The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception.
The scanner, developed by Maximilian Hildebrand, offers extensive support for various web cache poisoning and deception techniques. It features a built-in crawler to discover additional URLs for testing. The tool is designed to adapt to specific web caches for enhanced testing efficiency, is customizable, and integrates into existing CI/CD pipelines.
Features
- Analyzing a web cache before testing and adapting to it for more efficient testing
- Generating a report in JSON format
- Crawling websites for further URLs to scan
- Routing traffic through a proxy
- Limiting requests per second to bypass rate limiting
Web Cache Vulnerability Scanner supports nine advanced web cache poisoning techniques, including:
- Unkeyed header poisoning
- Unkeyed parameter poisoning
- Parameter cloaking
- Fat GET
- HTTP response splitting
- HTTP request smuggling
- HTTP header oversize (HHO)
- HTTP meta character (HMC)
- HTTP method override (HMO)
Web Cache Vulnerability Scanner is available for free on GitHub.
Must read: