• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2017
  • August
  • 15
  • Wapiti – Web Application Vulnerability Scanner

Wapiti – Web Application Vulnerability Scanner

August 15, 2017November 18, 2017 Comments Off on Wapiti – Web Application Vulnerability Scanner
how to use wapiti wapiti Web Application Vulnerability Scanner
Wapiti is an open source command-line application that you can use to audit the security of your web applications.

It performs “black-box” scans, i.e. it does not study the source code of the application but will scan the webpages of the deployed web app, looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Wapiti can detect the following vulnerabilities :
  • File disclosure (Local and remote include/require, fopen, readfile…)
  • Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
  • XSS (Cross Site Scripting) injection (reflected and permanent)
  • Command Execution detection (eval(), system(), passtru()…)
  • CRLF Injection (HTTP Response Splitting, session fixation…)
  • XXE (XmleXternal Entity) injection
  • Use of know potentially dangerous files (thanks to the Nikto database)
  • Weak .htaccess configurations that can be bypassed
  • Presence of backup files giving sensitive information (source code disclosure)
Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload).
It will display a warning when an anomaly is found (for example 500 errors and timeouts).

Features:

  • Generates vulnerability reports in various formats (HTML, XML, JSON, TXT…)
  • Can suspend and resume a scan or an attack
  • Can give you colors in the terminal to highlight vulnerabilities
  • Different levels of verbosity
  • Fast and easy way to activate/deactivate attack modules
  • Adding a payload can be as easy as adding a line to a text file
  • Support HTTP and HTTPS proxies
  • Authentication via several methods : Basic, Digest, Kerberos or NTLM
  • Ability to restrain the scope of the scan (domain, folder, web page)
  • Automatic removal of a parameter in URLs
  • Safeguards against scan endless-loops (max number of values for a parameter)
  • Possibility to set the first URLs to explore (even if not in scope)
  • Can exclude some URLs of the scan and attacks (eg: logout URL)
  • Import of cookies (get them with the wapiti-cookie and wapiti-getcookie tools)
  • Can activate / deactivate SSL certificates verification
  • Extract URLs from Flash SWF files
  • Try to extract URLs from javascript (very basic JS interpreter)
  • HTML5 aware (understand recent HTML tags)

Usage:

python wapiti.py http://server.com/base/url/ [options]

Options:

-s <url> 
 --start <url> 
 	To specify an url to start with. This option can be called several times.
 	Wapiti will browse these links to find more URLs even if the specified link is
        not in the scope.

-x <url> 
 --exclude <url> 
 	To exclude an URL from the scan (eg: logout URLs). This option can be called 
        several times to specify several URLs.
 	Wildcards (*) can be used in URLs for basic regex.
 	Example : -x http://server/base/?page=*&module=test
 	or -x http://server/base/admin/* to exclude a directory.

 
-p <url_proxy> 
 --proxy <url_proxy> 
 	To specify a proxy. Currently supported proxies are HTTP and HTTPS.
 	This option can be called twice to specify the HTTP and the HTTPS proxy.
 	Example: -p http://proxy:port/

 -c <cookie_file> 
 --cookie <cookie_file> 
 	To import cookies to use for the scan. The cookie file must be in JSON format.
 	Cookies can be grabbed using the cookie.py and getcookie.py utilities 
        (net directory).
 
-t <timeout> 
 --timeout <timeout> 
 	To set the timeout (maximum time in seconds to wait for the server to send a 
        response).
 
-a <login%password> 
 --auth <login%password> 
 	Set credentials for HTTP authentication.

 --auth-method <method>
 	If the server requires an authentication, set the authentication method to use.
 	Currently supported methods are (some requires additional modules to install):
 		+ basic
 		+ digest
 		+ kerberos
 		+ ntlm

 -r <parameter_name> 
 --remove <parameter_name> 
 	Remove a parameter (name and value) from URLs.

-n <limit> 
 --nice <limit> 
 	Define a limit of URLs to browse with the same pattern (ie, the maximum number 
        of unique values for the same parameter).
 	Use this option to prevent endless loops during scan. Limit must be greater 
        than 0.

