idsecconf, profile picture
Uploaded byidsecconf
273 views

IDSECCONF2025 - Ali - DursGo–Web Security Scanner with AI Analysis.pdf

DursGo adalah web application security scanner berbasis Go yang dirancang untuk penetration testing dan audit keamanan otomatis. Analisis Berbasis AI: Terintegrasi dengan LLM (Gemini, Groq) untuk memberikan analisis mendalam, ringkasan akar masalah, dan rekomendasi perbaikan kode. Integrasi OAST: Mendeteksi blind vulnerabilities menggunakan verifikasi out-of-band.

Technology
Related topics:
Web Application

Embed presentation

Downloaded 17 times
DURSGO W E B A P P L I C A T I O N S C A N N E R W I T H A I A N A L Y S I S WWW.2025.IDSECCONF.ORG
ABOUT ME CONTENT CREATOR RESEARCHER SATPAM AT PUNGGAWA CYBERSECURITY KANG ALI #IDSECCONF2025 ABOUT ME WWW.ROOMKANGALI.COM
ABOUT ME #IDSECCONF2025 OUTLINE WWW.ROOMKANGALI.COM DURS PROJECT DEVELOPMENT FEATURE & WORKFLOW SCANNERS DURSGO DEMO ROADMAP
ABOUT ME #IDSECCONF2025 DURS PROJECT Research and Development eEcosystem in the field of Cyber Security. DursGo : Web Vulnerability Scanner With AI Analysis LabVulnerDursGo : Vulnerable lab environment DursVulnNSE : Nmap Script Engine (NSE) DursVuln-Database : Centralized DursVulnNSE database DursBurp : AI Extension for Burp Suite DursNet : Platform Vulnerability Scanner DursRAG : System designed to act as a cybersecurity assistant. DursLLM : Model LLM AI Vulnerability DursMCP : Management and Control platform AI
ABOUT ME #IDSECCONF2025 DursGo DursRAG DursVuln-Database DursNET LabVulnerDursGo DursMCP DursBurp DursVulnNSE DursLLM - Tunelling-AI DURS PROJECT
ABOUT ME #IDSECCONF2025 DURSGO DOWNLOAD DursGo is a web application security scanner designed for penetration testing and automated security audits. Built with Go, DursGo combines high-performance scanning with AI-powered analysis to deliver intelligent and actionable security insights. V V Link Repo dursgo Link Repo LabVulnerDursGo https://github.com/roomkangali/dursgo https://github.com/roomkangali/LabVulnerDursGo dursgo Ver 1.0.0 dursgo Ver 1.1.0 Web Application Security scanner designed for penetration testing and automated security audits. AI-powered analysis to deliver intelligent and actionable security insights V dursgo Ver 1.2.0 New module subdomain scanner attack surface by finding and validating active subdomains
ABOUT ME #IDSECCONF2025 DURSGO DEVELOP
ABOUT ME #IDSECCONF2025 DURSGO CLI
ABOUT ME #IDSECCONF2025 DURSGO VULNERABILITY LABS A collection of vulnerable applications to test the DursGo scanner.
ABOUT ME #IDSECCONF2025 FEATURES DURSGO AI-Powered Analysis: Integrates with LLMs (Gemini, Groq) to provide detailed analysis, root cause summaries, and specific code remediation advice for discovered vulnerabilities. OAST (Out-of-Band) Integration: Detects blind vulnerabilities through out- of-band verification. Intelligent, Context-Aware Scanning: Detects a wide range of vulnerabilities using context-aware logic for high accuracy. Comprehensive Authentication Support: Capable of scanning applications protected by login forms, bearer tokens, or session cookies. In-Depth Automated Discovery: Performs comprehensive crawling of web applications, including JavaScript-based SPAs and API endpoints. Flexible Configuration: Highly customizable via both YAML configuration files and command-line flags.
ABOUT ME #IDSECCONF2025 DURSGO SCANNER FLOWCHART This flowchart illustrates the detailed workflow of the Dursgo scanner when initiated with command-line flags like -u, -s, etc. INITIALIZATION PRE-SCAN SETUP Dursgo starts with command-line flags processing ./dursgo -u http://example.com -c 10 - r 3 -s xss,sqli ./dursgo -u http://example.com -c 10 - r 3 -s blindssrf --oast ./dursgo -u http://spa.example.com -c 10 -r 3 -s domxss -render- js The --enable-ai flag must be used in conjunction with the -output-json flag, as the AI analysis is only added to the JSON report file. Primary source for scan settings (overrides config.yaml) Component initialization technology fingerprinting ⚠️Authentication DISABLED for safety when using -u flag 🌐To detect DOM-based XSS, JavaScript rendering must be enabled. This requires a headless browser (Chrome/Chromium) to be installed. HTTP Client OAST Client Headless Browser Concurrent crawling engine discovers endpoints & parameters Robots.txt & Sitemaps HTML & JS Links Forms & Parameters Hidden Parameters Output: List of parameterized requests ready for scanning VULNERABILITY SCANNING REPORTING SCANNERS: -s string Scanners to run, comma-separated (e.g., xss,sqli,idor). Use 'all' to run all scanners, 'none' for crawling only. Available Scanners: • none • xss • sqli • lfi • openredirect • ssrf • exposed • idor • csrf • cmdinjection • ssti • securityheaders • cors • fileupload • bola • massassignment • graphql • blindssrf • domxss • subdomain AI-powered analysis & report generation LLM Analysis Console Display JSON Report 🤖AI Analysis: Sends each finding to configured LLM (Gemini, Groq, etc.) for detailed summary, root cause analysis, and code remediation advice ✅Complete security assessment delivered DISCOVERY - CRAWLING
