WAPITI - WEB APPLICATION VULNERABILITY SCANNER !
ABOUT THE TOOL |
WAPITI tool basically scans the vulnerabilities of a web application . It performs a black box scan means it does not study the source code of the web app . It scans webpages and looks for scripts and forms where it can inject data.
wapiti injects payload to see if the site is vulnerable.
VULNERABILITIES SCANNED BY WAPITI
1. File Handling errors (local / remote)
2. Database injections (PHP / JSP /ASP / SQL injections )
3. XSS (Cross site scripting injection) and LDAP injections
4. Command execution ( system() , eval() , etc )
5. CRLF injections
HOW TO USE?
It is preinstalled in Kali!
or you can install it by typing
sudo apt-get install wapiti
then
wapiti -u https://targetsite.com
where -u specifies target URL
SCAN WILL TAKE TIME !
Scan result results will be saved in dynamic "beautifull" html file .
You can check the scan results here
A mastepanel.in....html file is your scan report
type
firefox your_scan_result.html
to directly see it !
I HAVE USED MY SITE FOR THIS PURPOSE DON'T TRY TO SCAN ANY SITE YOU MAY GET IN TROUBLE.
BE SAFE.
Comments
Post a Comment