Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.
New features
[1] Active and passive scanning support web component recognition, with built-in 3700+ web component recognition plugins. [2] Fixed the issue of abnormal exits in the reverse connection platform.
New features
[1] Active and passive scanning supports hostname and path as filter conditions
New features
[1]New xstream series vulnerability detection plugin [2]Reconstruct the reverse module
New features
[1] Support custom FUZZ plugin to fuzz test parameters in body and query [2] Rename the custom_tmpl plugin to waftest [3] Add version number to config.yml and automatically update to overwrite the old configuration [4] Support http, socks5 proxy scanning
New features
[1] Optimized the page similarity analysis algorithm and solved the Boolean SQL injection error reporting problem [2] Fixed the problem of missing POST data caused by dynamic crawler not using deep copy
New features
[1] Support baseline/sensitive/application_ error [2] Support for Nuclei Yaml POC plugin [3] Support Shiro framework recognition and default key cracking plugins
问题修复 【1】修复主被动爬虫无法访问不安全TLS连接的问题 【2】修复 DVWA命令执行漏洞漏报的问题 【3】提高被动扫描响应速度 新增功能 【1】支持PHP、JSP、ASP、ASPX任意文件上传检测 【2】被动扫描支持智能请求过滤
问题修复 【1】修复s2-046漏洞漏报 新增功能 【1】支持thinkphp系列漏洞批量检测
新增功能 【1】支持XXE、SSRF、Fastjson漏洞检测,但需开启内置的反连模块 【2】支持struts2系列漏洞批量检测 【3】基于真假的SQL注入,保存True、False的快照到结果中
问题修复 【1】修复YML POC不支持多层目录扫描的问题 【2】修复YML POC由于缺少Header导致执行失败的问题 新增功能 【1】支持Goby JSON POC插件,多层URL目录POC扫描
同时扫描XRAY、Goby POC插件 ./wscan --log-level=debug ws --poc=/your_wscan_poc/wscan-poc/pocs/* --url http://testphp.vulnweb.com/ --html-output=wscan_scan_result.html