(ÀÎÁõ)
¢® ÀԷ°ª °ËÁõ
¢® ÀÎÁõ °ø°Ý
l Parameter
Manipulation(¸Å°³º¯¼ö Á¶ÀÛ)
¢® Cross-Site Scritping(XSS)
¢® SQL Injection
¢® Code Execution
¢® Directory Traversal
¢® File Inclusion
¢® Script Source Code Disclosure
¢® CRLF Injection
¢® Cross Frame Scripting(XFS)
¢® PHP Code Injection
¢® XPath Injection
l MultiRequest
Parameter Manipulation(¸Å°³º¯¼ö Á¶ÀÛ ´ÙÁß ¿äû)
¢® Blind SQL/XPath Injection
l File
Checks(ÆÄÀÏ °Ë»ç)
¢® ¹é¾÷ ÆÄÀÏ ¶Ç´Â µð·ºÅ͸® È®ÀÎ
¢® ½ºÅ©¸³Æ® ¿¡·¯ È®ÀÎ
l Directory
Checks(µð·ºÅ͸® °Ë»ç)
¢® Log, traces, CVS¿Í °°Àº ÀÏ¹Ý ÆÄÀÏ Ã£±â
¢® ¹Î°¨ÇÑ ÆÄÀÏ/µð·ºÅ͸® ã±â
¢® ¹Ì¾àÇÑ Æ۹̼ÇÀ» °®´Â µð·ºÅ͸® ã±â
¢® À¥ ¾ÖÇø®ÄÉÀ̼Ç
l Text
Search(ÀÏ¹Ý ¹®ÀÚ °Ë»ö)
¢® µð·ºÅ͸® ¸ñ·Ï
¢® Source Code Disclosure(¼Ò½ºÄÚµå³ëÃâ)
¢® ÀÏ¹Ý ÆÄÀÏ È®ÀÎ
¢® Server Side Includes(SSI) Áö½Ã È®ÀÎ
¢® ÀüÀÚ¸ÞÀÏ ÁÖ¼Ò È®ÀÎ
¢® ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® ¿ÀÇǽºÀÇ ¹Î°¨ÇÑ Á¤º¸
¢® Local Path Disclosure
¢® ¿¡·¯ ¸Þ½ÃÁö
l GHDB Google
Hacking Database(°Ë»ö¿£Áø ÇØÅ· µ¥ÀÌÅͺ£À̽º)
¢® µ¥ÀÌÅͺ£À̽º¿¡ 1000
°³°¡ ³Ñ´Â GHDB
°Ë»ö¾î Æ÷ÇÔ
°Ë»ç ÇÁ·ÎÇÁÀÏ ±¸¼ºµµ±¸¸¦ ÅëÇÏ¿©,
¸ðµç Ãë¾à¼º ¶Ç´Â ¼±ÅÃµÈ Ãë¾à¼º¸¸ °Ë»çÇϵµ·Ï
WVS¸¦ ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù.
Áøº¸µÈ
µµ±¸µé
¾ÆÅ¥³×ƽ½º
WVS´Â ¿À´Ã³¯ÀÇ º¹ÀâÇÑ À¥ ±â¹Ý ȯ°æÀÇ º¹ÇÕ¼ºÀ» ÆľÇÇϱâ À§ÇØ °³¼±µÇ°í ¸Å¿ì Á¤È®ÇÑ ±â¼úÀ» ¼Ò°³ ÇÔÀ¸·Î½á ÇØ Ãë¾à¼º °Ë»çÀÇ ¹üÀ§¸¦ È®´ëÇÏ°í ÀÖ½À´Ï´Ù. WVS´Â ¼öµ¿Á¶Á¾À» ÅëÇÑ Áö´ÉÇü Ãë¾àÁ¡ °Ë»çÀÇ ´Ù¸¥ ÇüŸ¦ °í·ÁÇÏ¸é¼ ±ÔÄ¢ÀûÀ¸·Î ¾÷µ¥ÀÌÆ® µÇ´Â µ¥ÀÌÅͺ£À̽º¸¦ ÅëÇØ ¾Ë·ÁÁø Ãë¾àÁ¡µéÀ» ÀÚµ¿À¸·Î °Ë»çÇϵµ·Ï ÇÕ´Ï´Ù. °Ô´Ù°¡ ƯÁ¤ ¾ÖÇø®ÄÉÀ̼ǿ¡ ¸ÅÀÌÁö ¾ÊÀº ´Ù¾çÇÑ ÀÚµ¿ÈµÈ ÇØÅ· °ø°ÝÀ» ½ÇÇàÇÒ ¼ö ÀÖµµ·Ï ÇÕ´Ï´Ù. ÀÌ´Â ¾î¶»°Ô ±×¸®°í ¾ðÁ¦ °³¹ßµÇ°í,
´©°¡ °³¹ßÇß´ÂÁö¸¦ ¿°µÎ¿¡ µÎÁö ¾ÊÀº °³º° »ý»êµÈ ¾ÖÇø®ÄÉÀ̼ÇÀÇ °Ë»ç¸¦ °¡´ÉÇÏ°Ô ÇÕ´Ï´Ù.
