OWASP VBScan – A Black Box VBulletin Vulnerability Scanner

OWASP VBScan is an open-source tool for testing VBulletin forum software for security vulnerabilities. It works as an automated black box vulnerability scanner. This means it tests VBulletin installations from the outside without access to source code or system files. It sends multiple HTTP requests to detect known vulnerabilities and misconfigurations. The issues it identifies include SQL injection, cross-site scripting, and information disclosure among others. It summarizes potential security risks in the VBulletin setup along with remediation guidance.

Features of OWASP VBScan Tool:

1. Scanning for Known Vulnerabilities: VBScan scans web applications for known vulnerabilities, including common security issues such as SQL injection, cross-site scripting (XSS), and others.
2. Fingerprinting Technology: The tool uses fingerprinting techniques to identify the underlying technologies and components of a web application, aiding in the discovery of potential vulnerabilities associated with specific platforms.
3. Multiple Scan Modules: VBScan incorporates multiple scan modules that focus on different aspects of web application security. These modules help in detecting various types of vulnerabilities, providing a comprehensive assessment.
4. Dynamic URL Analysis: The tool dynamically analyzes URLs and parameters, attempting to identify potential security weaknesses in the web application’s structure.

Prerequisites

• Linux Terminal
• Perl Installed
• Web Browser

How to install OWASP VBScan on Kali Linux?

In this section, we will see the detailed step-by-step process of installing OWASP VBScan on the Kali Linux Operating System. So follow all the specified steps with proper command execution.

Step 1: To install the tool on your Kali Linux operating system, open a terminal window and type the following command.

git clone https://github.com/OWASP/vbscan.git

Cloning the OWASP VBscan on Desktop

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory to run the tool.

Moving into the VBS can Directory

Step 3: Now, you are in the directory of the OWASP VBscan. Now we’ve to give the Executable Permission to the “vbscan.pl” file using the following command.

chmod +x vbscan.pl

After running chmod +x, you should now be able to execute vbscan.pl directly to scan your Visual Basic codebase for security issues.

Giving the Executable Permission to the ” vbscan.pl “

Usage of OWASP VBScan on Kali Linux

In this section, we will see the practical usage of the OWASP VBScan tool on Kali Linux in terms of a practical example.

Step 1: Launch the Tool

Once you have successfully installed VBScan, you can launch it in interactive mode. In this mode, you can input options to customize the scan. Use the following command:

perl vbscan.pl

This command will start VBScan in interactive mode, allowing you to input various options for the scan.

Interface of OWASP VBscan Tool

Step 2: Vulnerability Scanning

In this step, we’re going to Scan the Vulnerabilities of the domain geeksforgeeks.org. To do that we have to use the following command.

./vbscan.pl ( Target_Website )

This will initiate a vulnerability scan of the live web application running on geeksforgeeks.org using OWASP VBscan

Entering Target Website

Following the initiation of the vulnerability scan, a prompt will appear, asking if you want to continue. To proceed, type “y“. This choice enables you to decide whether to extend the scan to additional pages of the website or terminate the current scan.

Prompt of Do you want to Continue type “Y”

Upon completion of the task, you will see the following message displayed.

Scan is Complete

These scan reports contain full descriptions and debugging information about every issue so your development team can replicate and fix them.

Step 3: Locating the Report

After our task is completed our report will be saved in the vbscan folder. Open a file explorer window and navigate to the Desktop and then the vbscan installation directory.

Opening vbscan directory

Inside this directory, you should find a “reports” folder. Double-click to open it.

Opening reports directory

Within the “reports” folder, you will find files named after your target.

Opening target directory

Within the “geeksforgeeks.org” folder, you will find files such as “geeksforgeeks.orgReport.html.”

Opening html file

Open the HTML report in your preferred web browser, such as Firefox or Chrome. The browser will render the report, allowing you to interactively review the vulnerabilities found.

Results in GUI Interface

Conclusion

In conclusion, OWASP VBScan is a free vulnerability scanner that tests VBulletin forums and websites for security weaknesses. It works externally without internal access and sends requests to check for vulnerabilities. It identifies issues like SQL injection in the VBulletin setup to promote fixing them. VBScan summarizes risks and guides remediation. It is an automated tool for website owners to scan their VBulletin sites and harden security. For beginners, VBScan helps find and address vulnerabilities in VBulletin software powering forums and communities.