Wapiti – Web-application vulnerability scanner

Wapiti allows you to audit the security of your websites or web applications. It performs “black-box” scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Wapiti - Web-application vulnerability scanner
Wapiti – Web-application vulnerability scanner

Wapiti can detect the following vulnerabilities :

  • File disclosure (Local and remote include/require, fopen, readfile…)
  • Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
  • XSS (Cross Site Scripting) injection (reflected and permanent)
  • Command Execution detection (eval(), system(), passtru()…)
  • CRLF Injection (HTTP Response Splitting, session fixation…)
  • XXE (XML External Entity) injection
  • SSRF (Server Side Request Forgery)
  • Use of know potentially dangerous files (thanks to the Nikto database)
  • Weak .htaccess configurations that can be bypassed
  • Presence of backup files giving sensitive information (source code disclosure)
  • Shellshock (aka Bash bug)
  • Open Redirects
  • Uncommon HTTP methods that can be allowed (PUT)

The mentioned attacks are tied to the following module names :

  • backup (Search for copies and scripts)
  • blindsql (SQL injection vulnerabilities detected with time-based methodology)
  • buster (DirBuster like module)
  • crlf (CR-LF injection in HTTP headers)
  • delay (Not an attack module, prints the 10 slowest to load webpages of the target)
  • exec (Code execution or command injection)
  • file (Path traversal, file inclusion, etc)
  • htaccess (Misconfigured htaccess restrictions)
  • methods (Look for uncommon availables HTTP methods like PUT)
  • nikto (Look for known vulnerabilities by testing URL existence and checking responses)
  • permanentxss (Rescan the whole target after the xss module execution looking for previously tainted payloads)
  • redirect (Open Redirects)
  • shellshock (Test Shellshock attack)
  • sql (Error-based SQL injection detection)
  • ssrf (Server Side Request Forgery)
  • xss (XSS injection module)
  • xxe (XML External Entity attack)

You can read more and download this tool over here: http://wapiti.sourceforge.net/

Share