Find the ShellShock Bug and Application Errors Faster

SmartScanner version 1.6.0 is now smarter with new features! Some new features are testing the ShellShock bug, fuzzing parameter names, finding application errors, and more.

The ShellShock Attack

You can test any website for the ShellShock bug (CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, and CVE-2014-6278) using SmartScanner version 1.6.0. Shellshock, also known as Bashdoor is a bug in Unix Bash shell that allows an attacker to execute arbitrary commands and gain unauthorized access using Bash.

Enhanced Application Error Detection

SmartScanner now identifies and differentiates generic application errors and specific technology errors like PHP or .NET errors. All technology errors are now reported as Detailed Application Error and Detailed Application and Database Error.

Enhanced fuzzing which is explained in the following also helps to find application errors better.

Fuzzing Parameter Names

In the previous version, Fuzzer was added to the SmartScanner to identify errors like Buffer Overflow. Now the Fuzzer can manipulate parameter names to identify more application errors. Fuzzer can change query parameter names, Cookie names, and HTTP POST parameter names to check for exceptions in the web applications.

Smart Ineffective Parameter Detection

Some parameters in the HTTP request are neither used on the server-side, nor the client-side. We call such parameters ineffective. For example, it is common to add version numbers as a query string to resource URLs to bypass browser cache. Testing these parameters is useless. So, we’ve implemented a new AI model to identify such parameters and prevent SmartScanner from testing them. This will increase the speed and efficiency of the vulnerability scan.

To get started download SmartScanner and test the security of your website for free.

Check out the change log for more details on new things in version 1.4.0.