API tools faq
paste
Advertisement
TVT618

[Linux] WAScan - Web Application Scanner

TVT618
Feb 25th, 2018
224
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.03 KB | None | 0 0
raw download clone embed print report
  1. [Linux]
  2. WAScan - Web Application Scanner
  3.  
  4. WAScan - Web Application Scanner
  5. WAScan (Web Application Scanner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and can run on any platform which has a Python environment.
  6.  
  7. Install and use
  8. git clone https://github.com/m4ll0k/WAScan (Install WAScan)
  9. cd WAScan
  10. pip install -r requirements.txt (Install the required modules)
  11. python wascan.py (Run WAScan)
  12.  
  13. Features
  14. Fingerprint
  15. * Detect Server
  16. * Detect Web Frameworks (22)
  17. * Check Cookie Security
  18. * Check Headers Security
  19. * Detect Language (9)
  20. * Detect Operating System (OS - 8)
  21. * Detect Content Management System (CMS - 6)
  22. * Detect Web Application Firewall (WAF - 54)
  23.  
  24. Attacks
  25. * Bash Command Injection (ShellShock)
  26. * Blind SQL Injection
  27. * SQL Injection via Cookie,Referer and User-Agent Header Value
  28. * Cross-Site Scripting (XSS) via Cookie,Referer and User-Agent Header Value
  29. * Buffer Overflow
  30. * HTML Code Injection
  31. * PHP Code Injection
  32. * LDAP Injection
  33. * Local File Inclusion (lfi)
  34. * OS Commanding
  35. * SQL Injection
  36. * XPath Injection
  37. * Cross Site Scripting (XSS)
  38.  
  39. Audit
  40. * Apache Status
  41. * WebDav
  42. * PHPInfo
  43. * Robots Paths
  44. * Cross-Site Tracing (XST)
  45.  
  46. Bruteforce
  47. * Admin Panel
  48. * Backdoor (shell)
  49. * Backup Dirs
  50. * Backup Files
  51. * Common Dirs
  52. * Common Files
  53.  
  54. Disclosure
  55. * Credit Cards
  56. * Emails
  57. * Private IP
  58. * SSN
  59. * Detect Warnings,Fatal Error,...
  60.  
  61. Example: Full scan of LuongTheVinh.com.vn
  62. python wascan.py -u http://luongthevinh.com.vn -s 5
  63.  
  64. Download WAScan: https://github.com/m4ll0k/WAScan
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!