How to implement a module for scanning an application for vulnarabilities? [closed]

0 投票
最新提问 用户: (660 分)

I have a project to make an application that scans web applications for vulnerabilities an than based on the vulnerabilities found makes and attack.

My idea for this is to install a number virtual machines with web applications (ex BadStore) and then try to scan them and based on the results find from a database an attack for that vulnerability.

I plan on using java spring and postgreSQL since i am most familiar with them for the application. The first step would be the scanner. What i am looking for is i library that can help my implement basic scanning of a web application pages. Since i need to implement the searching for vulnerabilities and then to follow with an attack i plan on fist implement the most simple attack (basic sql inject?).

I need some help with finding a good library to work with for the project. I tried searching for a libraries but found lots of examples of open source vulnerabilities scanners but i don't really know any of them and how hard it would be to use some of there libraries.

If anyone has any experience with something similar i would be most grateful.

发表于 用户: (100 分)
Can you mention what are some of libraries you have seen for this, so we can mention their pros and cons
发表于 用户: (660 分)
Like i said i found numerous examples of vulnerabilities scanner and some of them i saw ware open source and using java. The problem was i don't know any of the or if i can use any of them in my project.
发表于 用户: (660 分)
As examples i can enumerate some of the scannes :Vega, WebScarab ,Ratproxy, Grendel-Scan.... I did not find specific library for scanning but applications that are open source and i can maybe use. If there are any such libraries it will be a grate help.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。