Acunetix WVS 8 Released Candidate Now Available!
Acunetix WVS 8 Released Candidate Now Available!
January 25, 2012 – 10:47 pm | No Comment
Read the full story »
releases

Acunetix Web Vulnerability Scanner Product Releases

docs & FAQs

Acunetix technical documentation and FAQ

news

Acunetix Company and Web Security news, & Press Releases

events

Acunetix Webinars, Events and Training around the world

web security zone

Everything you need to know about Web Security

Home » docs & FAQs

Creating custom vulnerability checks for Acunetix WVS Version 7

Submitted by on August 10, 2010 – 9:11 pm2 Comments

Vulnerability checks in Acunetix Web Vulnerability Scanner version 7 consists of two files;

  • *.script – The actual vulnerability check written in JavaScript.  Such scripts are stored in the ‘\Data\Scripts\’ sub directory in the Acunetix WVS installation directory.
  • *.xml – This file contains all the documentation related to the vulnerability description, such as vulnerability details, remediation, severity level and other details.  These XML files use VulnXML format and are stored in the ‘\Data\Scripts\XML’ sub directory in the Acunetix WVS installation directory.

Creating a new vulnerability check

1. Writing the Vulnerability check script

To write a new vulnerability check script, you can use any text editor of your choice, or else WVS Scripting tool which is available for free.

The tool and detailed Acunetix WVS scripting reference can be downloaded from the following URL; http://www.acunetix.com/download/tools/Acunetix_SDK.zip.  Once downloaded, extract the tool in the same Acunetix WVS installation directory.  We recommend you use our tool since it is specifically designed to assist you in writing Acunetix WVS Vulnerability Checks.  It also includes a number of functions to help you test your scripts.

2. Writing the vulnerability XML file (VulnXML format)

To create a new XML file using VulnXML format, use Acunetix WVS Vulnerability Editor which is available from the Acunetix WVS Program Group.

Follow the below procedure to create a new VulnXML file for a custom vulnerability check;

  1. Right Click the VulnXML node and select ‘Add Vulnerability’.
  2. Specify the VulnXML filename and also specify if you want to use the default template.
  3. Specify all the required details to populate the VulnXML vulnerability file.  For a detailed description of all fields available refer to the following list;
    1. Name -The name of the vulnerability (e.g., could be the same as the name given to the VulnXML file.)
    2. Version – Test Version number
    3. Released – Date when Test/Vulnerability was created (yyyy/mm/dd)
    4. Updated - Date of last time this Vulnerability was updated (yyyy/mm/dd)
    5. Severity - Defines the vulnerability level e.g. high severity indicates that if this test generates failures, the target being scanned has a severe vulnerability
    6. Alert – Defines if the alert is to be triggered on success or failure of the test
    7. Type – Select the type of vulnerability from the drop down menu, e.g. parameter manipulation, canonicalization etc
    8. Affects - Defines which components of the target is affected by such vulnerability, e.g. server, directory etc
    9. Description – This field should contain a description of the vulnerability
    10. Impact – This field should contain information on the impact generated if such vulnerability is exploited
    11. Recommendation – This field should contain a number of recommendations to help the developer eliminate the reported vulnerability
    12. Detailed Information – This field should contain a detailed technical description of the reported vulnerability
    13. Tags – tags related to the vulnerability.

In the ‘References’ tab you can specify links to additional information about the vulnerability (e.g., cause and related fix).  You can add additional references by right clicking and selecting ‘Add reference’.

  1. Database - Specify the Link heading/title of the article/information
  2. URL – Contains the URL.

Modifying Vulnerability check

Note: The built-in vulnerability checks cannot be modified.  Onlly their VulnXML files (vulnerability details) can be modified.

Modifying a custom vulnerability check

To modify a custom vulnerability check, open the script in the WVS Scripting tool and proceed with the desired changed.  The WVS Scripting tool and detailed scripting reference are available from; http://www.acunetix.com/download/tools/Acunetix_SDK.zip.

Modifying the vulnerability VulnXML file

To modify an existing vulnerability check, open Acunetix Vulnerability Editor and select the script to edit from the VulnXML node.  Click on the section which you would like to edit and proceed with the text changes.  Once ready click on the ‘Save’ icon (first icon) in the top left corner or the Vulnerability Editor.

To create a new XML file using VulnXML format, use Acunetix WVS Vulnerability Editor which is available from the Acunetix WVS Program Group.

Be Sociable, Share!

2 Comments »

Leave a comment!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.