ABOUT ME #IDSECCONF2025 DURSGO SCANNER FLOWCHART This flowchart illustrates the detailed workflow of the Dursgo scanner when initiated with a config.yaml file. INITIALIZATION PRE-SCAN SETUP Dursgo starts with config.yaml as primary configuration source config.yaml Primary source for all settings: target, ai, auth, scanners, etc. Authentication handling & component initialization 🔐Authentication ENABLED when configured in config.yaml 🌐Dynamic Form Login: Sends POST to auth.login_url with auth.login_data, verifies with auth.login_check_keyword, captures session cookies 🔑Static Credentials: Applies auth.cookie and/or auth.headers to HTTP client Concurrent crawling engine discovers endpoints & parameters Robots.txt & Sitemaps HTML & JS Links Forms & Parameters Hidden Parameters Output: List of parameterized requests ready for scanning DISCOVERY - CRAWLING VULNERABILITY SCANNING REPORTING SCANNERS: -s string Scanners to run, comma-separated (e.g., xss,sqli,idor). Use 'all' to run all scanners, 'none' for crawling only. Available Scanners: • none • xss • sqli • lfi • openredirect • ssrf • exposed • idor • csrf • cmdinjection • ssti • securityheaders • cors • fileupload • bola • massassignment • graphql • blindssrf • domxss • subdomain AI-powered analysis & report generation LLM Analysis Console Display JSON Report 🤖AI Analysis: Sends each finding to configured LLM (Gemini, Groq, etc.) for detailed summary, root cause analysis, and code remediation advice ✅Complete security assessment delivered
ABOUT ME #IDSECCONF2025 DURSGO INSTALL Go Language: Requires Go version 1.23 or newer. To install Go, visit : https://golang.org/doc/install Clone the Repository: git clone https://github.com/roomkangali/dursgo.git cd dursgo Build the Application: go build -o dursgo ./cmd/dursgo (Optional) Copy the Binary to the System PATH sudo cp dursgo /usr/local/bin/ Next Ver. Install go install github.com/roomkangali/dursgo/cmd/dursgo@latest
ABOUT ME #IDSECCONF2025 AVAILABLE SCANNERS DURSGO - none - A special option to perform crawling only, without vulnerability scanning. - blindssrf - Detects Blind SSRF vulnerabilities (requires -oast flag). - cmdinjection - Detects Command Injection vulnerabilities (supports OAST - requires -oast flag). - domxss - Detects DOM-Based XSS vulnerabilities (requires --render-js flag). - bola - Detects Broken Object Level Authorization (BOLA) vulnerabilities. - cors - Detects Cross-Origin Resource Sharing (CORS) misconfigurations. - csrf - Detects Cross-Site Request Forgery (CSRF) vulnerabilities. - exposed - Detects exposed sensitive files, directories, and directory listings. - fileupload - Detects Unrestricted File Upload vulnerabilities. - graphql - Detects vulnerabilities in GraphQL APIs (e.g., introspection, injection). - idor - Detects Insecure Direct Object Reference (IDOR) vulnerabilities. - lfi - Detects Local File Inclusion (LFI) vulnerabilities. - massassignment - Detects Mass Assignment vulnerabilities. - openredirect - Detects Open Redirect vulnerabilities. - securityheaders - Detects missing or misconfigured HTTP security headers. - sqli - Detects SQL Injection vulnerabilities. - ssrf - Detects in-band Server-Side Request Forgery (SSRF) vulnerabilities. - ssti - Detects Server-Side Template Injection (SSTI) vulnerabilities. - xss - Runs both XSS scanners: xss-reflected and xss-stored. - xss-reflected - Detects Reflected XSS vulnerabilities. - xss-stored - Detects Stored XSS vulnerabilities.
ABOUT ME #IDSECCONF2025 COMMAND-LINE OPTIONS
ABOUT ME #IDSECCONF2025 RUNNING DURSGO The following commands demonstrate how to quickly run DursGo with different scanning modes and features. Each example highlights specific use cases such as basic vulnerability detection Scan with OAST (Out-of-Band) To run a scanner that relies on OAST, use the --oast flag. Scan for DOM XSS using -render-js Scan with AI-Powered Analysis To enrich findings with analysis from an LLM, use the --enable-ai flag. This requires the ai section to be configured in config.yaml. ./dursgo -u http://example.com -c 10 -r 3 -s blindssrf --oast ./dursgo -u http://example.com -c 10 -r 3 -s cmdinjection --oast # Avoid: Running multiple OAST scanners together may lead to correlation issues. To detect DOM-based XSS, JavaScript rendering must be enabled. This requires a headless browser (Chrome/Chromium) to be installed. ./dursgo -u http://spa.example.com -c 10 -r 3 -s domxss -render-js Basic Scan ./dursgo -u http://example.com -c 10 -r 3 -s xss,sqli ./dursgo -u http://example.com/ -c 10 -r 3 -s ssrf --enable-ai -output-json report.json --enable-ai flag must be used in conjunction with the -output-json flag, as the AI analysis is only added to the JSON report file.