-m <module_options>
 --module <module_options>
 	Set the modules (and HTTP methods for each module) to use for attacks.
 	Prefix a module name with a dash to deactivate the related module.
 	To only browse the target (without sending any payloads), deactivate every 
        module with -m "-all".
 	If you don't specify the HTTP methods, GET and POST will be used.
 	Example: -m "-all,xss:get,exec:post"

 -u 
 --color 
 	Use colors to highlight vulnerabilities and anomalies in output. 

 -v <level> 
 --verbose <level> 
 	Set the verbosity level. 
 	0: quiet (default), 1: print each URL, 2: print every attack. 

 -b <scope>
 --scope <scope>
 	Set the scope of the scan:
 		+ page: to analyse only the page given as the root URL.
 		+ folder: to analyse all the URLs under the root URL passed to Wapiti 
                  (default).
 		+ domain: to analyse all the links to the pages which are in the same 
                  domain as the URL passed to Wapiti.

 -f <type_file> 
 --format <type_file> 
 	Set the format type for the report. 
 	json: Report in JSON format 
 	html: Report in HTML format (default)
 	openvas: Report in OpenVAS XML format 
 	txt: Report in plain text (UTF-8) 
 	vulneranet: Report in VulneraNET (XML based) format 
 	xml: Report in XML format 

 -o <output> 
 --output <output_file> 
 	Set the name of the report file. 
 	If the selected report format is 'html', this parameter will be used 
        as a directory name.

 -i <file>
 --continue <file>
 	This parameter indicates to Wapiti to resume the previous scan saved in the
        specified XML status file.
 	The file name is optional, if not specified, Wapiti takes the default file 
        from the "scans" folder.

 -k <file>
 --attack <file>
 	This parameter indicates to Wapiti to resume the attacks without scanning the 
        website again, loading the scan status from the specified file.
 	The file name is optional, if it is not specified, Wapiti takes the default 
        file from the "scans" folder.

 --verify-ssl <0|1>
 	This parameter indicates whether Wapiti must check SSL certificates.
 	Default is to verify certificates

 -h 
 --help 
 	To print this usage message

Download Wapiti

Post navigation

SecLists – The Pentesters Companion
Cracking WPA/WPA2 – PSK Encryption

Related Articles

Alcatraz: x64 binary obfuscator

Alcatraz: x64 binary obfuscator

- Hack Tools
January 31, 2023
CVE-2022-27596: QNAP Patches Critical Vulnerability in QNAP devices

CVE-2022-27596: QNAP Patches Critical Vulnerability in QNAP devices

- Hack Tools
January 31, 2023
PhoneSploit-Pro: remotely exploit Android devices using ADB and Metasploit-Framework

PhoneSploit-Pro: remotely exploit Android devices using ADB and Metasploit-Framework

- Hack Tools
January 30, 2023
hacker gadgets
hacker phone covers

Recent Posts

Alcatraz: x64 binary obfuscator

Alcatraz: x64 binary obfuscator

January 31, 2023
CVE-2022-27596: QNAP Patches Critical Vulnerability in QNAP devices

CVE-2022-27596: QNAP Patches Critical Vulnerability in QNAP devices

January 31, 2023
PhoneSploit-Pro: remotely exploit Android devices using ADB and Metasploit-Framework

PhoneSploit-Pro: remotely exploit Android devices using ADB and Metasploit-Framework

January 30, 2023
DFShell - The Best Forwarded Shell

DFShell – The Best Forwarded Shell

January 30, 2023
APT-Hunter v3.0 releases: Threat Hunting tool for windows event logs

APT-Hunter v3.0 releases: Threat Hunting tool for windows event logs

January 30, 2023
Hackers are exploiting CVE-2023-0558 and CVE-2023-0557 in WordPress plugin

Hackers are exploiting CVE-2023-0558 and CVE-2023-0557 in WordPress plugin

January 29, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW