Diviner: An Active Information Gathering Platform!

[Wubi]

Diviner comes to us from the author of the recently released Security Tools benchmark – Shay Chen – that helps you to gain an insight into the server-side source code and memory structure of any application, using black box techniques and without relying on any security exposures! It tries to introduce a crossbreed between automated testing and human deduction, provide an alternate (or complementary) route via techniques such as source code fingerprinting, and memory structure divination and cross entry-point effects.

Diviner is an open source, active information gathering platform, built as an extension for OWASP Zed Attack Proxy (ZAP),

and aimed to enhance the tester’s decision making process. It is is a unique platform that attempts to predict the structure of the server-side memory, source code and processes, by executing scenarios aimed to fingerprint behaviors that derive from specific lines of code, processes or memory allocations, by employing the use of a variety of coverage processes, content differentiation tests and entry point execution scenarios, and by using deduction algorithms that convert this information into a visual map of the application. This information is also presented in the form of leads, that can help testers locate complex vulnerabilities, the same way they locate vulnerabilities that are considered low hanging fruit.

Features offered by Diviner:

Analysis Features:

• Detect Input Reflections (Potential XSS, CRLF Injection, Etc)
  
• Detect Error-Generating Scenarios (Potential Injections)
  
• Detect Content Differentiation Effects (Direct & Indirect Effect of Input)
  

Coverage Features:

• Reuse the Content in ZAP’s History
  
• Domain Restrictions
  
• URL Exclusion
  

Deduction Processes:

• Convert Behaviors into Pseudo-code Representation of Server-Side Code
  
• Predict the Structure of the Server Side Memory (Session / DB / Etc)
  
• Isolate and Present a Map of the Server-Side Processes
  
• Specific Payload Recommendations
  

Barrier Support:

• Authentication Support
  
• Anti-CSRF Token Support
  
• Resend Updated Values of Required Parameters (VIEWSTATE, Etc)
  
• Replay Relevant History Prior To Resending Requests
  

Built-in Plugins:

• A Customized Manual Penetration Test Payload Manager
  

Integration Features:

• Integration With ZAP’s ‘Resend Request’ Feature
  

Diviner can already illustrate server side behaviors and processes, contains features such as the task list/advisor which provide invaluable leads to potential exposures, present a partial map of the server side memory, and present a partial representation of the server side code. Since Diviner attempts to identify behaviors that result from valid & invalid scenarios, and can’t guess what is valid on its own, it must be used after a short manual crawling process that covers the important application sections with valid values. Clearly, the ZAP extension does not perform any form of automated vulnerability scanning, but plans on exporting the interesting leads to a format that can be used by external scanners to detect exposures in these abnormal scenarios are in the works.

The Diviner extension is deployed using a Windows installer (or in binary format for other operating systems), and requires Java 1.7.x and OWASP ZAP 1.4.0.1 in order to run properly.

Download Diviner:

Diviner v1.0.1 – Diviner-v1.0.1beta.exe/diviner-1.0.1beta-src.zip

Sursa: PenTestIT — Your source for Information Security Related information!