ABOUT ME #IDSECCONF2025 CONFIGURATION (CONFIG.YAML) General Settings This section contains the core parameters for the scan. target: The URL to be scanned. concurrency: The number of concurrent threads to use for the scan. max_depth: The maximum depth for the crawler. scanners_to_run: A comma-separated string of the scanners to be executed (e.g., "xss,sqli"). oast: A boolean (true/false) to enable or disable Out-of-Band Application Security Testing (OAST). render_js: A boolean (true/false) to enable or disable JavaScript rendering in a headless browser. user_agent: The User-Agent string to be used for all HTTP requests. verbose: A boolean (true/false) to enable or disable verbose logging. format: The output format for the report (e.g., "json"). output_file: The name of the file where the report will be saved (e.g., "report-scan.json"). AI (LLM) Integration Settings enabled: A boolean (true/false) to enable or disable AI analysis. Can be overridden by the --enable-ai flag. provider: The LLM provider to use. Supported: "gemini", "groq". api_key: Your API key for the selected provider. model: The specific model name to use (e.g., "gemini-2.0-flash", "meta-llama/llama-4-scout-17b-16e-instruct"). Authentication Configuration Form-Based Authentication (Dynamic Login) Cookie-Based Authentication (Static) Header-Based Authentication (Static) Auth-Token Based Authentication (Static)
ABOUT ME #IDSECCONF2025 CONFIGURATION (CONFIG.YAML)
ABOUT ME #IDSECCONF2025 DEMO SCAN - TEST SITE FOR ACUNETIX WVS. Using the classic test target http://testphp.vulnweb.com/, we’ll demonstrate how Dursgo can quickly crawl, discover parameters, and scan for vulnerabilities. JSON REPORT
ABOUT ME #IDSECCONF2025 DEMO SCAN - VULNLAB Using the VulnLab we’ll show how Dursgo can efficiently crawl, discover parameters, and detect multiple classes of web application vulnerabilities. SSTI (Server-Side Template Injection)
ABOUT ME #IDSECCONF2025 Using the VulnLab we’ll show how Dursgo can efficiently crawl, discover parameters, and detect multiple classes of web application vulnerabilities. File Upload Vulnerability DEMO SCAN - VULNLAB
ABOUT ME #IDSECCONF2025 OAST BLIND VULNERABILITY Contains both Blind SSRF and Blind Command Injection vulnerabilities, detectable via OAST. Blind SSRF Blind Command Injection
ABOUT ME #IDSECCONF2025 LAB PORTSWIGGER PART I Usinghands-on labs from PortSwigger Web Security Academy, we’ll showcase how Dursgo can efficiently crawl, discover parameters, and detect common vulnerabilities. Detecting client-side vulnerabilities where untrusted web messages can trigger DOM-based XSS.
ABOUT ME #IDSECCONF2025 Authentication Login Scanner identifies endpoints lacking CSRF protection without auto-exploitation. LAB PORTSWIGGER PART I
ABOUT ME #IDSECCONF2025 With the AI analysis agent enabled, Dursgo not only scans for vulnerabilities but also provides intelligent insights and reports in JSON format. We’ll run three different scenarios to showcase how Dursgo can detect LFI, GraphQL, and SSRF vulnerabilities. AI-POWERED ANALYSIS I
ABOUT ME #IDSECCONF2025 Interactive HTML report Showcasing AI insights AI-POWERED ANALYSIS I
ABOUT ME #IDSECCONF2025 For this demonstration IDOR & Stored XSS Lab, which requires authentication and is designed to simulate real-world access control and persistent injection flaws. DursGo delivers high-performance scanning combined with AI-powered analysis (enabled via config.yaml) to provide intelligent and actionable insights. AI-POWERED ANALYSIS II
ABOUT ME #IDSECCONF2025 Interactive HTML report Showcasing AI insights AI-POWERED ANALYSIS II With the AI analysis agent enabled, Dursgo not only scans for vulnerabilities but also provides intelligent insights and reports in JSON format.
ABOUT ME #IDSECCONF2025 PLAYLIST YOUTUBE DURSGO https://github.com/roomkangali/LabVulnerDursGo https://www.youtube.com/@RoomKangAli
ABOUT ME #IDSECCONF2025 DEVELOPMENT ROADMAP LLM & AI Integration Enhancements API Scanning Enhancements Enhancements to Existing Scanner Modules New Scanner Modules Reporting & Output Improvements New Scanner : subdomain finder
ABOUT ME #IDSECCONF2025 FAQ DURSGO Why is the scan taking so long, especially with -s all ? The total number of tests is a product of (URLs) x (Parameters) x (Payloads) x (Scanners). On large sites, this can result in a very high number of HTTP requests, leading to long scan times. What do I need to install to use the -render-js or -s domxss flags ? These features require a headless browser to execute JavaScript. Either Google Chrome or Chromium must be installed on the system. The scanner will automatically detect the installed browser. Why dursgo not build scanner with AI ? After research for now AI just suport with analysis because im not LLM support to scanner vulnerability with AI. Contributing Contributions are welcome! Please create an issue or pull request to report bugs or add new features.
ABOUT ME #IDSECCONF2025 #DOA UNTUK ALMARHUM OM ARIF PAK IWAN
thank you [ QUESTION ] WWW.2025.IDSECCONF.ORG DURSGO

More Related Content

PPTX
Web Application Scanning Flow and features.pptx
byalphaa2test
 
PPTX
2 . web app s canners
byRashid Khatmey
 
PDF
Recon-Fu @BsidesKyiv 2016
byVlad Styran
 
PPTX
Hide and seek - Attack Surface Management and continuous assessment.
byEoin Keary
 
PPTX
Keeping the wolf from 1000 doors.
byEoin Keary
 
PPTX
Web App Scanners | Scanning Tools
byScantrics Scanning Tools
 
PDF
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
byFedir RYKHTIK
 
PPTX
CMS_HELL (1)
byPedro Worcel
 
Web Application Scanning Flow and features.pptx
byalphaa2test
 
2 . web app s canners
byRashid Khatmey
 
Recon-Fu @BsidesKyiv 2016
byVlad Styran
 
Hide and seek - Attack Surface Management and continuous assessment.
byEoin Keary
 
Keeping the wolf from 1000 doors.
byEoin Keary
 
Web App Scanners | Scanning Tools
byScantrics Scanning Tools
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
byFedir RYKHTIK
 
CMS_HELL (1)
byPedro Worcel
 

Similar to IDSECCONF2025 - Ali - DursGo–Web Security Scanner with AI Analysis.pdf

PDF
XML Interfaces to the popular Nessus Scanner
byNetwork Intelligence India
 
PDF
Xml interfaces to the popular nessus scanner
byn|u - The Open Security Community
 
PPT
Agentless System Crawler - InterConnect 2016
byCanturk Isci
 
PDF
Into The Box 2018 cbelasticsearch
byOrtus Solutions, Corp
 
PPTX
Oleg Bogut - Decoupled Drupal: how to build stable solution with JSON:API, Re...
byDrupalCamp Kyiv
 
PDF
Social Connections 13 - Troubleshooting Connections Pink
byNico Meisenzahl
 
PDF
Elasticsearch
byAndrii Gakhov
 
PDF
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
bySecurity Bootcamp
 
PDF
Network Security Tools
byEmanuela Boroș
 
PDF
SOHOpelessly Broken
byThe Security of Things Forum
 
PPTX
Security by the numbers
byEoin Keary
 
PPTX
A bug reconnaissance tool is typically software or a system used by cybersecu...
by16115yogendraSingh
 
PPTX
Webinar On Ethical Hacking & Cybersecurity - Day2
byMohammed Adam
 
KEY
Trending with Purpose
byJason Dixon
 
PPTX
vulnerability scanner on web application.pptx
byjayakrishna1536
 
PDF
Advanced troubleshooting linux performance
byForthscale
 
XML Interfaces to the popular Nessus Scanner
byNetwork Intelligence India
 
Xml interfaces to the popular nessus scanner
byn|u - The Open Security Community
 
Agentless System Crawler - InterConnect 2016
byCanturk Isci
 
Into The Box 2018 cbelasticsearch
byOrtus Solutions, Corp
 
Oleg Bogut - Decoupled Drupal: how to build stable solution with JSON:API, Re...
byDrupalCamp Kyiv
 
Social Connections 13 - Troubleshooting Connections Pink
byNico Meisenzahl
 
Elasticsearch
byAndrii Gakhov
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
bySecurity Bootcamp
 
Network Security Tools
byEmanuela Boroș
 
SOHOpelessly Broken
byThe Security of Things Forum
 
Security by the numbers
byEoin Keary
 
A bug reconnaissance tool is typically software or a system used by cybersecu...
by16115yogendraSingh
 
Webinar On Ethical Hacking & Cybersecurity - Day2
byMohammed Adam
 
Trending with Purpose
byJason Dixon
 
vulnerability scanner on web application.pptx
byjayakrishna1536
 
Advanced troubleshooting linux performance
byForthscale
 

More from idsecconf

PDF
IDSECCONF2025 - Obrina Briliyant, Hendra Rudiansyah - Network Packet Security...
byidsecconf
 
PDF
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
PDF
IDSECCONF2025 - Faisal Ilham - Semi Automating Vulnerability Scanner and Expl...
byidsecconf
 
PDF
IDSECCONF2025 - Baskoro Adi Pratomo - Game untuk Pembelajaran Keamanan Siber.pdf
byidsecconf
 
PDF
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
PDF
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
PDF
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
PDF
IDSECCONF2024 Capture The FLag Write up - 3 MAS MAS
byidsecconf
 
PDF
IDSECCONF2024 - Rifqi Hilmy Zhafrant - Hunting and Exploiting GraphQL Vulnera...
byidsecconf
 
PDF
IDSECCONF2024 - Arief Karfianto - AI-Enhanced Security Analysis in Requiremen...
byidsecconf
 
