Warning: You're looking at a styleless page because your browser is ignoring CSS styles. You're probably using a very old browser, or you disabled CSS support by purpose. We suggest you to download a modern browser such as Firefox or Internet Explorer.

Chorizo! Scanner

"69% of all vulnerabilities happen in web applications"
Symantec Internet Security Threat Report
"21,5% of all vulnerabilities are XSS vulnerabilities"
Mitre Corporation

Be sure to secure your PHP/Web applications with Chorizo!

Chorizo! is an advanced security scanner featuring:

  • Recursive Scan
  • Scan while browsing
  • Web-based scanning
  • Reports of current and past scans

Chorizo! is able to scan for several security issues including:

  • XSS: It scans the request for several XSS vulnerabilities. It tries to insert payload code that:
    • checks if one or more parameters of the current page are vulnerable to XSS attacks in general
    • specialized attack for attribute names, including vulnerabilities that are available in Internet Explorer (IE ignoring nullbytes, for example)
    • specialized attacks inside script tags
    • specialized attacks inside Cascading Style Sheets (CSS)
  • Code Execution: It tries to insert payloads to test if
    • code will be directly executed inside eval()
    • code will be executed inside a string that gets evaled
    • code will be inserted in another string before it gets evaled
  • Code inclusion: It tries to inject several payload strings that enable Chorizo! to check if blind file inclusions are possible. The test includes for nullbyte terminated strings that slip through some old PHP versions.
  • PHP Versions: It checks for old PHP versions.
  • SQL injections: It tries to insert payloads to test if it was possible to inject SQL commands into your code. Using Morcilla, a server side PHP extension which is able to hook into every PHP function - and therefor is able to give Chorizo! concrete information if there's an error i.e. in mysql_error() or PDO's query functions. Furthermore, it detects a lot more errors like in shell_exec, preg_*, fopen, mail and others.
  • Apache: It checks if your website contains open Apache index directories. Index directories are a feature of Apache to display a HTML page with a file list of the directory's contents. Normally you wouldn't do that on a productive version of your website.
  • HTTP: It checks for HTTP response splitting vulnerabilities in your PHP application/PHP installation.
  • Session injection: It tries to inject code into a Session ID. Chorizo! is able to detect XSS injection through the Session ID.

For every issue Chorizo's Advisor will give you more detailed information about the problem itself, a general solution and provides a solution PHP code how to solve your problem.

Feel free to contact us if you want more information about this solution.

Purchase your own copy and make your application more secure now »



Powered by PHPEdit