WAPITI - WEB APPLICATION VULNERABILITY SCANNER !

ABOUT THE TOOL |

WAPITI tool basically scans the vulnerabilities of a web application . It performs a black box scan means it does not study the source code of the web app . It scans webpages and looks for scripts and forms where it can inject data.

wapiti injects payload to see if the site is vulnerable.

VULNERABILITIES SCANNED BY WAPITI 

1. File Handling errors (local / remote)

2. Database injections (PHP / JSP /ASP / SQL injections )

3. XSS (Cross site scripting injection) and LDAP injections

4. Command execution ( system() , eval() , etc )

5. CRLF injections 

HOW TO USE?

It is preinstalled in Kali!

or you can install it by typing

sudo apt-get install wapiti

 

then 

wapiti -u https://targetsite.com

where -u specifies target URL

 SCAN WILL TAKE TIME !

Scan result results will be saved in dynamic "beautifull" html file .

You can check the scan results  here

A mastepanel.in....html file is your scan report 

type 

firefox your_scan_result.html

to directly see it !

I HAVE USED MY SITE FOR THIS PURPOSE DON'T TRY TO SCAN ANY SITE YOU MAY GET IN TROUBLE. 

BE SAFE.