Active vulnerability scanning modules in ABSpider Recon are designed to identify high-impact security flaws by actively injecting payloads and analyzing server responses. These modules target SQL Injection (SQLi), Cross-Site Scripting (XSS), and Local File Inclusion (LFI) using a combination of heuristic analysis, signature matching, and differential timing checks.
The active scanners share a common execution pattern:
normalizeUrl src/services/apiUtils.ts1file, page, include, path) src/services/lfiScanService.ts146-153The following diagram illustrates how the scanning services interact with the RequestManager and payload datasets.
Active Scanning Service Architecture
Sources: src/services/sqlScanService.ts1-4 src/services/xssScanService.ts1-4 src/services/lfiScanService.ts1-4 src/services/requestManager.ts1-10
The sqlScanService employs three distinct methodologies to detect SQL injection vulnerabilities.
SQL_ERROR_PATTERNS, a collection of regexes for MySQL, PostgreSQL, MSSQL, Oracle, and SQLite src/services/sqlScanService.ts23-72AND 1=1--) vs "False" (e.g., AND 1=0--) conditions against the baseline. A vulnerability is flagged if the "True" response matches the baseline while the "False" response differs src/services/sqlScanService.ts133-165SLEEP(5)). If the duration exceeds the expected delay minus a 500ms jitter margin, it is flagged as vulnerable src/services/sqlScanService.ts99-115Payloads are sourced from sqli.json src/payloads/sqli.json1-84 Confidence scores are assigned based on the detection method; for example, time-based hits often receive a confidence of 1.0 src/payloads/sqli.json22-25 The service supports severity levels up to catastrophic for high-impact payloads like stacked queries src/services/sqlScanService.ts74-81 src/payloads/sqli.json26-27
Sources: src/services/sqlScanService.ts6-21 src/services/sqlScanService.ts133-141 src/payloads/sqli.json1-84
The xssScanService focuses on reflected XSS by detecting if injected payloads are returned in dangerous HTML contexts.
The service defines XSS_DANGEROUS_CONTEXTS, which includes regex patterns for src/services/xssScanService.ts33-59:
<script> tag contexts.onload, onclick).href or src attributes using javascript: or data: schemes.innerHTML or document.write.The checkReflection function determines exploitability src/services/xssScanService.ts78-85:
Sources: src/services/xssScanService.ts33-59 src/services/xssScanService.ts78-160 src/payloads/xss.json1-62
The lfiScanService identifies directory traversal and file inclusion vulnerabilities by matching response content against known sensitive file signatures.
The function checkLFISignature analyzes responses for specific patterns src/services/lfiScanService.ts71-124:
root:x:0:0: or /bin/bash detections with 0.99 confidence src/services/lfiScanService.ts75-81[fonts] or [extensions] within .ini structures src/services/lfiScanService.ts103-109php://filter base64 encoded content src/services/lfiScanService.ts93-100LFI_ERROR_PATTERNS like "failed to open stream" src/services/lfiScanService.ts43-53 src/services/lfiScanService.ts112-121The service iterates through parameters and applies payloads from lfi.json, which includes bypass techniques like ....// filters and various PHP wrappers src/payloads/lfi.json1-65
Sources: src/services/lfiScanService.ts22-59 src/services/lfiScanService.ts71-124 src/payloads/lfi.json1-65
The results from the active scanning services are consumed by specialized React components that provide mitigation advice and evidence snippets.
| Service | UI Component | Primary Features |
|---|---|---|
sqlScanService | SQLVulnerabilities | Displays testing method (Error, Blind, Time), payload, and indicator src/components/SQLVulnerabilities.tsx72-79 |
xssScanService | XSSVulnerabilities | Shows reflection location, evidence snippet, and context-aware severity src/components/XSSVulnerabilities.tsx105-126 |
lfiScanService | LFIVulnerabilities | Lists parameter-specific hits, confidence percentages, and file content previews src/components/LFIVulnerabilities.tsx114-138 |
This diagram bridges the gap between the scanning logic and the UI presentation.
Vulnerability Data Flow
Sources: src/components/SQLVulnerabilities.tsx9-26 src/components/XSSVulnerabilities.tsx7-22 src/components/LFIVulnerabilities.tsx9-30
Each component uses a ModuleCardWrapper to handle error states and "No Data" messages src/components/LFIVulnerabilities.tsx47-55 Evidence is typically rendered in a monospaced font within a bg-muted block to preserve formatting of injected payloads or server errors src/components/SQLVulnerabilities.tsx125-128 src/components/XSSVulnerabilities.tsx110-112 src/components/LFIVulnerabilities.tsx137-139
Sources: src/components/SQLVulnerabilities.tsx125-128 src/components/XSSVulnerabilities.tsx110-112 src/components/LFIVulnerabilities.tsx137-139
Refresh this wiki
This wiki was recently refreshed. Please wait 6 days to refresh again.