Wapiti - Taking Offensive Web Security to Next Liver, a Must Have Web Pentesters tool

Wapiti is a free and open-source web application vulnerability scanner that enables users to assess the security of their applications, including WordPress sites.

It performs security audits by analyzing web applications for vulnerabilities, such as SQL injection, Cross-Site Scripting (XSS), and file disclosure issues.

Wapiti works as a "black-box" vulnerability scanner, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors.

Disclaimer

Wapiti is a cybersecurity software. It performs security assessments on a provided target, which can lead to malfunctions and crashes on the target, as well as potential data loss.

Usage of Wapiti for attacking a target without prior consent of its owner is illegal. It is the end user's responsibility to obey all applicable local laws.

Developers and people involved in the Wapiti project assume no liability and are not responsible for any misuse or damage caused by this program.

Wapiti Scanner Features

Vulnerability Detection Modules:

• SQL Injections: Detects error-based, boolean-based, and time-based SQL injection vulnerabilities.
• XPath Injections: Identifies XPath injection vulnerabilities.
• Cross-Site Scripting (XSS): Checks for reflected and persistent XSS vulnerabilities.
• File Disclosure Detection: Identifies local and remote file inclusion, require, fopen, and readfile vulnerabilities.
• Command Execution Detection: Detects issues with functions like eval(), system(), and passthru().
• XXE Injection: Checks for XML eXternal Entity injection vulnerabilities.
• CRLF Injection: Identifies CRLF injection vulnerabilities.
• Dangerous File Search: Scans for potentially dangerous files on the server using the Nikto database.
• Weak .htaccess Bypass: Detects weak configurations in .htaccess files.
• Backup Script Search: Looks for backup copies of scripts on the server.
• Shellshock Detection: Identifies vulnerabilities related to the Shellshock bug.
• Directory and File Enumeration: Conducts folder and file enumeration similar to DirBuster.
• Server Side Request Forgery (SSRF): Checks for SSRF vulnerabilities via external Wapiti website.
• Open Redirects: Detects open redirect vulnerabilities.
• Uncommon HTTP Methods Detection: Identifies the presence of uncommon HTTP methods like PUT.
• Basic CSP Evaluator: Evaluates Content Security Policy (CSP) implementation.
• Brute Force Login: Performs brute-force attacks on login forms using a dictionary list.
• HTTP Security Headers Check: Analyzes security headers in HTTP responses.
• Cookie Security Flags Check: Checks for secure and HttpOnly flags in cookies.
• Cross-Site Request Forgery (CSRF): Basic detection of CSRF vulnerabilities.
• Web Application Fingerprinting: Uses the Wappalyzer database for application fingerprinting.
• CMS Enumeration: Enumerates popular CMS platforms (e.g., WordPress, Drupal, Joomla).
• Subdomain Takeover Detection: Identifies potential vulnerabilities for subdomain takeovers.
• Log4Shell Vulnerability Detection: Checks for Log4Shell vulnerabilities (CVE-2021-44228).
• TLS Configuration Check: Assesses TLS misconfiguration and vulnerabilities using SSLyze.

General Features:

• Vulnerability Reports: Generates reports in HTML, XML, JSON, TXT, and CSV formats.
• Session Management: Supports suspending and resuming scans or attacks using SQLite3 databases.
• Terminal Color Coding: Highlights vulnerabilities in the terminal using color coding.
• Adjustable Verbosity Levels: Offers different levels of verbosity for scan outputs.
• Easy Attack Module Management: Fast activation and deactivation of attack modules.
• Custom Payloads: Allows for easy addition of custom payloads by editing text files.
• Configurable Concurrent Tasks: Sets the number of concurrent tasks for HTTP requests.

Browsing Features:

• Proxy Support: Supports HTTP, HTTPS, and SOCKS5 proxies.
• Authentication Methods: Handles authentication via Basic, Digest, NTLM, or GET/POST on login forms.
• Scan Scope Restriction: Restrains scan scope to specific domains, folders, pages, or URLs.
• Parameter Removal: Automatically removes one or more parameters in URLs during scanning.
• Endless Loop Safeguards: Multiple safeguards against scan endless loops, including parameter limits.
• Customizable Initial URLs: Sets initial URLs for exploration, even if not in scope.
• URL Exclusion: Excludes specific URLs from scans and attacks (e.g., logout URLs).
• Cookie Importing: Imports cookies from Chrome or Firefox browsers or using the wapiti-getcookie tool.
• SSL Certificate Verification: Option to enable or disable SSL certificate verification.
• Flash SWF URL Extraction: Extracts URLs from Flash SWF files.
• HTML5 Awareness: Understands and processes recent HTML5 tags.
• Crawler Behavior Control: Several options to control crawler behavior and limits.
• Parameter Skipping: Skips certain parameter names during attacks.
• Scan Duration Limits: Sets maximum time limits for the scan process.
• Custom HTTP Headers: Allows the addition of custom HTTP headers or User-Agent settings.
• Man-In-The-Middle Proxy Support: Enables exploration of the target using the browser via a proxy.
• Automated Browsing: Automated browsing using Firefox in headless mode.
• Automated API Testing: Supports automated API testing through Swagger/OpenAPI specifications.

License

Wapiti is released under the GNU General Public License version 2 (the GPL).

Resources & Downloads

• Source-code and download

GitHub - wapiti-scanner/wapiti: Web vulnerability scanner written in Python3

Web vulnerability scanner written in Python3. Contribute to wapiti-scanner/wapiti development by creating an account on GitHub.

GitHubwapiti-scanner