wapiti

Wapiti

WAPITI is a simple command line to tools that automate the auditing of web applications. It’s free, open source and has some recent fixes and updates (WAPITI homepage). Applications can be donated at (WAPITI Repository).

Wapiti allows you to audit the security of your web applications. Perform a “black box” scan. This means that without studying the source code of the application, it scans the web pages of a deployed web application to find scripts and forms that can inject data. Wapiti acts like a purge, injecting a payload to see if your script is vulnerable.

Wapiti is able to detect the following vulnerabilities:

Database injection (PHP/ASP/JSP SQL injection and XPath injection)
Cross-Site Scripting (XSS) Reflective and Persistent
File open detection (local and remote included, required, fopen, readfile…)
Command execution detection (eval(), system(), passtru()…)
Xml eXternal Entity (XXE) injection
CRLF injection
Searching for potentially dangerous files on the server (thanks to Nikto db)
Bypass weak htaccess configuration
Retrieve a copy of the script (backup) from the server
shell shock
Same DirBuster
Server-side request forgery (via external WAPiti website)

Size 1.54 MB

Install Wapiti sudo apt install wapiti

.