cyberdynesecurity/smartsecurityscan

Smart Security Scan PHP library for API communication

Smart Security Scan PHP library (>= PHP 5.6)

, _(*1)

Smart Security Scan is an online pen-test / security scan platform with customizable scan packages and white-labeling. You can create your own scan packages or use the already implemented packages., _(*2)

You can integrate our scan platform into your business application by using our API. Make sure you request an API access token., _(*3)

Scan areas

• SSL Test
• TCP/UDP Open ports
• TCP/UDP Running services
• TCP/UDP Service vulnerabilities
• Malware scan
• Information disclosure
• Server misconfiguration
• PHPInfo() Pages Accessible and PHPInfo() Disclosure in other Pages
• CVS, GIT and SVN Information and Source Code Disclosure
• XSS Protection Disabled
• Apache Server-Status and Apache Server-Info pages Accessible
• TRACE / TRACK Method Support Enabled
• Sensitive Files Accessible
• E-mail Address Disclosure
• Directory Listing
• Version Disclosure
• Internal Path Disclosure
• Database Error Message Disclosure
• Application Source Code Disclosure
• Web application vulnerability
• Application security
• Network security
• Network scan
• Server configuration
• Shodan
• OWASP / OWASP top 10

Techniques

• SQL Injection
• XSS (Cross-site Scripting)
• DOM XSS
• Command Injection
• Blind Command Injection
• LFI (Local File Inclusion) & Arbitrary File Reading
• Remote File Inclusion
• Remote Code Injection / Evaluation
• CRLF / HTTP Header Injection / Response Splitting
• Open Redirection
• Frame Injection
• Database User has Admin Privileges
• Vulnerability Database (Inferred vulnerabilities)
• ASP.NET ViewState Vulnerabilities
• ViewState is not Signed
• ViewState is not Encrypted
• Hidden Resources Accessible
• Crossdomain.xml File Vulnerable
• Robots.txt File Vulnerable
• Google Sitemap Vulnerable
• Silverlight Client Access Policy File Vulnerable
• Insecure Authentication Scheme Used Over HTTP
• Password Transmitted over HTTP
• Authentication Obtained by Brute Forcing
• Basic Authentication Obtained over HTTP
• Weak Credentials
• Access Denied Resources
• Cookies are not Marked as Secure
• Cookies are not Marked as HTTPOnly
• OWASP / OWASP top 10

Information gathering

• Network Security, _(*4)

• Web Application Security, _(*5)

• Security scan, _(*6)

• Vulnerability scan, _(*7)

• Penetration Testing, _(*8)

• SSL Test, _(*9)

Scan multiple targets with different settings and pay automatically with your credits. You can buy 1 or multiple credit packs., _(*10)

Combine multiple scan commands to create your own package. Schedule your pentest on a montly or even daily basis., _(*11)

Receive your scan report per mail or download the PDF version from your dashboard., _(*12)