Vulnerability Scanners

WAScan – Web Application Scanner

By root

Posted on March 10, 2018

WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” methods.

WAScan is built on python2.7 and can run on any platform which has a Python environment.

Features

Fingerprint
- Detect Server
- Detect Web Frameworks (22)
- Check Cookie Security
- Check Headers Security
- Detect Language (9)
- Detect Operating System (OS – 8)
- Detect Content Management System (CMS – 6)
- Detect Web Application Firewall (WAF – 54)
Attacks
- Bash Command Injection (ShellShock)
- Blind SQL Injection
- SQL Injection via Cookie,Referer and User-Agent Header Value
- Cross-Site Scripting (XSS) via Cookie,Referer and User-Agent Header Value
- Buffer Overflow
- HTML Code Injection
- PHP Code Injection
- LDAP Injection
- Local File Inclusion (lfi)
- OS Commanding
- SQL Injection
- XPath Injection
- Cross Site Scripting (XSS)
Audit
- Apache Status
- WebDav
- PHPInfo
- Robots Paths
- Cross-Site Tracing (XST)
Bruteforce
- Admin Panel
- Backdoor (shell)
- Backup Dirs
- Backup Files
- Common Dirs
- Common Files
Disclosure
- Credit Cards
- Emails
- Private IP
- SSN
- Detect Warnings,Fatal Error,…

Installation

$ git clone https://github.com/m4ll0k/WAScan.git wascan
$ cd wascan 
$ pip install -r requirements.txt
$ python wascan.py

Download WAScan

Related Items:how to use wascan, WAScan – Web Application Scanner, wascan commands, wascan tutorial

MrHacker

WAScan – Web Application Scanner

Download WAScan

Latest News

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

New Android Trojan ‘SoumniBot’ Evades Detection with Clever Tricks

Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Links

Pin It on Pinterest