Skip to content
/ scanner-tests Public

A messy collection of PHP files for testing Web vulnerability scanners.

7 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cweb/scanner-tests

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Check.Pasv.Asp.Net.ViewState.Mac.php
Check.Pasv.Asp.Net.ViewState.Mac.php
 
 
Check.Pasv.Charset.Mismatch.php
Check.Pasv.Charset.Mismatch.php
 
 
Check.Pasv.Charset.Utf8.php
Check.Pasv.Charset.Utf8.php
 
 
Check.Pasv.Charset.Utf8.xml
Check.Pasv.Charset.Utf8.xml
 
 
Check.Pasv.Cookie.HttpOnly.php
Check.Pasv.Cookie.HttpOnly.php
 
 
Check.Pasv.Cookie.LooselyScoped.php
Check.Pasv.Cookie.LooselyScoped.php
 
 
Check.Pasv.Cookie.Secure.php
Check.Pasv.Cookie.Secure.php
 
 
Check.Pasv.CrossDomain.FormSubmit.php
Check.Pasv.CrossDomain.FormSubmit.php
 
 
Check.Pasv.CrossDomain.JavascriptReference.php
Check.Pasv.CrossDomain.JavascriptReference.php
 
 
Check.Pasv.CrossDomain.ScriptReference.php
Check.Pasv.CrossDomain.ScriptReference.php
 
 
Check.Pasv.CrossDomain.StyleSheetInclusion.php
Check.Pasv.CrossDomain.StyleSheetInclusion.php
 
 
Check.Pasv.Flash.AllowScriptAccess.php
Check.Pasv.Flash.AllowScriptAccess.php
 
 
Check.Pasv.Flash.CrossDomain.php
Check.Pasv.Flash.CrossDomain.php
 
 
Check.Pasv.Header.CacheControl.php
Check.Pasv.Header.CacheControl.php
 
 
Check.Pasv.Header.ContentTypeMissing.php
Check.Pasv.Header.ContentTypeMissing.php
 
 
Check.Pasv.Header.FrameOptions.php
Check.Pasv.Header.FrameOptions.php
 
 
Check.Pasv.Header.IeXssProtection.php
Check.Pasv.Header.IeXssProtection.php
 
 
Check.Pasv.Header.InternalIp.php
Check.Pasv.Header.InternalIp.php
 
 
Check.Pasv.Header.MimeSniff.php
Check.Pasv.Header.MimeSniff.php
 
 
Check.Pasv.Header.WeakAuth.php
Check.Pasv.Header.WeakAuth.php
 
 
Check.Pasv.InformationDisclosure.Comments.php
Check.Pasv.InformationDisclosure.Comments.php
 
 
Check.Pasv.InformationDisclosure.DatabaseErrors.php
Check.Pasv.InformationDisclosure.DatabaseErrors.php
 
 
Check.Pasv.InformationDisclosure.DebugErrors.php
Check.Pasv.InformationDisclosure.DebugErrors.php
 
 
Check.Pasv.InformationDisclosure.InUrl.php
Check.Pasv.InformationDisclosure.InUrl.php
 
 
Check.Pasv.InformationDisclosure.ReferrerLeak.php
Check.Pasv.InformationDisclosure.ReferrerLeak.php
 
 
Check.Pasv.Java.ViewState.Uncompressed.php
Check.Pasv.Java.ViewState.Uncompressed.php
 
 
Check.Pasv.Java.ViewState.php
Check.Pasv.Java.ViewState.php
 
 
Check.Pasv.Javascript.DomainLowering.php
Check.Pasv.Javascript.DomainLowering.php
 
 
Check.Pasv.Javascript.Eval.php
Check.Pasv.Javascript.Eval.php
 
 
Check.Pasv.SSL.CertValidation.php
Check.Pasv.SSL.CertValidation.php
 
 
Check.Pasv.SSL.InsecureFormLoad.php
Check.Pasv.SSL.InsecureFormLoad.php
 
 
Check.Pasv.SSL.InsecureFormPost.php
Check.Pasv.SSL.InsecureFormPost.php
 
 
Check.Pasv.SSL.StrictTransportSecurity.php
Check.Pasv.SSL.StrictTransportSecurity.php
 
 
Check.Pasv.SSL.Version.php
Check.Pasv.SSL.Version.php
 
 
Check.Pasv.SharePoint.DocLib.php
Check.Pasv.SharePoint.DocLib.php
 
 
Check.Pasv.Silverlight.ClientAccessPolicy.php
Check.Pasv.Silverlight.ClientAccessPolicy.php
 
 
Check.Pasv.Silverlight.EnableHtmlAccess.php
Check.Pasv.Silverlight.EnableHtmlAccess.php
 
 
Check.Pasv.Unicode.InvalidUTF8.php
Check.Pasv.Unicode.InvalidUTF8.php
 
 
Check.Pasv.UserControlled.Charset.php
Check.Pasv.UserControlled.Charset.php
 
 
Check.Pasv.UserControlled.Cookie.php
Check.Pasv.UserControlled.Cookie.php
 
 
Check.Pasv.UserControlled.HtmlAttributes.php
Check.Pasv.UserControlled.HtmlAttributes.php
 
 
Check.Pasv.UserControlled.JavascriptEvent.php
Check.Pasv.UserControlled.JavascriptEvent.php
 
 
Check.Pasv.UserControlled.JavascriptProperty.php
Check.Pasv.UserControlled.JavascriptProperty.php
 
 
Check.Pasv.UserControlled.OpenRedirect.php
Check.Pasv.UserControlled.OpenRedirect.php
 
 
CheckPasvCrossDomain.css
CheckPasvCrossDomain.css
 
 
CheckPasvCrossDomain.js
CheckPasvCrossDomain.js
 
 
CheckPasvInformationDisclosure.js
CheckPasvInformationDisclosure.js
 
 
CheckPasvJavascript.js
CheckPasvJavascript.js
 
 
CheckPasvUnicodeTransformations.php
CheckPasvUnicodeTransformations.php
 
 
CheckPasvUserControlled.js
CheckPasvUserControlled.js
 
 
CheckPasvUserControlled.php
CheckPasvUserControlled.php
 
 
CheckPasvUserControlledCharset.xml
CheckPasvUserControlledCharset.xml
 
 
README.mediawiki
README.mediawiki
 
 
clientaccesspolicy.xml
clientaccesspolicy.xml
 
 
crossdomain.xml
crossdomain.xml
 
 
index.php
index.php
 
 

Repository files navigation

Web Scanner Security Tests

These files make up a collection of very cheap and messy PHP scripts meant to look like a vulnerable Web application. They were originally created to help with quick functional testing of the Watcher Web security tool set of rules. Each file in turn represents one test for one Watcher check. By loading the index.html file you will be presented with a list of all tests hyperlinked for quick loading.

WARNING - INSECURE PHP SCRIPTS

As if you couldn't tell by now, these PHP files are meant to mimic a vulnerable Web application. Of course they're very shallow, and nothing even close to a proper vulnerable Web application meant for real testing. Some of those that come to mind are DVWA, bodgeit, and well a whole bunch of others listed here.

About

A messy collection of PHP files for testing Web vulnerability scanners.

Resources

Readme
Activity

Stars

7 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages