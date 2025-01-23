The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception.

The scanner, developed by Maximilian Hildebrand, offers extensive support for various web cache poisoning and deception techniques. It features a built-in crawler to discover additional URLs for testing. The tool is designed to adapt to specific web caches for enhanced testing efficiency, is customizable, and integrates into existing CI/CD pipelines.

Features

Analyzing a web cache before testing and adapting to it for more efficient testing

Generating a report in JSON format

Crawling websites for further URLs to scan

Routing traffic through a proxy

Limiting requests per second to bypass rate limiting

Web Cache Vulnerability Scanner supports nine advanced web cache poisoning techniques, including:

Unkeyed header poisoning

Unkeyed parameter poisoning

Parameter cloaking

Fat GET

HTTP response splitting

HTTP request smuggling

HTTP header oversize (HHO)

HTTP meta character (HMC)

HTTP method override (HMO)

Web Cache Vulnerability Scanner is available for free on GitHub.

