Server-Side Attacks
| Test Name | API ID | Description | Detectable Vulnerabilities |
|---|---|---|---|
| AWS S3 Takeover | amazon_s3_takeover | Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution | Amazon AWS S3 bucket takeover |
| Broken JWT Authentication | jwt | Tests for secure implementation of JSON Web Token (JWT) in the application | Broken JWT Authentication |
| Broken Object Property Authorization | bopla | Tests if the application properly enforces access controls on individual properties of an object | Broken Object Property Authorization |
| Broken SAML Authentication | broken_saml_auth | Tests for secure implementation of SAML authentication in the application | Broken SAML Authentication |
| Brute Force Login | brute_force_login | Tests for the availability of commonly used credentials | Brute Force Login |
| Common Files | common_files | Tests if common files that should not be accessible are accessible | Exposed Common File |
| Cookie Security | cookie_security | Tests if the application uses and implements cookies with secure attributes | Missing 'httponly' Flag in CookieMissing 'secure' Flag in CookiePredictable Cookie Value |
| Cross Site Request Forgery (CSRF) | csrf | Tests application forms for vulnerable cross-site filling and submitting | Cross-Site Request Forgery (CSRF) |
| CVE scanning | cve_test | Tests for known third-party common vulnerability exposures | Common Vulnerability Exposure |
| Directory Listing | directory_listing | Tests if server-side directory listing is possible | Directory Listing |
| Email Injection | email_injection | Tests if it is possible to send emails to other addresses through the target application mailing server, which can lead to spam and phishing | Email Header Injection |
| File Upload | file_upload | Tests if file upload mechanisms are validated properly and denies upload of malicious content | Unrestricted File Upload |
| Full Path Disclosure (FPD) | full_path_disclosure | Tests if various application parameters are vulnerable to the exposure of errors that include full webroot path | Full Path Disclosure |
| Headers Security Check | header_security | Tests for proper Security Headers configuration | Misconfigured Security Headers |
| HTTP Method Fuzzer | http_method_fuzzing | Tests enumeration of possible HTTP methods for vulnerabilities | Insecure HTTP Method |
| iFrame Injection | iframe_injection | Tests for frame injection attacks evaluate the embedding of deceptive elements on legitimate websites, tricking users into unintended interactions that lead to unauthorized actions, data theft, or malicious activities. | iFrame Injection |
| Insecure TLS Configuration | insecure_tls_configuration | Tests SSL/TLS ciphers and configurations for vulnerabilities | Insecure TLS Configuration |
| Local File Inclusion (LFI) | lfi | Tests if various application parameters are vulnerable to loading of unauthorized local system resources | Local File Inclusion (LFI) |
| MongoDB Injection | nosql | Tests if an attacker is able to inject malicious input into a NoSQL database query | MongoDB Injection (NoSQLI injection) |
| Open Cloud Storage | open_cloud_storage | Contains Open Buckets, Azure Blob Storage, and Amazon S3 Bucket Takeover tests | Open Cloud Storage |
| Open DataBase | open_database | Tests if exposed database connection strings are open to public connections | Exposed Database AccessExposed Database Connection String |
| OS Command Injection | osi | Tests if various application parameters are vulnerable to Operation System (OS) command injection | OS Command Injection |
| Remote File Inclusion (RFI) | rfi | Tests if various application parameters are vulnerable to loading of unauthorized remote system resources | Remote File Inclusion (RFI) |
| Secret Tokens | secret_tokens | Tests for exposure of secret API tokens or keys in the target application | Secret Tokens Leak |
| Server Side Template Injection (SSTI) | ssti | Tests if various application parameters are vulnerable to server-side code execution | Server Side Template Injection (SSTI) |
| Server-Side JavaScript Injection | server_side_js_injection | Test if the application incorrectly evaluates user-controllable data as code on the server side. | |
| Server-Side Request Forgery (SSRF) | ssrf | Tests if various application parameters are vulnerable to internal resource access | Server Side Request Forgery (SSRF) |
| SQL Injection (SQLI) | sqli | SQL Injection tests vulnerable parameters for SQL database access | Database Error Message DisclosureSQL Injection |
| Version Control System | version_control_systems | Tests if it is possible to access Version Control System (VCS) resources | Version Control System Exposure |
| WordPress Scan | wordpress | Tests for known vulnerabilities related to the WordPress platform | WordPress Component with Known Vulnerabilities |
| XML External Entity (XXE) | xxe | Tests if various XML parameters are vulnerable to XML parsing of unauthorized external entities | XML External Entity (XXE) |
| XPath Injection | xpathi | Tests if unvalidated user input in XPath expressions can be exploited to manipulate queries, potentially leading to unauthorized access or unintended actions | XPath Injection |
Updated 10 months ago