Skip to content

Commit

Permalink
added web cache deception to readme
Browse files Browse the repository at this point in the history
  • Loading branch information
m10x committed Feb 9, 2024
1 parent 8a52b8b commit 3c237c0
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@
[![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/Hackmanit/Web-Cache-Vulnerability-Scanner)](https://golang.org/)
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)

Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for [web cache poisoning](#background-information) developed by [Hackmanit](https://hackmanit.de) and [Maximilian Hildebrand](https://www.github.com/m10x).
Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for [web cache poisoning](#background-information) and web cache deception developed by [Hackmanit](https://hackmanit.de) and [Maximilian Hildebrand](https://www.github.com/m10x).

The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test,
The scanner supports many different web cache poisoning and web cache deception techniques, includes a crawler to identify further URLs to test,
and can adapt to a specific web cache for more efficient testing. It is highly customizable and can be easily integrated into existing CI/CD pipelines.

- [Features](#features)
Expand Down Expand Up @@ -38,6 +38,10 @@ and can adapt to a specific web cache for more efficient testing. It is highly c
7. HTTP header oversize (HHO)
8. HTTP meta character (HMC)
9. HTTP method override (HMO)
- Support for 3 web cache deception techniques:
1. Path Parameter
2. Path Traversal
3. Appended Newline, Null Byte, Semicolon, Pound, Question Mark or Ampersand
- Analyzing a web cache before testing and adapting to it for more efficient testing
- Generating a report in JSON format
- Crawling websites for further URLs to scan
Expand Down Expand Up @@ -86,7 +90,7 @@ version 1.0.0
# Usage
WCVS is highly customizable using its flags. Many of the flags can either contain a value directly or the path to a file.

The only mandatory flag is `-u/--url` to provide the target URL which should be tested for web cache poisoning. The target URL can be provided in different formats,
The only mandatory flag is `-u/--url` to provide the target URL which should be tested for web cache poisoning/deception. The target URL can be provided in different formats,

WCVS needs two wordlists in order to test for the first 5 techniques - one wordlist with header names and one with parameter names. The wordlists can either be present in the same directory WCVS is executed from or specified using the `--headerwordlist/-hw` and `--parameterwordlist/-pw` flags.

Expand Down

0 comments on commit 3c237c0

Please sign in to comment.