´ÙÀ½¿¡ µû¸£´Â ¸ñ·ÏÀº º¸´Ù °³¼±µÈ WVS
µµ±¸µé ÀÔ´Ï´Ù.
l Target Finder
l Authentication Tester
l HTTP Editor
l HTTP Sniffer
l HTTP Fuzzer
l Report Generator
l Compare Results Tool
l Scheduler
l Command Line Support
±×
¿ÜÀÇ
±â´Éµé
WVS´Â ´ÙÀ½°ú °°Àº ±â´ÉÀ» Æ÷ÇÔÇÏ°í ÀÖ½À´Ï´Ù.
l Àüü °Ë»ç¸¦ ¼³Á¤Çϵµ·Ï
step-by-step Áö½Ã¸¦ Áö¿øÇÏ´Â ½ºÄµ ¸¶¹ý»ç¸¦ ÅëÇØ ´ë´ÜÈ÷ ½±°Ô À¥ »çÀÌÆ®¸¦ °Ë»çÇÕ´Ï´Ù.
l Á¦Ç°°ú »õ·Î¿î Ãë¾àÁ¡¿¡ ´ëÇÑ ¿Â¶óÀÎ ¾÷µ¥ÀÌÆ®
l HTTP¿Í SOCKS Proxy
¼¹ö Áö¿ø
l °Ë»ç °á°ú¸¦ ÀúÀåÇϵµ·Ï MS
Access¿Í MS SQL
¼¹ö Áö¿ø
l °Ë»ç ÇÁ·ÎÆÄÀÏÀÇ »ç¿ëÀÚ ±¸¼º
l ¾ÖÇø®ÄÉÀ̼ÇÀÌ ¾î¶»°Ô À¥ ¼¹ö·Î ¿äûÀ» º¸³»´ÂÁö¸¦ Á¶Á¤Çϵµ·Ï »ç¿ëÀÚ HTTP
Æ©´×
l ÆÄÀÏ ÇÊÅÍ,
µð·ºÅ͸® ÇÊÅÍ, URL
Á¤Á¤ ¹× »ç¿ëÀÚ
Cookies¸¦ Áö¿øÇÏ´Â »çÀÌÆ® ¼öÁý±â ¼³Á¤
l À¥ »çÀÌÆ®ÀÇ ¼ºê µµ¸ÞÀÎ °Ë»ç¸¦ ÀÚµ¿À¸·Î ¼öÇàÇϵµ·Ï ÇÏ´Â WVS
¼³Á¤
l ¸ðµç ÇüÅÂÀÇ ·Î±×ÀÎÀ» Áö¿øÇÏ´Â ·Î±×ÀÎ ÀýÂ÷ ±â·Ï±â
l HTML ÀÔ·Â ÆûÀÇ »ç¿ëÀÚ Á¦Ãâ ÀԷ°ª ¼³Á¤
l °³º° »ç¿ëÀÚ°¡ °³¹ßÇÑ 404
¿¡·¯ÆäÀÌÁö Áö¿ø
l °³º° ±¸¼ºµÈ °Ë»ö¿£Áø ÇØÅ· µ¥ÀÌÅͺ£À̽º ÇÊÅÍ Áö¿ø
l Æ®·¯ºí ½´ÆÃÀ» À§ÇÑ ¾ÖÇø®ÄÉÀÌ¼Ç ·Î±ë Áö¿ø