V O O K I

Penetration Testing

Steps to perform Penetration Testing

Initial Steps

Initial steps to start the scan are as

  • Choose the Penetration Testing from the left navigation bar.
  • Enter the URL which you want to scan.
  • Select the browser as per your preference from the list.
  • You can also choose the Any Browser(Manual Configuration) to connect the browser with manual configuration. Choosing this option will not open any browser. It will only open the proxy port.
  • Enter the PORT and click on Launch
  • After the browser is launched, crawl all the pages of the website and interact with all input of the pages.

Intercepting

To intercept the request follow these steps

  • Go to intercept tab and turn ON the intecept.
  • Now you will start intercepting the request.
  • Here you can edit the request and to send it to server click on Send to Server.
  • To drop te request click on the Drop
  • To get the response and edit it before displaying to front end click on Break on Response
  • To use the request later for testing send it to compose by clicking on Send to Compose

Compose

To use the compose feature follow these steps

  • You can add the request in compose by intercepting the request and sending it by clicking on Send to Compose
  • You can also add the request to compose from the history table by right clicking the request and send to compose
  • Click on the compose tab to view all the available request.
  • From here you can edit the request and use it as per your need.

Scanning

To start the scan follow these steps

  • After the crawling of pages is done, right click on the left tree node (on your host) and click Scan.
  • On the click of scan you will get 3 pop up, provde input in all of them.

You will get these 4 pop up to provide details

  1. Scan Configuration
  2. Crawler
  3. Authentication
  4. CSRF Token Generation

    5. Scan Configuration: Concurrent Request to send the number of parallel request, Web Crawler Timeout lets you set timeout for the crawling request send, Scan Request Timeout lets you set the timeout for the scan.

    Crawler: If you click on yes then it will start crawling the website. Our crawling mechanism performs in-depth scanning in your website. You can identify the webpages exposed on the website.

    Authentication: For authentication we have several mode which are as follows

    • Fetch session cookie from proxy.
    • Manually enter session cookie.
    • Simple form authentication.
    • Complex authentication

    CSRF Token Generation: This module is to bypass the CSRF token, if your scanning website have the CSRF provide the token key and value and click on Check & Save then click Scan. If CSRF check is not available click on Skip & Scan

  • After the scan is completed, you can generate the report and save the data externally.

Report Generation

To generate the report follow these steps :

  • Right-click over the scanned host and click Generate Report.
  • This will generate the report in the html format.
  • Save the file in your prefferred location.

Saving scan externally

There we have two option to save the scanned data extenally. To save the scan data follow these steps

  • After the completion of the scan we get notification to save the data. To save click on ok and choose the preffered location and save the data.
  • To save afterwards Right-click over the scanned host and click on the Save and choose the preffered locaiton.
  •     Basic Scan
  • Command Line