PDF
IDSECCONF2024 - Ryan Fabella, Daniel Dhaniswara - Keamanan Siber Pada Kendara...
byidsecconf
 
PDF
IDSECCONF2024 - Angela Oryza - ITS Nabu-Platform Pelatihan Keamanan Siber den...
byidsecconf
 
PDF
IDSECCONF2024 - Rama Tri Nanda - MQTT hacking, RCE in Smart Router.pdf
byidsecconf
 
PDF
IDSECCONF2024 - Muhammad Dwison - The Implementation Of One Pixel Attack To S...
byidsecconf
 
PDF
IDSECCONF2024 - Kang Ali - Local LLM can Simulate Apt Malware With Jailbreak ...
byidsecconf
 
PDF
IDSECCONF2024 - Brian Nasywa - Comparison of Quantum Key Distribution Protoco...
byidsecconf
 
PDF
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
byidsecconf
 
PDF
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
byidsecconf
 
PDF
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
byidsecconf
 
PDF
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
byidsecconf
 
IDSECCONF2025 - Obrina Briliyant, Hendra Rudiansyah - Network Packet Security...
byidsecconf
 
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
IDSECCONF2025 - Faisal Ilham - Semi Automating Vulnerability Scanner and Expl...
byidsecconf
 
IDSECCONF2025 - Baskoro Adi Pratomo - Game untuk Pembelajaran Keamanan Siber.pdf
byidsecconf
 
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
IDSECCONF2024 Capture The FLag Write up - 3 MAS MAS
byidsecconf
 
IDSECCONF2024 - Rifqi Hilmy Zhafrant - Hunting and Exploiting GraphQL Vulnera...
byidsecconf
 
IDSECCONF2024 - Arief Karfianto - AI-Enhanced Security Analysis in Requiremen...
byidsecconf
 
IDSECCONF2024 - Ryan Fabella, Daniel Dhaniswara - Keamanan Siber Pada Kendara...
byidsecconf
 
IDSECCONF2024 - Angela Oryza - ITS Nabu-Platform Pelatihan Keamanan Siber den...
byidsecconf
 
IDSECCONF2024 - Rama Tri Nanda - MQTT hacking, RCE in Smart Router.pdf
byidsecconf
 
IDSECCONF2024 - Muhammad Dwison - The Implementation Of One Pixel Attack To S...
byidsecconf
 
IDSECCONF2024 - Kang Ali - Local LLM can Simulate Apt Malware With Jailbreak ...
byidsecconf
 
IDSECCONF2024 - Brian Nasywa - Comparison of Quantum Key Distribution Protoco...
byidsecconf
 
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
byidsecconf
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
byidsecconf
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
byidsecconf
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
byidsecconf
 

Recently uploaded

PDF
OutSystsems User Group Brabant November 2025
bymail496323
 
PDF
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
PPTX
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
PDF
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
PDF
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
PDF
The Future of Database Diagnostics is a Conversation with Oracle AHF Fleet In...
bySandesh Rao
 
PPTX
Osmosis webinar presentation Nov 2025:Empowering UK Nursing Education
byJisc
 
PDF
Run Containers in RHEL - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Upskill to Agentic Automation - Accelerating Your Job Search using AI
byDianaGray10
 
PPTX
Cyber Security Quiz 1st Year CSE CS Students
bynirmalamca
 
PDF
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
PPTX
Standardising and simplifying systems and data management - Esri UK Welsh Con...
byEsri UK
 
PDF
Infuse Intelligence Into your App with Foundry Local
byNilesh Gule
 
PDF
Flatpak CLI Application Management & Building on RHEL.pdf
byLinuxCert Guru
 
PDF
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
PPTX
Explaining ourselves – people, computers and AI
byAlan Dix
 
PDF
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 
PDF
Sylvester Konadu Worcester MA - An Accomplished IT Analyst
bySylvester Konadu Worcester
 
PPTX
Building powerful web apps to improve productivity and engagement - Esri UK W...
byEsri UK
 
PDF
Webinar: Introduction to LF Energy SEAPATH
byDanBrown980551
 
OutSystsems User Group Brabant November 2025
bymail496323
 
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
The Future of Database Diagnostics is a Conversation with Oracle AHF Fleet In...
bySandesh Rao
 
Osmosis webinar presentation Nov 2025:Empowering UK Nursing Education
byJisc
 
Run Containers in RHEL - RHCSA (RH134).pdf
byLinuxCert Guru
 
Upskill to Agentic Automation - Accelerating Your Job Search using AI
byDianaGray10
 
Cyber Security Quiz 1st Year CSE CS Students
bynirmalamca
 
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
Standardising and simplifying systems and data management - Esri UK Welsh Con...
byEsri UK
 
Infuse Intelligence Into your App with Foundry Local
byNilesh Gule
 
Flatpak CLI Application Management & Building on RHEL.pdf
byLinuxCert Guru
 
Career Blueprint: Mentor Tracks & Career Clinic - Part 2
byDianaGray10
 
Explaining ourselves – people, computers and AI
byAlan Dix
 
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 
Sylvester Konadu Worcester MA - An Accomplished IT Analyst
bySylvester Konadu Worcester
 
