Viewing Scan Results

Quickly grok and prioritize any found vulnerabilities

Results Format

Upon scan completion, the HawkScan results are returned directly in the terminal and written out to a hawkscan-results.html file in the local project directory.

The HawkScan results will present the total number of found vulnerabilities across all pages in the application, as well as the total number of unique vulnerabilities it finds throughout your app.

The scan results presented in the terminal and in the HTML report are split into two sections:

  • The results summary, reporting the total number of found vulnerabilities across all paths in the application, as well as the total number of unique vulnerabilities found.

  • The results payload, with specific details on every found vulnerability and resources to address those vulnerabilities.

In the future, results will be available via the StackHawk web app.

Results Summary

The scan results summary contains details about the scanned application, including:

  • The number of vulnerabilities found across each risk level

  • The total number of found vulnerabilities throughout the application

  • The total number of unique vulnerabilities identified by the scan

Sample Results Summary

Scan results for http://localhost:3000
High: 1 Medium: 17 Low: 9020 Total: 9038 Unique: 5

Results Payload

The scan results payload is organized as a list of every found unique vulnerability across the scan. Each reported vulnerability includes the following fields in its payload:

  • Vulnerability: The name of the vulnerability that has been identified.

  • Risk: An assessment of the risk presented by the vulnerability.

  • Confidence: The confidence that the scan has accurately identified the vulnerability.

  • References: Additional external links that can assist in addressing the identified vulnerabilities.

  • Paths: The URL paths and associated HTTP methods where vulnerabilities were found.

Reported vulnerabilities may include additional fields in its payload, including:

  • Cheatsheet: A link to an applicable OWASP Cheatsheet for this vulnerability.

More information on the payload components are included below.

Vulnerability

This field is the name of the vulnerability that has been identified. HawkScan is built on OWASP's ZAP scanner and includes both standard vulnerability definitions and additional plugin vulnerabilities.

Risk

The risk field is an assessment of the likelihood and impact, with every found vulnerability rated as High, Medium, or Low. The risk severity corresponds as follows:

  • Low - Informational and low-impact discoveries, as well as security suggestions.

  • Medium - Vulnerabilities with significant impact or ease of exploit.

  • High - Vulnerabilities with significant impact and likelihood of exploit, usually with a known corresponding CWE or CVE attached to the vulnerability.

These risk categories are loosely based on the OWASP Risk Rating Methodology.

Vulnerability results are returned ordered by risk, with High items presented first.

Confidence

This field represents the confidence level that HawkScan has accurately identified the given vulnerability. This field is also measured as one of High, Medium, or Low. The confidence level corresponds as follows:

  • Low - the results should be independently confirmed for accuracy and relevance.

  • Medium - the results are likely accurate.

  • High - the results are provided with a strong assurance of accuracy and relevance.

References

The references field includes links that can help in addressing the identified vulnerabilities. Note that these are pulled from the open source ZAP scanner.

Paths

A list of all paths in the web application which the vulnerability was identified with the associated HTTP method. If more than 5 paths are identified, the full list of pages identified with the vulnerability can be viewed in the detailed HTML results.

Often times, a single fix can address the same vulnerability found across multiple pages.

Cheat Sheet

The cheatsheet field is an optionally included link to an applicable OWASP Cheat Sheet reference. These are helpful resources on specially focused security topics, that are highly relevant to the reported vulnerability.

Not every vulnerability includes this field in its payload.

Sample Results Payload

1) Cross Site Scripting (Reflected)
Risk: High
Confidence: Medium
Cheatsheet: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md
Paths (1):
POST /searchresults
2) Path Traversal
Risk: High
Confidence: Medium
Cheatsheet: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Input_Validation_Cheat_Sheet.md
Paths (1):
POST /microposts
3) Cross-Domain JavaScript Source File Inclusion
Risk: Low
Confidence: Medium
Paths (43):
GET /users
GET /users/2
GET /users/2/edit
GET /users/2/followers
GET /users/2/following
... 38 more in details