Skip to content

zhaoyun95/ava

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

ava

ava

 
 

samples

samples

 
 

tests

tests

 
 

.coveragerc

.coveragerc

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

Repository files navigation

AVA - Another Vulnerability Auditor

AVA is a web scanner designed for use within automated systems. It accepts endpoints via HAR-formatted files and scans each request with a set of checks and auditors. The checks determine the vulnerabilities to check, such as Cross-Site Scripting or Open Redirect. The auditors determine the HTTP elements to audit, such as parameters or cookies.

Installation

Installing AVA:

pip3 install git+ssh://git@github.com/indeedsecurity/ava.git

Scans

Scanning with default auditors and checks:

ava vectors.har

Scanning with specific auditors and checks:

ava -a parameter -e xss vectors.har

Configuration

Configurations are specified via YAML files:

auditors
  - parameter
  - cookie
actives
  - xss
  - open_redirect
domain: ".example.com"
excludes:
  - /logout
agent: "Mozilla/5.0"
report: "report.json"

Help

Displaying the help message:

ava -h

Displaying the list of auditors and checks:

ava -l

Tests

Running tests:

pytest --cov-report=term-missing --cov=ava tests/

License

AVA is licensed under the Apache License, Version 2.0.

About

Another Vulnerability Auditor

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%