Wapiti is a vulnerability scanner for web applications.
It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects...
It use the Python 3 programming language.
Features
- Fast and easy to use
- Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
- Can suspend and resume a scan or an attack
- Can give you colors in the terminal to highlight vulnerabilities
- Different levels of verbosity
- Adding a payload can be as easy as adding a line to a text file
- Support HTTP and HTTPS proxies
- Authentication via several methods : Basic, Digest, Kerberos or NTLM
- Ability to restrain the scope of the scan (domain, folder, webpage)
- Safeguards against scan endless-loops (max number of values for a parameter)
- Can exclude some URLs of the scan and attacks (eg: logout URL)
- Extract URLs from Flash SWF files
- Try to extract URLs from javascript (very basic JS interpreter)
- ... and more features described on the website !
License
GNU General Public License version 2.0 (GPLv2)
You Might Also Like
Red Hat Enterprise Linux (RHEL) on Microsoft Azure provides a secure, reliable, and flexible foundation for your cloud infrastructure. Red Hat Enterprise Linux on Microsoft Azure is ideal for enterprises seeking to enhance their cloud environment with seamless integration, consistent performance, and comprehensive support.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of Wapiti!