Pentesting Tools
OS Command Injection Scanner
CISCANNER (OS Command Injection Scanner) is a specialized OS Command Injection Scanner.
Overview
CISCANNER is a specialized tool for detecting command injection vulnerabilities (CWE-78). These flaws are typically classified as critical-severity due to their potential for arbitrary code execution on the vulnerable system. CISCANNER’s robust detection methods help identify points where user input might be improperly handled, leading to potential system compromise.Usage Examples
You can specify a list of target URLs for CISCANNER to check for OS Command Injection vulnerabilities. Optionally, you may configure any settings you’d like. Afterward, simply click on Scan to launch your scan. Shortly after your scan has been launched, you will be redirected to the page to view your pending scan.
You must provide a list of target URLs to scan for vulnerabilities, not base URLs or root domains. A few examples:Correct:
https://example.com/path/to/scan?param1=xyz¶m2=xyz https://api.example.com/path/to/scan2Incorrect: https://example.com/ https://app.example.com/Capabilities
CISCANNER (OS Command Injection Scanner) is a specialized OS Command Injection scanner equipped with the following capabilities:OS Command Injection Detection
OS Command Injection Detection
CISCANNER is a specialized tool to help you detect OS Command Injection vulnerabilities, including blind OS command injections.
Integrated OAST Server
Integrated OAST Server
CISCANNER uses your private OAST Server to validate flagged vulnerabilities to provide a false-positive free experience.
Advanced Payloads With WAF Bypasses
Advanced Payloads With WAF Bypasses
Advanced Payloads with Web Application Firewall (WAF) bypasses for popular firewalls like Cloudflare, Akamai, etc.