About Scripting in WVS


WVS scripting is based on Microsoft Active Scripting Technology. In WVS scripting the preferred language for writing scripts is JavaScript. The scripts can be edited by any text editor. Scripts should have the extension .script and include files the extension .inc.

Important directories and files:

WVS will try to execute scripts from specific folders. For now the only folder which is searched by the scripting is [ApplicationDirectory]\Data\Scripts\Network. By convention, in this folder are placed all the scripts which are for network testing. These scripts will be executed in paralel with the web scanner, after the port scanner module is finished.

In future versions of WVS there may be other folders which will contain scripts various tasks (eg. web vulnerability identification).

Each folder which contains scripts should have an index.xml file which contains description of the scripts in the folder. The information from this file will be used in profile editor. Even if a file is not in index.xml, it will be executed, but there will be no description of it in the profile editor. Below is an example of the index file:

<?xml version="1.0" encoding="UTF-8"?> <DirIndex> <description>Scripts for testing network services</description> <file name="chargen_ping.script"> <description>Test for chargen service</description> </file> <file name="cvs_server.script"> <description>Test for CVS server</description> </file> </DirIndex>

[ApplicationDirectory]\Data\Scripts\Includes is the standard directory for shared includes. The preprocessor will search this folder for included files automatically.