Building powerful web apps to improve productivity and engagement - Esri UK W...
byEsri UK
 
Webinar: Introduction to LF Energy SEAPATH
byDanBrown980551
 

IDSECCONF2025 - Ali - DursGo–Web Security Scanner with AI Analysis.pdf

  • 1.
    DURSGO W E BA P P L I C A T I O N S C A N N E R W I T H A I A N A L Y S I S WWW.2025.IDSECCONF.ORG
  • 2.
    ABOUT ME CONTENT CREATOR RESEARCHER SATPAMAT PUNGGAWA CYBERSECURITY KANG ALI #IDSECCONF2025 ABOUT ME WWW.ROOMKANGALI.COM
  • 3.
  • 4.
    ABOUT ME #IDSECCONF2025 DURS PROJECT Researchand Development eEcosystem in the field of Cyber Security. DursGo : Web Vulnerability Scanner With AI Analysis LabVulnerDursGo : Vulnerable lab environment DursVulnNSE : Nmap Script Engine (NSE) DursVuln-Database : Centralized DursVulnNSE database DursBurp : AI Extension for Burp Suite DursNet : Platform Vulnerability Scanner DursRAG : System designed to act as a cybersecurity assistant. DursLLM : Model LLM AI Vulnerability DursMCP : Management and Control platform AI
  • 5.
  • 6.
    ABOUT ME #IDSECCONF2025 DURSGO DOWNLOAD DursGois a web application security scanner designed for penetration testing and automated security audits. Built with Go, DursGo combines high-performance scanning with AI-powered analysis to deliver intelligent and actionable security insights. V V Link Repo dursgo Link Repo LabVulnerDursGo https://github.com/roomkangali/dursgo https://github.com/roomkangali/LabVulnerDursGo dursgo Ver 1.0.0 dursgo Ver 1.1.0 Web Application Security scanner designed for penetration testing and automated security audits. AI-powered analysis to deliver intelligent and actionable security insights V dursgo Ver 1.2.0 New module subdomain scanner attack surface by finding and validating active subdomains
  • 7.
  • 8.
  • 9.
    ABOUT ME #IDSECCONF2025 DURSGO VULNERABILITYLABS A collection of vulnerable applications to test the DursGo scanner.
  • 10.
    ABOUT ME #IDSECCONF2025 FEATURES DURSGO AI-PoweredAnalysis: Integrates with LLMs (Gemini, Groq) to provide detailed analysis, root cause summaries, and specific code remediation advice for discovered vulnerabilities. OAST (Out-of-Band) Integration: Detects blind vulnerabilities through out- of-band verification. Intelligent, Context-Aware Scanning: Detects a wide range of vulnerabilities using context-aware logic for high accuracy. Comprehensive Authentication Support: Capable of scanning applications protected by login forms, bearer tokens, or session cookies. In-Depth Automated Discovery: Performs comprehensive crawling of web applications, including JavaScript-based SPAs and API endpoints. Flexible Configuration: Highly customizable via both YAML configuration files and command-line flags.
  • 11.
    ABOUT ME #IDSECCONF2025 DURSGO SCANNERFLOWCHART This flowchart illustrates the detailed workflow of the Dursgo scanner when initiated with command-line flags like -u, -s, etc. INITIALIZATION PRE-SCAN SETUP Dursgo starts with command-line flags processing ./dursgo -u http://example.com -c 10 - r 3 -s xss,sqli ./dursgo -u http://example.com -c 10 - r 3 -s blindssrf --oast ./dursgo -u http://spa.example.com -c 10 -r 3 -s domxss -render- js The --enable-ai flag must be used in conjunction with the -output-json flag, as the AI analysis is only added to the JSON report file. Primary source for scan settings (overrides config.yaml) Component initialization technology fingerprinting ⚠️Authentication DISABLED for safety when using -u flag 🌐To detect DOM-based XSS, JavaScript rendering must be enabled. This requires a headless browser (Chrome/Chromium) to be installed. HTTP Client OAST Client Headless Browser Concurrent crawling engine discovers endpoints & parameters Robots.txt & Sitemaps HTML & JS Links Forms & Parameters Hidden Parameters Output: List of parameterized requests ready for scanning VULNERABILITY SCANNING REPORTING SCANNERS: -s string Scanners to run, comma-separated (e.g., xss,sqli,idor). Use 'all' to run all scanners, 'none' for crawling only. Available Scanners: • none • xss • sqli • lfi • openredirect • ssrf • exposed • idor • csrf • cmdinjection • ssti • securityheaders • cors • fileupload • bola • massassignment • graphql • blindssrf • domxss • subdomain AI-powered analysis & report generation LLM Analysis Console Display JSON Report 🤖AI Analysis: Sends each finding to configured LLM (Gemini, Groq, etc.) for detailed summary, root cause analysis, and code remediation advice ✅Complete security assessment delivered DISCOVERY - CRAWLING
  • 12.
