Wapiti

Wapiti is a vulnerability scanner for web applications.

It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects...

It use the Python 3 programming language.

Features

Fast and easy to use
Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
Can suspend and resume a scan or an attack
Can give you colors in the terminal to highlight vulnerabilities
Different levels of verbosity
Adding a payload can be as easy as adding a line to a text file
Support HTTP and HTTPS proxies
Authentication via several methods : Basic, Digest, Kerberos or NTLM
Ability to restrain the scope of the scan (domain, folder, webpage)
Safeguards against scan endless-loops (max number of values for a parameter)
Can exclude some URLs of the scan and attacks (eg: logout URL)
Extract URLs from Flash SWF files
Try to extract URLs from javascript (very basic JS interpreter)
... and more features described on the website !

Project Samples

Extract from the output of a scan with the -u option

Extract : top of a generated vulnerability report in HTML format

Project Activity

See All Activity >

License

GNU General Public License version 2.0 (GPLv2)

Follow Wapiti

Wapiti Web Site

User Ratings

5.0 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

User Reviews

Be the first to post a review of Wapiti!

Additional Project Details

Languages

French, English, Malay, German, Spanish

Intended Audience

Security Professionals, Security

User Interface

Command-line

Programming Language

Python

Related Categories

Python Security Software, Python Software Testing Tool, Python Vulnerability Scanners

Registered

2006-05-26

Similar Business Software

PHP Secure

PHP Secure is a FREE code scanner that analyzes your PHP code for critical security vulnerabilities. Free online scanner: - Quickly and qualitatively finds web app vulnerabilities - Gives explicit reports and recommendations to fix vulnerabilities - Easy to use and requires no...

See Software
Trusted Knight Protector Web

Protector Air is focused on protecting individual sessions and the transactions within those sessions. Protector Web further protects the web server with enterprise-grade web application security and DDoS protection. Protector Web eliminates website and application vulnerabilities such as...

See Software
WebReaver

WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, suitable for novice as well as advanced users. WebReaver allows you easily test any web application for a large variety of web vulnerabilities from the sever kinds...

See Software