Abstract:
About 200 million websites are active at present. Billions of people use web applications for transferring information, money and communicating with each other. Web applications are made by humans. So, there may exist many kinds of vulnerabilities. The main reason for the weakness is the lack of choosing the proper programming languages. There are a lot of web application attacks that are existing now such as SQL injection, Buffer overflow, security misconfiguration, cross-site scripting, etc. So, the security issues of web applications are a great concern in presents. Developers are very interested to know about any kind of attack. In this project, we have created a tool to find different types of web application vulnerabilities of particular websites. This ‘D-tect’ tool will check eight dangerous and critical web application attacks. They are WordPress username enumerator, sensitive file detector, sub-domain scanner, port scanner, WordPress scanner, cross-site scripting (XSS), WordPress backup grabber, SQL injection. The tool will show host address, IP address, header information, the vulnerable scopes and server of the web application. There will be also detection of WordPress as it is mentioned that some vulnerabilities may arise due to using WordPress. The tool will check 1904 ports to find out the vulnerable ports. Sub-domains may have vulnerable DNS resolver that may help the attacker to exploit a system. That will be also scanned by the tool. The WordPress backup system will be also analyzed to find whether it is vulnerable or not. So, the tool will check for particular ports and try to inject different types of attacks. Then the corresponding result will be visible. This tool is created by using python and different modules and functions of python. There are different types of modules and functions are used to create the tool. the program can be run till the user wants to stop scanning.
Description:
This thesis submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Information and Communication Engineering of East West University, Dhaka, Bangladesh