Tests

Cohesion comes with a number of security tests. All tests are selected by default. You can, however, select specific tests from the list bellow. For more information on how to select tests, consult with the common options manual.

$ cohesion show tests

┌─────────────────────┬────────────────────────────────────┐
│ Name                │ Description                        │
├─────────────────────┼────────────────────────────────────┤
│ reflectedcli        │ Test for reflected command line    │
│                     │ injection vulnerabilities.         │
├─────────────────────┼────────────────────────────────────┤
│ reflectedcrlfi      │ Test for CR/LF injection           │
│                     │ vulnerabilities.                   │
├─────────────────────┼────────────────────────────────────┤
│ reflectedeli        │ Test for reflected expression      │
│                     │ injection vulnerabilities.         │
├─────────────────────┼────────────────────────────────────┤
│ reflectedlfi        │ Test for local file include        │
│                     │ vulnerabilities.                   │
├─────────────────────┼────────────────────────────────────┤
│ phplfi              │ Test for local file include        │
│                     │ vulnerabilities (php varient).     │
├─────────────────────┼────────────────────────────────────┤
│ reflectedrfi        │ Test for remote file include       │
│                     │ vulnerabilities.                   │
├─────────────────────┼────────────────────────────────────┤
│ reflectedrci        │ Test for remote code injection     │
│                     │ vulnerabilities.                   │
├─────────────────────┼────────────────────────────────────┤
│ reflectedrciphp     │ Test for remote code injection     │
│                     │ vulnerabilities.                   │
├─────────────────────┼────────────────────────────────────┤
│ reflectedredir      │ Test for reflected open redirect   │
│                     │ vulnerabilities.                   │
├─────────────────────┼────────────────────────────────────┤
│ vanilasqli          │ Test for vanila (error-based) SQL  │
│                     │ Injection vulnerabilities.         │
├─────────────────────┼────────────────────────────────────┤
│ reflectedsqli       │ Test for reflected SQL Injection   │
│                     │ vulnerabilities.                   │
├─────────────────────┼────────────────────────────────────┤
│ timedsqli           │ Test for time-based SQL Injection  │
│                     │ vulnerabilities.                   │
├─────────────────────┼────────────────────────────────────┤
│ booleansqli         │ Test for boolean SQL Injection     │
│                     │ vulnerabilities.                   │
├─────────────────────┼────────────────────────────────────┤
│ reflectedxss        │ Test for reflected Cross-site      │
│                     │ Scripting vulnerabilities.         │
├─────────────────────┼────────────────────────────────────┤
│ domxss              │ Test for dom-based Cross-site      │
│                     │ Scripting vulnerabilities.         │
├─────────────────────┼────────────────────────────────────┤
│ persistentxss       │ Test for persistent Cross-site     │
│                     │ Scripting vulnerabilities.         │
├─────────────────────┼────────────────────────────────────┤
│ reflectedxxe        │ Test for reflected XML Entity      │
│                     │ Injection vulnerabilities.         │
└─────────────────────┴────────────────────────────────────┘