    ABOUT ME #IDSECCONF2025 DURSGO SCANNERFLOWCHART This flowchart illustrates the detailed workflow of the Dursgo scanner when initiated with a config.yaml file. INITIALIZATION PRE-SCAN SETUP Dursgo starts with config.yaml as primary configuration source config.yaml Primary source for all settings: target, ai, auth, scanners, etc. Authentication handling & component initialization 🔐Authentication ENABLED when configured in config.yaml 🌐Dynamic Form Login: Sends POST to auth.login_url with auth.login_data, verifies with auth.login_check_keyword, captures session cookies 🔑Static Credentials: Applies auth.cookie and/or auth.headers to HTTP client Concurrent crawling engine discovers endpoints & parameters Robots.txt & Sitemaps HTML & JS Links Forms & Parameters Hidden Parameters Output: List of parameterized requests ready for scanning DISCOVERY - CRAWLING VULNERABILITY SCANNING REPORTING SCANNERS: -s string Scanners to run, comma-separated (e.g., xss,sqli,idor). Use 'all' to run all scanners, 'none' for crawling only. Available Scanners: • none • xss • sqli • lfi • openredirect • ssrf • exposed • idor • csrf • cmdinjection • ssti • securityheaders • cors • fileupload • bola • massassignment • graphql • blindssrf • domxss • subdomain AI-powered analysis & report generation LLM Analysis Console Display JSON Report 🤖AI Analysis: Sends each finding to configured LLM (Gemini, Groq, etc.) for detailed summary, root cause analysis, and code remediation advice ✅Complete security assessment delivered
  • 13.
    ABOUT ME #IDSECCONF2025 DURSGO INSTALL GoLanguage: Requires Go version 1.23 or newer. To install Go, visit : https://golang.org/doc/install Clone the Repository: git clone https://github.com/roomkangali/dursgo.git cd dursgo Build the Application: go build -o dursgo ./cmd/dursgo (Optional) Copy the Binary to the System PATH sudo cp dursgo /usr/local/bin/ Next Ver. Install go install github.com/roomkangali/dursgo/cmd/dursgo@latest
  • 14.
    ABOUT ME #IDSECCONF2025 AVAILABLE SCANNERSDURSGO - none - A special option to perform crawling only, without vulnerability scanning. - blindssrf - Detects Blind SSRF vulnerabilities (requires -oast flag). - cmdinjection - Detects Command Injection vulnerabilities (supports OAST - requires -oast flag). - domxss - Detects DOM-Based XSS vulnerabilities (requires --render-js flag). - bola - Detects Broken Object Level Authorization (BOLA) vulnerabilities. - cors - Detects Cross-Origin Resource Sharing (CORS) misconfigurations. - csrf - Detects Cross-Site Request Forgery (CSRF) vulnerabilities. - exposed - Detects exposed sensitive files, directories, and directory listings. - fileupload - Detects Unrestricted File Upload vulnerabilities. - graphql - Detects vulnerabilities in GraphQL APIs (e.g., introspection, injection). - idor - Detects Insecure Direct Object Reference (IDOR) vulnerabilities. - lfi - Detects Local File Inclusion (LFI) vulnerabilities. - massassignment - Detects Mass Assignment vulnerabilities. - openredirect - Detects Open Redirect vulnerabilities. - securityheaders - Detects missing or misconfigured HTTP security headers. - sqli - Detects SQL Injection vulnerabilities. - ssrf - Detects in-band Server-Side Request Forgery (SSRF) vulnerabilities. - ssti - Detects Server-Side Template Injection (SSTI) vulnerabilities. - xss - Runs both XSS scanners: xss-reflected and xss-stored. - xss-reflected - Detects Reflected XSS vulnerabilities. - xss-stored - Detects Stored XSS vulnerabilities.
  • 15.
  • 16.
    ABOUT ME #IDSECCONF2025 RUNNING DURSGO Thefollowing commands demonstrate how to quickly run DursGo with different scanning modes and features. Each example highlights specific use cases such as basic vulnerability detection Scan with OAST (Out-of-Band) To run a scanner that relies on OAST, use the --oast flag. Scan for DOM XSS using -render-js Scan with AI-Powered Analysis To enrich findings with analysis from an LLM, use the --enable-ai flag. This requires the ai section to be configured in config.yaml. ./dursgo -u http://example.com -c 10 -r 3 -s blindssrf --oast ./dursgo -u http://example.com -c 10 -r 3 -s cmdinjection --oast # Avoid: Running multiple OAST scanners together may lead to correlation issues. To detect DOM-based XSS, JavaScript rendering must be enabled. This requires a headless browser (Chrome/Chromium) to be installed. ./dursgo -u http://spa.example.com -c 10 -r 3 -s domxss -render-js Basic Scan ./dursgo -u http://example.com -c 10 -r 3 -s xss,sqli ./dursgo -u http://example.com/ -c 10 -r 3 -s ssrf --enable-ai -output-json report.json --enable-ai flag must be used in conjunction with the -output-json flag, as the AI analysis is only added to the JSON report file.
  • 17.
