Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections... It use the Python programming language.
- Fast and easy to use
- Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
- Can suspend and resume a scan or an attack
- Can give you colors in the terminal to highlight vulnerabilities
- Different levels of verbosity
- Adding a payload can be as easy as adding a line to a text file
- Support HTTP and HTTPS proxies
- Authentication via several methods : Basic, Digest, Kerberos or NTLM
- Ability to restrain the scope of the scan (domain, folder, webpage)
- Safeguards against scan endless-loops (max number of values for a parameter)
- Can exclude some URLs of the scan and attacks (eg: logout URL)
- Extract URLs from Flash SWF files
- ... and more features described on the website !
i have problem when want to using wapiti?? Wapiti-2.2.1 (wapiti.sourceforge.net) Traceback (most recent call last): File "wapiti.py", line 447, in <module> wap.browse(crawlerFile) File "wapiti.py", line 241, in browse self.urls, self.forms = self.HTTP.browse(crawlerFile) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/HTTP.py", line 74, in browse self.myls.go(crawlerFile) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/lswww.py", line 499, in go headers = self.browse(lien) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/lswww.py", line 205, in browse info, data = self.h.request(url, headers = self.cookiejar.headers_url(url)) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/httplib2/__init__.py", line 1084, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/httplib2/__init__.py", line 888, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/home/dzhenway/Downloads/wapiti-2.2.1/src/net/httplib2/__init__.py", line 856, in _conn_request raise ServerNotFoundError("Unable to find the server at %s" % conn.host) net.httplib2.ServerNotFoundError: Unable to find the server at -u anyone can help me please???
Nice and Easy to use.
I would like to request SSL support in a future release.