Emerging Trends In Computer And Information Technology

STUDY OF IRONWASP
TOOL
(Emerging Trends in Computer and Information Technology)

SANJIVANI KBP POLYTECHNIC, KOPARGAON

DEPARTMENT OF COMPUTER TECHNOLOGY
2020-2021
 Emerging Trends In Computer And Information Technology

SANJIVANI KBP POLYTECHNIC, KOPARGAON

(2020-2021)

DEPARTMENT OF COMPUTER TECHNOLOGY

Emerging Trends In Computer And Information Technology

(22618)
A MICRO-PROJECT REPORT ON

“Study Of IronWASP tool”

For the partial fulfillment od diploma in computer Technology, MSBTE,
Mumbai.

Under guidance of:

A.R.Mirikar

Submitted by:
Mundada Samrudhi Sanjay(56)
 Emerging Trends In Computer And Information Technology

Study Of IronWASP tool

Sanjivani K.B.P. Polytechnic, Kopargaon.

CERTIFICATE

Micro project on

Study Of IronWASP tool

SUBMITTED BY

.
Name: Mundada Samrudhi Sanjay

Approved for Diploma in Computer Technology

Under guidance of

A.R.Mirikar

(Subject teacher) (Head of Department)

Mr. A.R.Mirikar Mr.G.N.Jorvekar

Place:Kopargoan
Date: / /
 Emerging Trends In Computer And Information Technology

Index

SRES’s Maharashtra State Board Of

Technical Education
S. K. B. P. Polytechnic, Evaluation Sheet for Micro-Project
Kopargoan
Academic Year: 2020-21
Name Of Faculty: Computer Technology (CM5I)
Course: Emerging Trends In Computer And
Information Technology (22618)

Semester: 6th Sem

PROJECT TITLE : “ Study Of IronWASP tool”

Roll No. Name of Student Marks out of Marks out of 4 Total Out Remarks
6 for for performance Of 10
performance in Oral /
in Group Presentation
Activity
56 SAMRUDHI S
MUNDADA
 Emerging Trends In Computer And Information Technology

Acknowledgement
I would like to acknowledge all the people who have motivated and helped me
throughout my dissertation. Firstly,I would like to thank my subject teacher as well as
project guide MR. A.R.MIRIKAR sir who told me and provided the information
throughout my project work. His idea always motivated me every time. He always
solved my problem and always encouraged me . I am grateful for H.O.D Mr. G. N.
Jorvekar sir and our beloved principal Prof. A. R. Mirikar sir for their consistent
guidance , without their blessings this would not have been impossible.I thank all my
friends and non-teaching staff for their valuable time and help for the completion of
my project. Once again, I am grateful to all of them without whom my project will
not been successful.
 Introduction

 Security scanners have always played an important role during

penetration testing. It helps save a lot of resources as automated
testing plays a big role in these scanners. In a single scan, security
scanners help us check for a number of vulnerabilities that may be
affecting our application. Considering not all vulnerability scanners
are open source, a great deal of them are available such as:

 IronWASP
 OpenVAS
 Retina CS Community
 W3af
 Grabber, etc.
 In this article, we shall be discussing more about IronWASP
 Information
 Find security issues on your website automatically using IronWASP, one of the world's
best web security scanners.

 Here are some reasons why IronWASP is great:

 It's Free and Open source

 GUI based and very easy to use, no security expertise required
 Powerful and effective scanning engine
 Supports recording Login sequence
 Reporting in both HTML and RTF formats - Click here to view the sample report
 Checks for over 25 different kinds of well known web vulnerabilities
 False Positives detection support
 False Negatives detection suppport
 Industry leading built-in scripting engine that supports Python and Ruby
 Extensibile via plug-ins or modules in Python, Ruby, C# or VB.NET
 Comes bundled with a growing number of Modules built by researchers in the security
community.
o WiHawk - WiFi Router Vulnerability Scanner by Anamika Singh
o XmlChor - Automatic XPATH Injection Exploitation Tool by Harshal Jamdade
o IronSAP - SAP Security Scanner by Prasanna K
o SSL Security Checker - Scanner to discover vulnerabilities in SSL installations
by Manish Saindane
o OWASP Skanda - Automatic SSRF Exploitation Tool by Jayesh Singh Chauhan
o CSRF PoC Generator - Tool for automatically generating exploits for CSRF
vulnerabilities by Jayesh Singh Chauhan
o HAWAS - Tool for automatically detecting and decoding encoded strings and
hashes in websites by Lavakumar Kuppan
 You can download IronWASP here:  ironwasp.zip
 Emerging Trends in computer and information technology (22618)

IronWASP(Web Application
Advanced Security Testing Platform
Tools)

 IronWASP (Iron Web application Advanced Security testing Platform) is an open

source system for web application vulnerability testing.
 It is designed to be customizable to the extent where users can create their own
custom security scanners using it.
 Though an advanced user with Python/Ruby scripting expertise would be able to make
full use of the platform, a lot of the tool's features are simple enough to be used by
absolute beginners.
 IronWASP has a plugin system that supports Python and Ruby.
 The version of Python and Ruby used in IronWASP is IronPython and IronRuby which is
syntactically similar to CPython and CRuby.
 However some of the standard libraries might not be available, instead plugin authors
can make use of the powerful IronWASP API.
 Emerging Trends in computer and information technology (22618)

Features of IronWASP TOOL

 It is an open-source tool, which is used to identify the vulnerability of the web
application. It stands for the Iron Web Application Advanced Security Testing Platform.
With the help of this tool, a user can make their custom security scanners.
 It was developed by using Python and Ruby programming languages.

 Features of IronWASP

o It will support the recording login sequence.

o It will produce the reports for both RTF and HTML formats.
o It is a GUI based tool.
o It will support false Positives and negatives detection.
 Emerging Trends in computer and information technology (22618)

Conclusion
IronWASP is not a tool recommended for beginners. Although there are features
that can be understood by them, it is UI, and unclear context makes it difficult to
start right off the bat. Although there are numerous features available, the
learning curve can be drastic for many.
Emerging Trends in computer and information technology (22618)

Reference
www.resources.infosecinstitute.com
www.eassaytoolbox
www.sciencedirect.com