Security

Wapiti – web-application vulnerability scanner

Security

Wapiti allows you to audit the security of your websites or web applications.

It performs “black-box” scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

This is free and open source software.

The software’s modules offer the following features:

  • SQL Injections (Error based, boolean based, time based) and XPath Injections.
  • Cross Site Scripting (XSS) reflected and permanent.
  • File disclosure detection (local and remote include, require, fopen, readfile….).
  • Command Execution detection (eval(), system(), passtru()…).
  • XXE (Xml eXternal Entity) injection.
  • CRLF Injection.
  • Search for potentially dangerous files on the server.
  • Bypass of weak htaccess configurations.
  • Search for copies (backup) of scripts on the server.
  • Shellshock.
  • Folder and file enumeration (DirBuster like).
  • Server Side Request Forgery (through use of an external Wapiti website).
  • Open Redirects.
  • Detection of uncommon HTTP methods (like PUT).
  • Basic CSP Evaluator.
  • Brute Force login form (using a dictionary list).
  • Checking HTTP security headers.
  • Checking cookie security flags (secure and httponly flags).
  • Cross Site Request Forgery (CSRF) basic detection.
  • Fingerprinting of web applications using the Wappalyzer database.
  • Enumeration of WordPress and Drupal modules.
  • Detection of subdomain takeovers vulnerabilities.
  • Log4Shell vulnerability detection.
  • Check for TLS misconfiguration and vulnerabilities.

Features include:

  • Generates vulnerability reports in various formats (HTML, XML, JSON, TXT, CSV).
  • Can suspend and resume a scan or an attack (session mechanism using sqlite3 databases).
  • Can give you colors in the terminal to highlight vulnerabilities.
  • Different levels of verbosity.
  • Fast and easy way to activate/deactivate attack modules.
  • Adding a payload can be as easy as adding a line to a text file.
  • Configurable number of concurrent tasks to perform HTTP requests.

Website: wapiti-scanner.github.io
Support: GitHub Code Repository
Developer: Nicolas Surribas
License: GNU General Public License v2.0

Wapiti is written in Python. Learn Python with our recommended free books and free tutorials.

Popular series
Free and Open Source SoftwareThe largest compilation of the best free and open source software in the universe. Each article is supplied with a legendary ratings chart helping you to make informed decisions.
ReviewsHundreds of in-depth reviews offering our unbiased and expert opinion on software. We offer helpful and impartial information.
The Big List of Active Linux Distros is a large compilation of actively developed Linux distributions.
Alternatives to Proprietary SoftwareReplace proprietary software with open source alternatives: Google, Microsoft, Apple, Adobe, IBM, Autodesk, Oracle, Atlassian, Corel, Cisco, Intuit, and SAS.
GamesAwesome Free Linux Games Tools showcases a series of tools that making gaming on Linux a more pleasurable experience. This is a new series.
Artificial intelligence iconMachine Learning explores practical applications of machine learning and deep learning from a Linux perspective. We've written reviews of more than 40 self-hosted apps. All are free and open source.
Guide to LinuxNew to Linux? Read our Linux for Starters series. We start right at the basics and teach you everything you need to know to get started with Linux.
Alternatives to popular CLI tools showcases essential tools that are modern replacements for core Linux utilities.
System ToolsEssential Linux system tools focuses on small, indispensable utilities, useful for system administrators as well as regular users.
ProductivityLinux utilities to maximise your productivity. Small, indispensable tools, useful for anyone running a Linux machine.
AudioSurveys popular streaming services from a Linux perspective: Amazon Music Unlimited, Myuzi, Spotify, Deezer, Tidal.
Saving Money with LinuxSaving Money with Linux looks at how you can reduce your energy bills running Linux.
Home ComputersHome computers became commonplace in the 1980s. Emulate home computers including the Commodore 64, Amiga, Atari ST, ZX81, Amstrad CPC, and ZX Spectrum.
Now and ThenNow and Then examines how promising open source software fared over the years. It can be a bumpy ride.
Linux at HomeLinux at Home looks at a range of home activities where Linux can play its part, making the most of our time at home, keeping active and engaged.
Linux CandyLinux Candy reveals the lighter side of Linux. Have some fun and escape from the daily drudgery.
DockerGetting Started with Docker helps you master Docker, a set of platform as a service products that delivers software in packages called containers.
Android AppsBest Free Android Apps. We showcase free Android apps that are definitely worth downloading. There's a strict eligibility criteria for inclusion in this series.
Programming BooksThese best free books accelerate your learning of every programming language. Learn a new language today!
Programming TutorialsThese free tutorials offer the perfect tonic to our free programming books series.
Linux Around The WorldLinux Around The World showcases usergroups that are relevant to Linux enthusiasts. Great ways to meet up with fellow enthusiasts.
Stars and StripesStars and Stripes is an occasional series looking at the impact of Linux in the USA.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Please read our FAQ before making a comment.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments