Vulnerability Scanners

WAScan – Web Application Scanner

WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” methods.
WAScan is built on python2.7 and can run on any platform which has a Python environment.

Features
  • Fingerprint
    • Detect Server
    • Detect Web Frameworks (22)
    • Check Cookie Security
    • Check Headers Security
    • Detect Language (9)
    • Detect Operating System (OS – 8)
    • Detect Content Management System (CMS – 6)
    • Detect Web Application Firewall (WAF – 54)
  • Attacks
    • Bash Command Injection (ShellShock)
    • Blind SQL Injection
    • SQL Injection via Cookie,Referer and User-Agent Header Value
    • Cross-Site Scripting (XSS) via Cookie,Referer and User-Agent Header Value
    • Buffer Overflow
    • HTML Code Injection
    • PHP Code Injection
    • LDAP Injection
    • Local File Inclusion (lfi)
    • OS Commanding
    • SQL Injection
    • XPath Injection
    • Cross Site Scripting (XSS)
  • Audit
    • Apache Status
    • WebDav
    • PHPInfo
    • Robots Paths
    • Cross-Site Tracing (XST)
  • Bruteforce
    • Admin Panel
    • Backdoor (shell)
    • Backup Dirs
    • Backup Files
    • Common Dirs
    • Common Files
  • Disclosure
    • Credit Cards
    • Emails
    • Private IP
    • SSN
    • Detect Warnings,Fatal Error,…

Installation

$ git clone https://github.com/m4ll0k/WAScan.git wascan
$ cd wascan
$ pip install -r requirements.txt
$ python wascan.py

 

Download WAScan

About the author

Pentestworld

Add Comment

Click here to post a comment