EN/RU
Personal account
Main > Projects
ISA Web Technologies uses only our own software. Only ISAWT users can use the services and software by ISAWT.
    Multi-Threaded Modular Security Scanner
Security-Scan consists of several modules united in one system, where each module performs strictly defined tasks. The scanner absorbed the knowledge base about the most effective query sequences from popular to very exotic ones. Security-Scan automates the process of detecting and exploiting SQL injections, emulating the attacker's actions to enter the system, which allows you to know about potential security vulnerabilities before they can be used by cybercriminals. Supports the following databases: MySQL, MSSQL, MSAcceess, Oracle, DB2, PostgreSQL.
Module 1 Collector.
Explores the structure of a web resource (website, application), and creates a catalog of all detected links and files.




Vulnerabilities detected by Security-Scan:
  • SQL Queries from a browser to obtain unauthorized access to data;
  • File inclusion;
  • Cross frame scripting;
  • Arbitrary code execution;
  • Confidential directories traversal;
  • Public Backup Copies;
  • XSS;
  • Buffer Overflow;
  • Brute-Force attack;
  • User Session Interception, etc
Module 3 Analyzer.
The vulnerability report is processed by the Analyzer. The Analyzer generates a Scan Protocol, which contains the following information:
  • Structured data on the vulnerabilities found;
  • Assessment of their criticality;
  • Their elimination time assessment;
  • Recommendations for their elimination;
  • Analysis of trends in the security issues.

The Scan Protocol can be saved in * txt, * doc, * docx formats.




Module 2 Emulator.
Conducts tests with all available pages of a web resource by unique algorithmic query chains, emulating hacker attacks in a variety of possible combinations including as follows:
  • Technique of character-by-character extraction data;
  • Shell uploads through sql-injection or using access to shells to manage the database, and so on.
Module 1 Collector.
Explores the structure of a web resource (website, application), and creates a catalog of all detected links and files.
Module 2 Emulator.
Conducts tests with all available pages of a web resource by unique algorithmic query chains, emulating hacker attacks in a variety of possible combinations including as follows:
  • Technique of character-by-character extraction data;
  • Shell uploads through sql-injection or using access to shells to manage the database, and so on.
Module 3 Analyzer.
The vulnerability report is processed by the Analyzer. The Analyzer generates a Scan Protocol, which contains the following information:
  • Structured data on the vulnerabilities found;
  • Assessment of their criticality;
  • Their elimination time assessment;
  • Recommendations for their elimination;
  • Analysis of trends in the security issues.

The Scan Protocol can be saved in * txt, * doc, * docx formats.
Vulnerabilities detected by Security-Scan:
  • SQL Queries from a browser to obtain unauthorized access to data;
  • File inclusion;
  • Cross frame scripting;
  • Arbitrary code execution;
  • Confidential directories traversal;
  • Public Backup Copies;
  • XSS;
  • Buffer Overflow;
  • Brute-Force attack;
  • User Session Interception, etc
The Security-Scan security scanner is coded in PHP with the ability to use in multi-threaded mode, i.e. it can simultaneously execute many queries and various tests. This significantly reduces the time of its operation with web resources, and is advantageously different from the analogues. All actions and results of the Security -Scan are logged permanently. The scanner can be used to diagnose a database. Continuous addition of new vulnerabilities and checks is supported. At the end of the Emulator Module, all information about the detected vulnerabilities is recorded in the report.
ATTENTION!
A significant part of the scanner's functionality was developed jointly with information security specialists from the ANTICHAT forum. Link to the topic discussing the part ('sql-injector') of the scanner functionality from ANTICHAT forum: Discussion
Visual interface of Security-Scan:

01.Settings->Basic

1 / 37
2 / 37
3 / 37
4 / 37
5 / 37
6 / 37
7 / 37
8 / 37
9 / 37
10 / 37
11 / 37
12 / 37
13 / 37
14 / 37
15 / 37
16 / 37
17 / 37
18 / 37
19 / 37
20 / 37
21 / 37
22 / 37
23 / 37
24 / 37
25 / 37
26 / 37
27 / 37
28 / 37
29 / 37
30 / 37
31 / 37
32 / 37
33 / 37
34 / 37
35 / 37
36 / 37
37 / 37
❮ ❯

01.Settings->Basic

01.Settings -> Basic 01.Settings -> Basic
02.Settings -> Managers 02.Settings -> Managers
03.Settings -> Import_Export 03.Settings -> Import_Export
04.Settings -> Functions 04.Settings -> Functions
05.Settings -> Auxiliary utilities 05.Settings -> Auxiliary utilities
06.Statistics -> Mode 1(Domains checker) 06.Statistics -> Mode 1(Domains checker)
07.Statistics -> Modes 2 and 3(Brutforce) 07.Statistics -> Modes 2 and 3(Brutforce)
08.Statistics -> Mode 4(Shells loader on Joomla) 08.Statistics -> Mode 4(Shells loader on Joomla)
09.Statistics -> Mode 5(Shells loader through vulnerabilities) 09.Statistics -> Mode 5(Shells loader through vulnerabilities)
10.Statistics -> Mode 6(SQL-injector) -> chains 0 и 1 10.Statistics -> Mode 6(SQL-injector) -> chains 0 и 1
11.Statistics -> Mode 6(SQL-injector) -> chain 1(character-by-character enumeration) 11.Statistics -> Mode 6(SQL-injector) -> chain 1(character-by-character enumeration)
12.Statistics -> Mode 6(SQL-injector) -> chain 8(phpmyadmin detection) 12.Statistics -> Mode 6(SQL-injector) -> chain 8(phpmyadmin detection)
13.Statistics -> Mode 6(SQL-injector) -> chain 10(path disclosure) 13.Statistics -> Mode 6(SQL-injector) -> chain 10(path disclosure)
14.Statistics -> Mode 6(SQL-injector) -> chain 12(shells loader) 14.Statistics -> Mode 6(SQL-injector) -> chain 12(shells loader)
15.Statistics -> Mode 6(SQL-injector) -> chain 13 15.Statistics -> Mode 6(SQL-injector) -> chain 13
16.Statistics -> Mode 6(SQL-injector) -> chain 14 16.Statistics -> Mode 6(SQL-injector) -> chain 14
17.Statistics -> Mode 6(SQL-injector) -> chain 15 17.Statistics -> Mode 6(SQL-injector) -> chain 15
18.Statistics -> Mode 6(SQL-injector) -> mixed 18.Statistics -> Mode 6(SQL-injector) -> mixed
19.Statistics -> Mode 6(SQL-injector) -> recommendations 19.Statistics -> Mode 6(SQL-injector) -> recommendations
20.SQL-injector -> chains activation panel 20.SQL-injector -> chains activation panel
21.SQL-injector -> general settings 21.SQL-injector -> general settings
22.SQL-injector -> vulnerable modules 22.SQL-injector -> vulnerable modules
23.SQL-injector -> chain 1(character-by-character enumeration) 23.SQL-injector -> chain 1(character-by-character enumeration)
24.SQL-injector -> chain 8(phpmyadmin detection) 24.SQL-injector -> chain 8(phpmyadmin detection)
25.SQL-injector -> chain 10(path disclosure) -> method 1(blind http-check) 25.SQL-injector -> chain 10(path disclosure) -> method 1(blind http-check)
26.SQL-injector -> chain 10(path disclosure) -> method 2(blind sql-scan) 26.SQL-injector -> chain 10(path disclosure) -> method 2(blind sql-scan)
27.SQL-injector -> chain 10(path disclosure) -> method 3(calling error in php function session_start) 27.SQL-injector -> chain 10(path disclosure) -> method 3(calling error in php function session_start)
28.SQL-injector -> chain 10(path disclosure) -> method 4(substitution of square brackets in get/post parameter names) 28.SQL-injector -> chain 10(path disclosure) -> method 4(substitution of square brackets in get/post parameter names)
29.SQL-injector -> chain 12(shell loading) -> basic settings 29.SQL-injector -> chain 12(shell loading) -> basic settings
30.SQL-injector -> chain 12(shell loading) -> base shell loading -> via into outfile in sql-injection (using disclosed path) 30.SQL-injector -> chain 12(shell loading) -> base shell loading -> via into outfile in sql-injection (using disclosed path)
31.SQL-injector -> chain 12(shell loading) -> base shell loading -> via into outfile in sql-injection (blind method) 31.SQL-injector -> chain 12(shell loading) -> base shell loading -> via into outfile in sql-injection (blind method)
