It is common practice for the same web server to host several websites or web applications on the same IP address. This why the host header exists. The host header specifies which website or web application should process an incoming HTTP request. The web server…
Author Archives Ian Muscat
How to scan an HTTP Authentication restricted area
In addition to support for form authentication, which Acunetix supports via the Login Sequence Recorder, you can also scan areas of a website or web application which are restricted through the means of HTTP Authentication. HTTP Authentication, sometimes referred to as Basic Authentication, is a…
Port scanning with Server Side Request Forgery (SSRF)
As a pen-tester, there are going to be situations where you will be asked to provide evidence of the seriousness of a vulnerability that has been identified. There is ample documentation on how to do this for the more common vulnerabilities such as Cross-site Scripting…
Getting Started with the Acunetix Web Services Editor
The Web Services Editor is a tool that forms part of the Acunetix Manual Pen Testing Tools suite (available to download for free). The Web Services Editor allows you to import an online or local WSDL file for an in depth analysis of WSDL requests…
Getting Started with the Acunetix Authentication Tester
The Authentication Tester is a tool that forms part of the Acunetix Manual Pen Testing Tools suite (available to download for free). The Authentication Tester allows you to test the strength of credentials used in HTTP authentication, as well as custom HTML form-based authentication by…
Getting Started with the Acunetix Target Finder
The Target Finder is a tool that forms part of the Acunetix Manual Tools suite (available to download for free). The Target Finder allows you to run a port scan to discover web servers running on a given IP address, or a range of IP…
Getting Started with the Acunetix Subdomain Scanner
The Subdomain Scanner is one of the tools in the Acunetix Manual Tools suite for penetration testers. The Acunetix Manual Tools Suite is a set of tools for penetration testing, ethical hacking, and attack surface information gathering. The tools are free for commercial use but…
Getting Started with the Acunetix HTTP Sniffer
The HTTP Sniffer is one of the tools among the Acunetix Manual Tools suite (available to download for free). The HTTP Sniffer is a proxy that allows you to analyze HTTP requests and responses, and manually crawl a site structure. The HTTP Sniffer can also…
Getting Started with the Acunetix HTTP Fuzzer
The HTTP Fuzzer is one of the tools in the Acunetix Manual Tools suite designed to let you manually test for security issues. The Acunetix Manual Tools Suite is a set of tools for black-box testing and application security information gathering. These security vulnerability testing…