Wapiti is a tool written in python that analyze website.
You can download wapiti from here
Work with python > 2.4 and python < 3.0
Wapiti can detect following vulnerabilies:
-File Handling Errors (Local and remote include/require, fopen, readfile...)
-Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
-XSS (Cross Site Scripting) Injection
-LDAP Injection
-Command Execution detection (eval(), system(), passtru()...)
-CRLF Injection (HTTP Response Splitting, session fixation...)
For run wapiti type : ./wapiti.py url
The more important options are:
-s : To specify an url to start with
-x : To exclude an url from the scan
-p : To specify a proxy
-t : To fix the timeout
-v : Set the verbosity level 0: quiet (default), 1: print each url, 2: print every attack
-o : Set the name of the report file
Example :
./wapiti.py http://site.com -o /home/HackForLulz/result
Target = site.com
Output = /home/HackForLulz/result
./wapiti.py http://site.com -p 127.0.0.1:9050 -o /home/HackForLulz/result
Target = site.com
Output = /home/HackForLulz/result
Proxy : localhost:9050 (SOCKS 5) <- through by Tor
./wapiti.py http://site.com -x http://site.com/admin -n 100
Target = site.com
Exclude = http://site.com/admin <- Exclude directory /admin
Max url = 100
If you have a problem or you need some explanations just write under this post!
No comments:
Post a Comment