Wapiti is a vulnerability scanner for web applications.
It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects...
It use the Python 3 programming language.
...Insecure Direct Object References (IDOR): Scans for vulnerabilities that might enable attackers to access unauthorized data by manipulating direct object references.
Open Ports: Detects open ports on the target web server to understand its potential attack surface.
Content Security Policy (CSP): Checks if the website has a properly configured CSP to mitigate XSS and other injection
RCE