32.SQL-injector -> chain 12(shell loading) -> base shell loading -> via into outfile in phpmyadmin (using disclosed path) 32.SQL-injector -> chain 12(shell loading) -> base shell loading -> via into outfile in phpmyadmin (using disclosed path)
33.SQL-injector -> chain 12(shell loading) -> base shell loading -> via into outfile in phpmyadmin (blind method) 33.SQL-injector -> chain 12(shell loading) -> base shell loading -> via into outfile in phpmyadmin (blind method)
34.SQL-injector -> chain 12(shell loading) -> main shell loading -> active GET method 34.SQL-injector -> chain 12(shell loading) -> main shell loading -> active GET method
35.SQL-injector -> chain 12(shell loading) -> main shell loading -> passive POST method 35.SQL-injector -> chain 12(shell loading) -> main shell loading -> passive POST method
36.SQL-injector -> chain 12(shell loading) -> main shell loading -> active CURL method 36.SQL-injector -> chain 12(shell loading) -> main shell loading -> active CURL method
37.SQL-injector -> chain 12(shell loading) -> main shell loading -> EASY method 37.SQL-injector -> chain 12(shell loading) -> main shell loading -> EASY method
ATTENTION!
In the Security-Scan modules, mechanisms that automatically emulate cybercriminals' actions in detecting and exploiting SQL injections are widely used. Therefore, in order to avoid using the scanner for criminal purposes, ISAWT does not sell it.
    Code Change Interceptor
Interceptor is effective software for tracking changes in a code of a web resource up to one symbol.
The software periodically compares the source code of the web resource created during the first run of the software with the current code (the periodicity adjustment is automatically maintained from 15 minutes to 3 days or at any time by the user's command) The source snapshot can be changed by the web resource administrator if upgrade or update is necessary.
Interceptor Functions:
  • Source Snapshot Setting Up (in user interface or in personal account);
  • Check Period Configuration (in personal account);
  • Report Configuration (in personal account);
  • SMS or Email Notifications (in personal account);
  • Report saving in *txt, *doc, *docx formats (in personal account);
  • Web Resource Blocking and Unblocking (in user interface or in personal account).
Interceptor Functions:
  • Source Snapshot Setting Up (in user interface or in personal account);
  • Check Period Configuration (in personal account);
  • Report Configuration (in personal account);
  • SMS or Email Notifications (in personal account);
  • Report saving in *txt, *doc, *docx formats (in personal account);
  • Web Resource Blocking and Unblocking (in user interface or in personal account).
Interceptor can be operated both in automatic mode (Check Period Configuration is supported) and manual start. In case of discrepancies between the current resource code and the source snapshot, the resource manager is notified of an attack indicating the attacked code section. The administrator can manually or automatically block the web resource when the attack is detected. Unblocking the web resource is possible by entering an activation code, which is available in personal account on the web site.
Services

Statistics

Projects

Partnership

About us 		Contacts

Privacy policy

Terms of Use

 info@isaweb.tech


Send
The following characters are
not allowed in the message text : / \ ' "

ISA WEB TECHNOLOGIES © 2025
This site uses cookies and services for collecting technical data of visitors (data about IP-address, location, etc.) to ensure performance and improve the quality of service. By continuing to use our site, you automatically agree to the use of these technologies.
Ок Privacy policy