Penetration testing

Advanced IronWASP

Chiragh Dewan
March 29, 2017 by
Chiragh Dewan

In Part 1, we saw what all IronWASP is capable of and how it handles a single page scan. In Part 2, we shall see how it reacts to a complex web application on localhost which requires a Login Sequence and how we can use an external model it is bundled with, WiHawk, and scan a route for vulnerabilities.

Scanning a complex application on Localhost

For a further test, we will be using Damn Vulnerable Web Application (DVWA). It is an open source application on which we can practice various security tests at various levels. It can be downloaded from Installation instructions and setup is present with it.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Since it requires the user to Login, we will be recording the Login.

Once that is opened, it will ask us to enter the username and password. Since we are doing a basic scan, we will leave the CSRF token for now:

Once entered, we will be taken to the Record page:

Now for us to do that, we will go back to IronWASP again and open the Browser Based Crawler which can be found under Tools:

Once opened, we will open the 'Manual Crawler' (marked in blue):

This will open a blank page in Google Chrome along with a CMD (do not close this). Now we will go back to the Recording Page and Start recording:

IronWASP will now wait for us to enter the login credentials we had entered in the previous step. Once we enter the credentials, IronWASP will automatically move to the 'TEST' page on which it will wait for 5 seconds, for the page to completely load, and the move on to the 'SAVE' page where we can save the Login sequence for future use.

Now that we have the Login Sequence saved, we can start scanning. To do that, we go back and check the Sitemap. Once we find our main project that we want to put an Automated Scan on, we select it first, and the select 'Scan Branch':

We will be presented with the same scanning options that we had discussed in our previous scan:

Except, in the 'Customization' panel, we will have the ability to choose our Login Sequence (marked in blue):

Once the scanning is started, we can see the progress under 'Automated Scanning':

Scanning a router using WiHawk

As mentioned in Part 1, IronWASP is bundled with additional modules created by independent security researchers. One of those modules in WiHawk which is used to find a vulnerability in a router. It is found under the modules tab, under Vulnerability Scanners:

When clicked, it will show you some information regarding the module and ask permission to Run it:

Once the module is loaded, it will show you three options:

  • Scan Single IP
  • Scan Range of IP's
  • Scan using Shodan

For now, we will be Scanning a Single IP:

Moreover, as we can see, the route is vulnerable and has default username and password as admin.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.


IronWASP is not a tool recommended for beginners. Although there are features that can be understood by them, it is UI, and unclear context makes it difficult to start right off the bat. Although there are numerous features available, the learning curve can be drastic for many.

Chiragh Dewan
Chiragh Dewan

A creative problem-solving full-stack web developer with expertise in Information Security Audit, Web Application Audit, Vulnerability Assessment, Penetration Testing/ Ethical Hacking as well as previous experience in Artificial Intelligence, Machine Learning, and Natural Language Processing. He has also been recognised by various companies such as Facebook, Google, Microsoft, PayPal, Netflix, Blackberry, etc for reporting various security vulnerabilities. He has also given various talks on Artificial Intelligence and Cyber Security including at an TEDx event.