BappDescription.html

<p>
    ActiveScan++ extends active and passive scanning capabilities. Designed to add minimal network overhead, it
    identifies application behavior that may be of interest to advanced testers.
</p>

<h2>Features</h2>
<ul>
    <li>Detects potential host header attacks, including password reset poisoning, cache poisoning, and DNS rebinding
    </li>
    <li>Identifies Edge Side Includes and XML input handling vulnerabilities</li>
    <li>Discovers suspicious input transformations such as expression evaluation (7*7 &rarr; '49') and character
        escaping (\x41\x41 &rarr; 'AA')</li>
    <li>Detects blind code injection via expression language, Ruby's <code class="InlineCode">open()</code>, and Perl's
        <code class="InlineCode">open()</code></li>
    <li>Checks for specific CVEs including Shellshock (CVE-2014-6271, CVE-2014-6278), Struts vulnerabilities
        (CVE-2017-5638, CVE-2018-11776), Solr injection (CVE-2017-12629), Log4Shell (CVE-2021-44228), Rails file
        disclosure (CVE-2019-5418), and React2Shell (CVE-2025-55182, CVE-2025-66478)</li>
    <li>Identifies unicode processing issues that may bypass character blocklists</li>
    <li>Triggers passive scanner checks during active scanning to discover issues that only appear during fuzzing</li>
    <li>Provides insertion points for HTTP basic authentication testing</li>
</ul>

<h2>Usage</h2>
<ol>
    <li>Run a standard active scan on your target</li>
    <li>The extension automatically performs all configured checks during the scan</li>
    <li>Review discovered issues in the scan results</li>
</ol>

<p>
    <strong>Note:</strong> The host header checks modify the host header, which may route requests to different applications on the same
    host. Exercise caution when scanning applications in shared hosting environments.
</p>

<p><br>Copyright &copy; 2014-2025 PortSwigger Ltd.</p>