Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Linux]
- WAScan - Web Application Scanner
- WAScan - Web Application Scanner
- WAScan (Web Application Scanner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and can run on any platform which has a Python environment.
- Install and use
- git clone https://github.com/m4ll0k/WAScan (Install WAScan)
- cd WAScan
- pip install -r requirements.txt (Install the required modules)
- python wascan.py (Run WAScan)
- Features
- Fingerprint
- * Detect Server
- * Detect Web Frameworks (22)
- * Check Cookie Security
- * Check Headers Security
- * Detect Language (9)
- * Detect Operating System (OS - 8)
- * Detect Content Management System (CMS - 6)
- * Detect Web Application Firewall (WAF - 54)
- Attacks
- * Bash Command Injection (ShellShock)
- * Blind SQL Injection
- * SQL Injection via Cookie,Referer and User-Agent Header Value
- * Cross-Site Scripting (XSS) via Cookie,Referer and User-Agent Header Value
- * Buffer Overflow
- * HTML Code Injection
- * PHP Code Injection
- * LDAP Injection
- * Local File Inclusion (lfi)
- * OS Commanding
- * SQL Injection
- * XPath Injection
- * Cross Site Scripting (XSS)
- Audit
- * Apache Status
- * WebDav
- * PHPInfo
- * Robots Paths
- * Cross-Site Tracing (XST)
- Bruteforce
- * Admin Panel
- * Backdoor (shell)
- * Backup Dirs
- * Backup Files
- * Common Dirs
- * Common Files
- Disclosure
- * Credit Cards
- * Emails
- * Private IP
- * SSN
- * Detect Warnings,Fatal Error,...
- Example: Full scan of LuongTheVinh.com.vn
- python wascan.py -u http://luongthevinh.com.vn -s 5
- Download WAScan: https://github.com/m4ll0k/WAScan
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement