DownloadWapiti is a vulnerability scanner for web applications.
It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects...
It use the Python 3 programming language.
Features
- Fast and easy to use
- Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
- Can suspend and resume a scan or an attack
- Can give you colors in the terminal to highlight vulnerabilities
- Different levels of verbosity
- Adding a payload can be as easy as adding a line to a text file
- Support HTTP and HTTPS proxies
- Authentication via several methods : Basic, Digest, Kerberos or NTLM
- Ability to restrain the scope of the scan (domain, folder, webpage)
- Safeguards against scan endless-loops (max number of values for a parameter)
- Can exclude some URLs of the scan and attacks (eg: logout URL)
- Extract URLs from Flash SWF files
- Try to extract URLs from javascript (very basic JS interpreter)
- ... and more features described on the website !
Project Samples
License
GNU General Public License version 2.0 (GPLv2)
You Might Also Like
Our Free Plans just got better! | Auth0 by Okta
You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your secuirty. Auth0 now, thank yourself later.
Rate This Project
Login To Rate This Project
User Reviews
-
Very well done. We have been looking at tools to help secure web applications. They were either obnoxiously overpriced or just did not have the flexibility we were looking for. This has, so far, been quite easy to use and take the information to properly secure the applications.
-
Nice project ;-)
-
i have problem when want to using wapiti?? Wapiti-2.2.1 (wapiti.sourceforge.net) Traceback (most recent call last): File "wapiti.py", line 447, in <module> wap.browse(crawlerFile) File "wapiti.py", line 241, in browse self.urls, self.forms = self.HTTP.browse(crawlerFile) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/HTTP.py", line 74, in browse self.myls.go(crawlerFile) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/lswww.py", line 499, in go headers = self.browse(lien) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/lswww.py", line 205, in browse info, data = self.h.request(url, headers = self.cookiejar.headers_url(url)) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/httplib2/__init__.py", line 1084, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/httplib2/__init__.py", line 888, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/httplib2/__init__.py", line 856, in _conn_request raise ServerNotFoundError("Unable to find the server at %s" % conn.host) net.httplib2.ServerNotFoundError: Unable to find the server at -u anyone can help me please???
-
Nice and Easy to use.
-
good job