AWVS Update

InfO

• 本仓库及相关资源仅供个人测试，请勿用于非法用途
• This warehouse and related resources are for personal testing only, please do not use them for illegal purposes

Latest 23.9.231020153

New security checks

• New Security Check: CVE-2023-20198
• New Security Check: CVE-2023-22515

Improvements

• Multiple improvements to the SSL Engine
• Improvements to the detection of CVE-2023-27524
• Improvements to the detection of SQL Injection vulnerabilities when using WAFs

Use

docker run -it -d \
--name awvs \
-p 3443:3443 \
--restart=always \
xrsec/awvs
# example xrsec/awvs:{{tags}} # https://hub.docker.com/r/xrsec/awvs/tags
# xrsec/awvs:v15.1

Edit HOSTS

sudo vi /etc/hosts
192.168.0.1 awvs.lan

RootCA 「must」

Downlaod && Install RootCA.cer

Visit Web

URL: https://awvs.lan:3443/#/login
UserName: awvs@awvs.lan
PassWord: Awvs@awvs.lan

---

Previous 23.9.231013139

Fixes

• Fix for XML Export

Improvements

• Multiple improvements to the SSL Engine

XRSec has the right to modify and interpret this article. If you want to reprint or disseminate this article, you must ensure the integrity of this article, including all contents such as copyright notice. Without the permission of the author, the content of this article shall not be modified or increased or decreased arbitrarily, and it shall not be used for commercial purposes in any way