Repository files navigation

Web Scanner Security Tests

These files make up a collection of very cheap and messy PHP scripts meant to look like a vulnerable Web application. They were originally created to help with quick functional testing of the Watcher Web security tool set of rules. Each file in turn represents one test for one Watcher check. By loading the index.html file you will be presented with a list of all tests hyperlinked for quick loading.

WARNING - INSECURE PHP SCRIPTS

As if you couldn't tell by now, these PHP files are meant to mimic a vulnerable Web application. Of course they're very shallow, and nothing even close to a proper vulnerable Web application meant for real testing. Some of those that come to mind are DVWA, bodgeit, and well a whole bunch of others listed here.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
Check.Pasv.Asp.Net.ViewState.Mac.php		Check.Pasv.Asp.Net.ViewState.Mac.php
Check.Pasv.Charset.Mismatch.php		Check.Pasv.Charset.Mismatch.php
Check.Pasv.Charset.Utf8.php		Check.Pasv.Charset.Utf8.php
Check.Pasv.Charset.Utf8.xml		Check.Pasv.Charset.Utf8.xml
Check.Pasv.Cookie.HttpOnly.php		Check.Pasv.Cookie.HttpOnly.php
Check.Pasv.Cookie.LooselyScoped.php		Check.Pasv.Cookie.LooselyScoped.php
Check.Pasv.Cookie.Secure.php		Check.Pasv.Cookie.Secure.php
Check.Pasv.CrossDomain.FormSubmit.php		Check.Pasv.CrossDomain.FormSubmit.php
Check.Pasv.CrossDomain.JavascriptReference.php		Check.Pasv.CrossDomain.JavascriptReference.php
Check.Pasv.CrossDomain.ScriptReference.php		Check.Pasv.CrossDomain.ScriptReference.php
Check.Pasv.CrossDomain.StyleSheetInclusion.php		Check.Pasv.CrossDomain.StyleSheetInclusion.php
Check.Pasv.Flash.AllowScriptAccess.php		Check.Pasv.Flash.AllowScriptAccess.php
Check.Pasv.Flash.CrossDomain.php		Check.Pasv.Flash.CrossDomain.php
Check.Pasv.Header.CacheControl.php		Check.Pasv.Header.CacheControl.php
Check.Pasv.Header.ContentTypeMissing.php		Check.Pasv.Header.ContentTypeMissing.php
Check.Pasv.Header.FrameOptions.php		Check.Pasv.Header.FrameOptions.php
Check.Pasv.Header.IeXssProtection.php		Check.Pasv.Header.IeXssProtection.php
Check.Pasv.Header.InternalIp.php		Check.Pasv.Header.InternalIp.php
Check.Pasv.Header.MimeSniff.php		Check.Pasv.Header.MimeSniff.php
Check.Pasv.Header.WeakAuth.php		Check.Pasv.Header.WeakAuth.php
Check.Pasv.InformationDisclosure.Comments.php		Check.Pasv.InformationDisclosure.Comments.php
Check.Pasv.InformationDisclosure.DatabaseErrors.php		Check.Pasv.InformationDisclosure.DatabaseErrors.php
Check.Pasv.InformationDisclosure.DebugErrors.php		Check.Pasv.InformationDisclosure.DebugErrors.php
Check.Pasv.InformationDisclosure.InUrl.php		Check.Pasv.InformationDisclosure.InUrl.php
Check.Pasv.InformationDisclosure.ReferrerLeak.php		Check.Pasv.InformationDisclosure.ReferrerLeak.php
Check.Pasv.Java.ViewState.Uncompressed.php		Check.Pasv.Java.ViewState.Uncompressed.php
Check.Pasv.Java.ViewState.php		Check.Pasv.Java.ViewState.php
Check.Pasv.Javascript.DomainLowering.php		Check.Pasv.Javascript.DomainLowering.php
Check.Pasv.Javascript.Eval.php		Check.Pasv.Javascript.Eval.php
Check.Pasv.SSL.CertValidation.php		Check.Pasv.SSL.CertValidation.php
Check.Pasv.SSL.InsecureFormLoad.php		Check.Pasv.SSL.InsecureFormLoad.php
Check.Pasv.SSL.InsecureFormPost.php		Check.Pasv.SSL.InsecureFormPost.php
Check.Pasv.SSL.StrictTransportSecurity.php		Check.Pasv.SSL.StrictTransportSecurity.php
Check.Pasv.SSL.Version.php		Check.Pasv.SSL.Version.php
Check.Pasv.SharePoint.DocLib.php		Check.Pasv.SharePoint.DocLib.php
Check.Pasv.Silverlight.ClientAccessPolicy.php		Check.Pasv.Silverlight.ClientAccessPolicy.php
Check.Pasv.Silverlight.EnableHtmlAccess.php		Check.Pasv.Silverlight.EnableHtmlAccess.php
Check.Pasv.Unicode.InvalidUTF8.php		Check.Pasv.Unicode.InvalidUTF8.php
Check.Pasv.UserControlled.Charset.php		Check.Pasv.UserControlled.Charset.php
Check.Pasv.UserControlled.Cookie.php		Check.Pasv.UserControlled.Cookie.php
Check.Pasv.UserControlled.HtmlAttributes.php		Check.Pasv.UserControlled.HtmlAttributes.php
Check.Pasv.UserControlled.JavascriptEvent.php		Check.Pasv.UserControlled.JavascriptEvent.php
Check.Pasv.UserControlled.JavascriptProperty.php		Check.Pasv.UserControlled.JavascriptProperty.php
Check.Pasv.UserControlled.OpenRedirect.php		Check.Pasv.UserControlled.OpenRedirect.php
CheckPasvCrossDomain.css		CheckPasvCrossDomain.css
CheckPasvCrossDomain.js		CheckPasvCrossDomain.js
CheckPasvInformationDisclosure.js		CheckPasvInformationDisclosure.js
CheckPasvJavascript.js		CheckPasvJavascript.js
CheckPasvUnicodeTransformations.php		CheckPasvUnicodeTransformations.php
CheckPasvUserControlled.js		CheckPasvUserControlled.js
CheckPasvUserControlled.php		CheckPasvUserControlled.php
CheckPasvUserControlledCharset.xml		CheckPasvUserControlledCharset.xml
README.mediawiki		README.mediawiki
clientaccesspolicy.xml		clientaccesspolicy.xml
crossdomain.xml		crossdomain.xml
index.php		index.php

cweb/scanner-tests

Folders and files

Latest commit

History

Repository files navigation

Web Scanner Security Tests

About

Resources

Stars

Watchers

Forks

Languages