    ABOUT ME #IDSECCONF2025 CONFIGURATION (CONFIG.YAML) GeneralSettings This section contains the core parameters for the scan. target: The URL to be scanned. concurrency: The number of concurrent threads to use for the scan. max_depth: The maximum depth for the crawler. scanners_to_run: A comma-separated string of the scanners to be executed (e.g., "xss,sqli"). oast: A boolean (true/false) to enable or disable Out-of-Band Application Security Testing (OAST). render_js: A boolean (true/false) to enable or disable JavaScript rendering in a headless browser. user_agent: The User-Agent string to be used for all HTTP requests. verbose: A boolean (true/false) to enable or disable verbose logging. format: The output format for the report (e.g., "json"). output_file: The name of the file where the report will be saved (e.g., "report-scan.json"). AI (LLM) Integration Settings enabled: A boolean (true/false) to enable or disable AI analysis. Can be overridden by the --enable-ai flag. provider: The LLM provider to use. Supported: "gemini", "groq". api_key: Your API key for the selected provider. model: The specific model name to use (e.g., "gemini-2.0-flash", "meta-llama/llama-4-scout-17b-16e-instruct"). Authentication Configuration Form-Based Authentication (Dynamic Login) Cookie-Based Authentication (Static) Header-Based Authentication (Static) Auth-Token Based Authentication (Static)
  • 18.
  • 19.
    ABOUT ME #IDSECCONF2025 DEMO SCAN- TEST SITE FOR ACUNETIX WVS. Using the classic test target http://testphp.vulnweb.com/, we’ll demonstrate how Dursgo can quickly crawl, discover parameters, and scan for vulnerabilities. JSON REPORT
  • 20.
    ABOUT ME #IDSECCONF2025 DEMO SCAN- VULNLAB Using the VulnLab we’ll show how Dursgo can efficiently crawl, discover parameters, and detect multiple classes of web application vulnerabilities. SSTI (Server-Side Template Injection)
  • 21.
    ABOUT ME #IDSECCONF2025 Using theVulnLab we’ll show how Dursgo can efficiently crawl, discover parameters, and detect multiple classes of web application vulnerabilities. File Upload Vulnerability DEMO SCAN - VULNLAB
  • 22.
    ABOUT ME #IDSECCONF2025 OAST BLINDVULNERABILITY Contains both Blind SSRF and Blind Command Injection vulnerabilities, detectable via OAST. Blind SSRF Blind Command Injection
  • 23.
    ABOUT ME #IDSECCONF2025 LAB PORTSWIGGERPART I Usinghands-on labs from PortSwigger Web Security Academy, we’ll showcase how Dursgo can efficiently crawl, discover parameters, and detect common vulnerabilities. Detecting client-side vulnerabilities where untrusted web messages can trigger DOM-based XSS.
  • 24.
    ABOUT ME #IDSECCONF2025 Authentication Login Scanneridentifies endpoints lacking CSRF protection without auto-exploitation. LAB PORTSWIGGER PART I
  • 25.
    ABOUT ME #IDSECCONF2025 With theAI analysis agent enabled, Dursgo not only scans for vulnerabilities but also provides intelligent insights and reports in JSON format. We’ll run three different scenarios to showcase how Dursgo can detect LFI, GraphQL, and SSRF vulnerabilities. AI-POWERED ANALYSIS I
  • 26.
    ABOUT ME #IDSECCONF2025 Interactive HTMLreport Showcasing AI insights AI-POWERED ANALYSIS I
  • 27.
    ABOUT ME #IDSECCONF2025 For thisdemonstration IDOR & Stored XSS Lab, which requires authentication and is designed to simulate real-world access control and persistent injection flaws. DursGo delivers high-performance scanning combined with AI-powered analysis (enabled via config.yaml) to provide intelligent and actionable insights. AI-POWERED ANALYSIS II
  • 28.
    ABOUT ME #IDSECCONF2025 Interactive HTMLreport Showcasing AI insights AI-POWERED ANALYSIS II With the AI analysis agent enabled, Dursgo not only scans for vulnerabilities but also provides intelligent insights and reports in JSON format.
  • 29.
    ABOUT ME #IDSECCONF2025 PLAYLIST YOUTUBEDURSGO https://github.com/roomkangali/LabVulnerDursGo https://www.youtube.com/@RoomKangAli
  • 30.
    ABOUT ME #IDSECCONF2025 DEVELOPMENT ROADMAP LLM& AI Integration Enhancements API Scanning Enhancements Enhancements to Existing Scanner Modules New Scanner Modules Reporting & Output Improvements New Scanner : subdomain finder
  • 31.
    ABOUT ME #IDSECCONF2025 FAQ DURSGO Whyis the scan taking so long, especially with -s all ? The total number of tests is a product of (URLs) x (Parameters) x (Payloads) x (Scanners). On large sites, this can result in a very high number of HTTP requests, leading to long scan times. What do I need to install to use the -render-js or -s domxss flags ? These features require a headless browser to execute JavaScript. Either Google Chrome or Chromium must be installed on the system. The scanner will automatically detect the installed browser. Why dursgo not build scanner with AI ? After research for now AI just suport with analysis because im not LLM support to scanner vulnerability with AI. Contributing Contributions are welcome! Please create an issue or pull request to report bugs or add new features.
  • 32.
    ABOUT ME #IDSECCONF2025 #DOA UNTUKALMARHUM OM ARIF PAK IWAN
  • 33.
    thank you [ QUESTION] WWW.2025.IDSECCONF.ORG DURSGO