VScanner

In today?s world, we are going toward the concept of the Metaverse, and it's all because technology is at its peak. People are doing work from home and technology has been involved in every aspect of our life. Security has significant importance in a digital world, the reason behind this i

Project Title

VScanner

Project Area of Specialization

Cyber Security

Project Summary

In today’s world, we are going toward the concept of the Metaverse, and it's all because technology is at its peak. People are doing work from home and technology has been involved in every aspect of our life. Security has significant importance in a digital world, the reason behind this is that a security breach can lead to a compromise of privacy, and in the case of a security breach in an organization, the privacy of millions of people is compromised.

Recently cyber-attacks continue to trend upward with a 125% increase in volume year-over-year and the reason behind it is that we are not aware of the severity of the problem. The other aspect is that we just use the available technology without knowing much about the working and technical stuff related to modern technology. That’s why we also don’t know how to handle and manage the security of our digital assets.

To avoid these kinds of security issues, our proposed solution will be very helpful and more specifically it targets the web which is most of the internet. Finding the possible issues and vulnerabilities in a web application or website is a very technical and challenging task. To resolve this problem our tool will automate all the processes of checking website security that involve the detection of possible vulnerabilities in the target web application or website and suggestions to mitigate these web security issues. To use this tool no technical knowledge is required at all and within a few minutes, users will get a report related to the security of their website or web application.

Project Objectives

Manual testing of the applications is a very time taking and tedious task so with the help of programming we can automate this task and can make the process of finding vulnerabilities more efficient

The proposed solution will improve the existing security of websites and web applications. It will also help developers in learning the best security practices and pen-testers can also figure out possible vulnerabilities in the target website within a few minutes.

Below are the objectives of the project:

1. Automate the process of SQL Injection detection (error-based)

2. Automate the process of Cross-site Scripting detection (reflected)

3. Automate the process of Cross-site Request Forgery detection

4. Alert about missing security headers

5. Port Scanning & Fingerprinting

While doing the scan process our assessment tool will try to find the most common web vulnerabilities such as SQLi, XSS, and CSRF. Other than that it will also check for the security headers of the website that will indicate the security measures taken by the website. Lastly, this tool will do port scanning on the target website and will report about open ports and services that are running on the target web server.

Project Implementation Method

According to the nature of the project, the Agile development methodology has been selected which is suitable for our project. Other models like a waterfall are not suitable because we cannot make adjustments once the project is in progress while in agile, adjustments can be made according to the requirements during each iteration.

The application will consist of five modules and during the initial iteration, the core functionality of the application will be developed. Then during each iteration, a new module will be added to the application. Iterations will be continued until all five modules have successfully integrated with the application.

Figure 1.2: Methodology

 Modules:

• Cross-site Scripting (XSS) Detection

  • Cross-site scripting is a vulnerability that comes under the category of injections, it allows an attacker to compromise the interactions of the user with the vulnerable application. Examples of cross-site scripting attacks include session hijacking, defacing, and click-jacking.

  • The application will be able to detect the possible XSS on the target website. it will be achieved by examining the behavior of the target after some fuzzy payload injection.
• SQL Injection (SQLi) Detection

  • SQL injection is one of the most notorious vulnerabilities that are still found in web applications, although it’s a very old vulnerability still it is included in the top 10 most common web application vulnerabilities. This vulnerability has severe effects on the privacy of users and the data of the application, it allows an attacker to interfere with a database that the application is used for retrieving data

  • The application will also detect SQLi based on errors generated by the website In response to the malicious request.
• Cross-site Request Forgery (CSRF) Detection

  • This vulnerability forces users of the vulnerable application to perform unintended actions without their consent. By exploiting CSRF an attacker can perform actions like changing email, and password or making funds transfer by sending malicious requests to the application by the authenticated user without knowing about it.

  • Detection of CSRF will be done via CSRF tokens which are used to avoid CSRF attacks in web applications.
• Headers Manipulation
  • This module covers a lot of topics and evaluates the target website against some best practices and configurations for the server and website.
• Port Scanning & Fingerprinting
  • The server will be checked for possible open ports and also the application will try to find the running services and their corresponding versions on the target server.

Proxies will be needed to avoid Recaptcha and IP banning issues so for this purpose we will use Proxies like Smart Proxy Manager.  Web hosting is also mandatory for deploying the web application in a real environment and to fulfill this requirement we will use a cloud Virtual Machine like EC2 instance provided by Amazon.

Figure 1.2: Application Architecture

Benefits of the Project

The Project will be a step forward in the field of penetration testing and will help developers to make their applications more robust and secure. It can be considered a good tool in various cases like for testing and analyzing every entry point of the web application.   

Technical Details of Final Deliverable

At the end of the project, we will have a web-based application that will take a URL as an input from the user and will perform various security tests and fuzzing techniques to discover any possible flaws or vulnerabilities in the target website and eventually will generate a report about its findings.

During the scanning process, our web app will perform tests for the detection of various vulnerabilities including Cross-site scripting, Cross-site forgery request, and SQL injection. Additionally, it will manipulate the headers of the target website to get sensitive information about the used technologies on the server. Lastly, it will perform a Port Scanning which will detect the open ports, running services, and their corresponding versions on the server.

Technical Deliverables:

1. Automatic Cross-site Scripting Detection
2. Automatic SQL injection Detection
3. Automatic Cross-site Request Forgery Detection
4. Header Manipulation
5. Port Scanning & Fingerprinting

Final Deliverable of the Project

Software System

Core Industry

IT

Other Industries

Core Technology

Others

Other Technologies

Sustainable Development Goals

Decent Work and Economic Growth

Required Resources

If you need this project, please contact me on contact@adikhanofficial.com