Taipan网站漏洞扫描器-Web Application Security Scanner

Taipan网站漏洞扫描器

Taipan网站漏洞扫描器

Taipan是一个自动化的Web应用扫描器可以识别在自动方式的Web漏洞。这个项目是一个更广泛的项目,包括其他组件的核心引擎,如Web控制台,你可以管理你的扫描或下载一个PDF格式的报告和扫描仪代理运行在特定的主机。下面是一些截图

Taipan – Web Application Security Scanner

Taipan网站漏洞扫描器

ReleaseBuild

Taipanis a an automated web application scanner which allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which include other components, like a web dashboard where you can manage your scan or download a PDF report and a scanner agent to run on specific host. Below are some screenshots of theTaipandashboard:

Taipan网站漏洞扫描器 Taipan网站漏洞扫描器 Taipan网站漏洞扫描器
Taipan网站漏洞扫描器 Taipan网站漏洞扫描器 Taipan网站漏洞扫描器

If you are interested in trying the full product, you can contact me at: aparata[AT]gmail.com

Release Download Taipan网站漏洞扫描器

Build Release Download

If you want to try the dev version of Taipan without to wait for an official release, you can download the build version. This version is built every time that a commit is done and the build process is not broken.

You can download it from theArtifacts Directory.

Using Taipan  Taipan网站漏洞扫描器

Taipancan run on both Windows (natively) and Linux (with mono). To run it in Linux you have to installmono in version >= 4.8.0. You can track the implementation of the new features in the relatedKanban board.

Scan Profile

Taipanallow to scan the given web site by specify different kind of profiles. Each profile enable or disable a specific scan feature, to show all the available profile just runTaipanwith the--show-profiles_option.

Pause/Stop/Resume a scan

During a scan you can interact with it by set the scan in Pause or Stop it if necessary. In order to do so you have to press:

  • P: pause the scan
  • S: stop the scan
  • R: resume a paused scan

The change is not immediate and you have to wait until all threads have reached the desider state.

Launch a Full scan

To launch a new scan you have to provide theurland theprofilewhich must be used. It is not necessary to specify the full profile name, a prefix is enough.

Taipan.exe -p Full -u http://127.0.0.1/

Below an example of execution:

Taipan网站漏洞扫描器

Build Taipan

Taipanis currently developed with using VisualStudio 2017 Community Edition and usespaketas packet manager. To build the source code you have to:

  • clone the repository
  • runpaket.exe install
  • open the solution in VisualStudio and compile it

Taipan Components

Taipanis composed of four main components:

Web Application fingerprinter

it inspects the given application in order to identify if it is a COTS application. If so, it extracts the identified version. This components is very important since it allows to identify vulnerable web applications.

Hidden Resource Discovery

this component scans the application in order to identify resources that are not directly navigable or that shouldn’t be accessed, like secret pages or test pages.

Crawler

This component navigates the web site in order to provide to the other components a list of pages to analyze. It allows to mutate the request in order to find not so common pathes.

Vulnerability Scanner

this component probes the web application and tries to identify possible vulnerabilities. It is composed of various AddOn in order to easily expand its Knowledge Base. It is also in charge for the identification of know vulnerabilities which are defined by the user.

Versioning  Taipan网站漏洞扫描器

We useSemVerfor versioning. For the versions available, see thetags on this repository.

Authors

  • Antonio ParataCore Developers4tan
  • Andrea GulinoFront End Developerandreagulino

See also the list ofcontributorswho participated in this project.

License

Taipan is licensed under theMIT license.