ZeroDayScan is an online web application scanner which crawls through the app and discovers the vulnerabilities in the application. It attempts to find out the common web vulnerabilities like XSS, SQL Injection and all the way down to web app fingerprinting.
As per their FAQ it takes around half an hour to scan normal sized websites, but as soon as I initiated scan for my website, I got a notification mail saying that it takes around 72 hours to complete the scan but I got the results emailed in about 5 hours.
Start the Scan
- Create a text file with the name ‘zerodayscan.txt’ which contains the unique random key generated at zerodayscan.com site.
- Submit the Site URL and Email Id to which the scan results are to be mailed.
- Start the scan. (Scan results will be emailed once its complete)
Output of the scan result is a pdf document which will be emailed to the user and contains the following information
- Summary of the Scan (check the above pic)
- Details of the Critical, High, Medium and Low Vulnerabilities
- Whois information of the website.
Sample Summary Table in the Report
ZeroDay Scan Summary Table
The results gives us an approximate idea on the vulnerabilities of the target though it obviously does not have as much capabilities as a commercial webapp scanner.
- No installation is required. It is an online service
- Detects Cross Site Scripting attacks (XSS)
- Detects Hidden Directories and Backup Files
- Looks for Known Security Vulnerabilities
- Searches for SQL Injection Vulnerabilities
- Automatically detects zero day bugs
- Performs Website Fingerprinting
- Generates free reports