How to find website Vulnerability ( CVEs)

Introduction

This tutorial will guide you through the process of identifying website vulnerabilities, specifically focusing on Common Vulnerabilities and Exposures (CVEs). Understanding and finding these vulnerabilities is crucial for web security professionals, developers, and ethical hackers. This guide will utilize tools and methods discussed in the HackTech 2.0 video to help you effectively locate potential security weaknesses in websites.

Step 1: Setting Up Your Environment

Before you start scanning for vulnerabilities, ensure you have the right environment and tools.

• Install Python: Most vulnerability scanners require Python. Download and install it from the official Python website.
• Get the Swit Scanner: Clone the repository from GitHub to access the scanning tool.

  git clone https://github.com/RedSecurity/swit-scanner.git
  

• Install Dependencies: Navigate to the cloned directory and install necessary dependencies using pip.

  cd swit-scanner
  pip install -r requirements.txt
  

Step 2: Understanding Vulnerability Types

Familiarize yourself with different types of vulnerabilities that the scanner can detect:

• XSS (Cross-Site Scripting): Allows attackers to inject scripts into web pages viewed by others.
• LFI (Local File Inclusion): Permits an attacker to include files on a server through the web browser.
• SQLi (SQL Injection): Involves inserting malicious SQL queries to manipulate databases.

Understanding these vulnerabilities will help you better interpret the scan results.

Step 3: Running the Swit Scanner

Now that your environment is set up, you can run the scanner to find vulnerabilities.

• Open your terminal.
• Execute the scanner with the target URL.

  python swit.py -u <target-url>
  

• Replace <target-url> with the actual URL of the website you want to scan.

Step 4: Analyzing Scan Results

After running the scanner, it will output a report of any vulnerabilities found.

• Review the report carefully.
• Take note of:
  • Type of vulnerability
  • Severity level
  • Suggested remediation steps

Step 5: Mitigation Strategies

Once vulnerabilities are identified, it is essential to address them:

• For XSS:

  • Implement proper input validation and sanitization.
  • Use Content Security Policy (CSP) headers to mitigate risks.

• For LFI:

  • Disable file inclusion features if not necessary.
  • Validate and sanitize user input.

• For SQLi:

  • Use prepared statements and parameterized queries.
  • Regularly update your database management system.

Conclusion

In this tutorial, you learned how to set up your environment, run a vulnerability scanner, and analyze the results to identify and mitigate common web vulnerabilities. Regularly scanning your web applications for CVEs is a best practice in cybersecurity. For further learning, consider diving deeper into each vulnerability type and exploring more advanced scanning tools and techniques.