Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning

The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception.

The scanner, developed by Maximilian Hildebrand, offers extensive support for various web cache poisoning and deception techniques. It features a built-in crawler to discover additional URLs for testing. The tool is designed to adapt to specific web caches for enhanced testing efficiency, is customizable, and integrates into existing CI/CD pipelines.

Features

• Analyzing a web cache before testing and adapting to it for more efficient testing
• Generating a report in JSON format
• Crawling websites for further URLs to scan
• Routing traffic through a proxy
• Limiting requests per second to bypass rate limiting

Web Cache Vulnerability Scanner supports nine advanced web cache poisoning techniques, including:

• Unkeyed header poisoning
• Unkeyed parameter poisoning
• Parameter cloaking
• Fat GET
• HTTP response splitting
• HTTP request smuggling
• HTTP header oversize (HHO)
• HTTP meta character (HMC)
• HTTP method override (HMO)

Web Cache Vulnerability Scanner is available for free on GitHub.

Must read:

• 33 open-source cybersecurity solutions you didn’t know you needed
• 20 free cybersecurity tools you might have missed
• 20 essential open-source cybersecurity tools that save you time

I have read and agree to the terms & conditions

Leave this field empty if you're human: