WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” methods.
WAScan is built on python2.7 and can run on any platform which has a Python environment.
Features
-
Fingerprint
- Detect Server
- Detect Web Frameworks (22)
- Check Cookie Security
- Check Headers Security
- Detect Language (9)
- Detect Operating System (OS – 8)
- Detect Content Management System (CMS – 6)
- Detect Web Application Firewall (WAF – 54)
-
Attacks
- Bash Command Injection (ShellShock)
- Blind SQL Injection
- SQL Injection via Cookie,Referer and User-Agent Header Value
- Cross-Site Scripting (XSS) via Cookie,Referer and User-Agent Header Value
- Buffer Overflow
- HTML Code Injection
- PHP Code Injection
- LDAP Injection
- Local File Inclusion (lfi)
- OS Commanding
- SQL Injection
- XPath Injection
- Cross Site Scripting (XSS)
-
Audit
- Apache Status
- WebDav
- PHPInfo
- Robots Paths
- Cross-Site Tracing (XST)
-
Bruteforce
- Admin Panel
- Backdoor (shell)
- Backup Dirs
- Backup Files
- Common Dirs
- Common Files
-
Disclosure
- Credit Cards
- Emails
- Private IP
- SSN
- Detect Warnings,Fatal Error,…
Installation
$ git clone https://github.com/m4ll0k/WAScan.git wascan
$ cd wascan
$ pip install -r requirements.txt
$ python wascan.py
