Waymap - Web Vulnerability Scanner.

Current Version: 5.2.1
Author: Trix Cyrus
Copyright: © 2024 Trixsec Org
Maintained: Yes

What is Waymap?

Waymap is a fast and optimized And Automated web vulnerability scanner designed for penetration testers. It effectively identifies vulnerabilities by testing against a variety of payloads.

Demo Video

Check out this video to see Waymap in action:

Vulnerability Examples

• SQL Injection
  

• Command Injection
  

• Server Side Template Injection
  

Can't add more screenshot it'll increase the size of readme.md

Features Overview

Latest Update

v5.2.1

• New Sql Injection Scanning Module
• High Accuracy And Less False Positive
• Access it using: --scan sqli

v5.3.1

• Added Boolean Based Sqli Testing (OWN LOGIC)
• High Accuracy, Can Give False Positive Sometimes
• Access it using: --scan sqli

Waymap Features

1. Vulnerability Scanning Modules:
2. SQL Injection (SQLi)
3. Command Injection
4. Server-Side Template Injection (SSTI) with threading support
5. Cross-Site Scripting (XSS) with filter bypass payload testing and threading support
6. Local File Inclusion (LFI) with threading support
7. Open Redirect with custom thread count
8. Carriage Return and Line Feed (CRLF) with custom threading
9. Cross-Origin Resource Sharing (CORS) with threading support

10. Critical and High-Risk Scan Profiles using CVE exploits (32 CVEs: WordPress - 19, Drupal - 4, Joomla - 7, Generic/Others - 2)

11. Web Crawling:

12. Initial crawling functionality
13. Enhanced crawler to operate within target domain boundaries and handle URL redirection
14. Advanced crawler capable of any-depth crawling

15. Improved v3 crawler (competitive with SQLmap crawler)

16. Concurrency & Threading:

17. Concurrency to utilize multiple CPU threads for faster scans
18. Custom thread count for Open Redirect, CRLF, and CORS scans

19. New argument --threads/-T for global threading count (no prompt for threads)

20. Multi-Target Scanning:

21. Support for scanning multiple URLs with --multi-target {targetfilename}.txt

22. Ability to scan URLs directly without crawling using --url/-u and --multi-url/-mu arguments

23. Automation and Convenience:

24. Auto-update functionality (version-dependent)
25. New argument --check-updates to check for and perform updates
26. New argument --random-agent to randomize user-agents
27. Header usage to make requests appear more legitimate and reduce detection/blocking

28. Argument --no-prompt/-np to disable prompts (default input = 'n')

29. Scan Profiles & Severity-Based Scanning:

30. New critical and high-risk scan profiles (--scan critical-risk and --scan high-risk) using severity-based CVE exploits

31. Argument --profile critical-risk/high-risk with --profileurl for streamlined scanning based on CVE severity

32. Logging and Stability:

33. Logging functionality for scan sessions
34. Various bug fixes and optimizations for stability and processing speed

Installation and Usage

Clone the repository:

git clone https://github.com/TrixSec/waymap.git

Install the required dependencies:

pip install .

Run Waymap:

python waymap.py --crawl 1 --scan sql/cmdi/ssti/xss/lfi/open-redirect/crlf/cors/all --target/--multi-target https://example.com/{filename}.txt

python waymap.py --scan sql/cmdi/ssti/xss/lfi/open-redirect/crlf/cors/all --url/--mutli-url https://example.com/index.php?id=1/{filename}.txt

Check Help

python waymap.py -h

Credits

• Thanks SQLMAP For Payloads Xml File

IF There's Any Issue In Waymay Then Submit The Issues Here: https://github.com/TrixSec/waymap/issues

Also Star The Repo And Fork It

Follow Us on Telegram

Stay updated with the latest tools and hacking resources. Join our Telegram Channel by clicking the logo below:

Happy Hacking!