Support
Knowledge Base Nodes

Google Web Toolkit Node

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

Google Web Toolkit (GWT) is an open-source toolkit that enables developers to develop and debug AJAX applications in the Java language. The toolkit translates this code into browser-compliant JavaScript and HTML. This translation, however, does not make JavaScript code secure. Similar to other JavaScript, it can be vulnerable to several types of security exploits.

Invicti helps you to become aware of any GWT-RPC requests that are identified during a scan. When such requests are identified, it means that a web application built with Google Web Toolkit is running on the target server. They are sometimes referred to as GWT Requests. You can use the parameter name listed in the node Google Web Toolkit to configure a default value that can be used during the attack phase of the Scan. To add the default value, you specify it in Form Values in the Scan Policy settings and from the Match column, then select Exact.

Once the scan is completed, all Google Web Toolkit use is listed under the Google Web Toolkit node in the Knowledge Base. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.

Invicti forms Knowledge Base nodes upon its findings. If Google Web Toolkit node is not listed, it means that Invicti did not find any.

For further information, see Knowledge Base Nodes.

How to View the Google Web Toolkit Node in Invicti Enterprise
  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
  3. Next to the relevant website, click Report.
  4. From the Technical Report section, click the Knowledge Base tab.
  5. Click the Google Web Toolkit node. The information is displayed in a Google Web Toolkit tab.

How to View the Google Web Toolkit Node in Invicti Standard
  1. Open Invicti Standard
  2. Start a Scan or open a previously saved scan.
  3. The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, click the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)

  1. Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
  2. Click the Google Web Toolkit node in the Knowledge Base. All detected Google Web Toolkit use is displayed in the Knowledge Base Viewer.