Wapiti is a vulnerability scanner for web applications.

It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects...

It use the Python 3 programming language.

Features

  • Fast and easy to use
  • Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
  • Can suspend and resume a scan or an attack
  • Can give you colors in the terminal to highlight vulnerabilities
  • Different levels of verbosity
  • Adding a payload can be as easy as adding a line to a text file
  • Support HTTP and HTTPS proxies
  • Authentication via several methods : Basic, Digest, Kerberos or NTLM
  • Ability to restrain the scope of the scan (domain, folder, webpage)
  • Safeguards against scan endless-loops (max number of values for a parameter)
  • Can exclude some URLs of the scan and attacks (eg: logout URL)
  • Extract URLs from Flash SWF files
  • Try to extract URLs from javascript (very basic JS interpreter)
  • ... and more features described on the website !

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 2.0 (GPLv2)

Follow Wapiti

Wapiti Web Site

Other Useful Business Software
Migrate to innovate with Red Hat Enterprise Linux on Azure Icon
Migrate to innovate with Red Hat Enterprise Linux on Azure

Streamline your IT modernization journey with a holistic environment running Red Hat Enterprise Linux on Azure.

With Red Hat Enterprise Linux on Azure, businesses can confidently modernize their IT environment, knowing they don’t have to compromise on security, scalability, reliability, and ease of management. Securely accelerate innovation and unlock a competitive edge with enterprise-grade modern cloud infrastructure.
Rate This Project
Login To Rate This Project

User Ratings

★★★★★
★★★★
★★★
★★
7
0
0
0
0
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

User Reviews

  • Very well done. We have been looking at tools to help secure web applications. They were either obnoxiously overpriced or just did not have the flexibility we were looking for. This has, so far, been quite easy to use and take the information to properly secure the applications.
    1 user found this review helpful.
  • Nice project ;-)
  • i have problem when want to using wapiti?? Wapiti-2.2.1 (wapiti.sourceforge.net) Traceback (most recent call last): File "wapiti.py", line 447, in <module> wap.browse(crawlerFile) File "wapiti.py", line 241, in browse self.urls, self.forms = self.HTTP.browse(crawlerFile) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/HTTP.py", line 74, in browse self.myls.go(crawlerFile) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/lswww.py", line 499, in go headers = self.browse(lien) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/lswww.py", line 205, in browse info, data = self.h.request(url, headers = self.cookiejar.headers_url(url)) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/httplib2/__init__.py", line 1084, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/httplib2/__init__.py", line 888, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/httplib2/__init__.py", line 856, in _conn_request raise ServerNotFoundError("Unable to find the server at %s" % conn.host) net.httplib2.ServerNotFoundError: Unable to find the server at -u anyone can help me please???
  • Nice and Easy to use.
    2 users found this review helpful.
  • good job
    1 user found this review helpful.
Read more reviews >

Additional Project Details

Languages

French, English, Malay, German, Spanish

Intended Audience

Security Professionals, Security

User Interface

Command-line

Programming Language

Python

Related Categories

Python Security Software, Python Software Testing Tool, Python Vulnerability Scanners

Registered

2006-05-26