WAScan Save Abandoned

WAScan - Web Application Scanner

Project README

WAScan - Web Application Scanner

Note: building of a new version is underway...

WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and can run on any platform which has a Python environment.

screen

Features

Fingerprint

  • Content Management System (CMS) -> 6
  • Web Frameworks -> 22
  • Cookies/Headers Security
  • Languages -> 9
  • Operating Systems (OS) -> 7
  • Server -> ALL
  • Web App Firewall (WAF) -> 50+

Attacks

  • Bash Commands Injection
  • Blind SQL Injection
  • Buffer Overflow
  • Carriage Return Line Feed
  • SQL Injection in Headers
  • XSS in Headers
  • HTML Injection
  • LDAP Injection
  • Local File Inclusion
  • OS Commanding
  • PHP Code Injection
  • SQL Injection
  • Server Side Injection
  • XPath Injection
  • Cross Site Scripting
  • XML External Entity

Audit

  • Apache Status Page
  • Open Redirect
  • PHPInfo
  • Robots.txt
  • XST

Bruteforce

  • Admin Panel
  • Common Backdoor
  • Common Backup Dir
  • Common Backup File
  • Common Dir
  • Common File
  • Hidden Parameters

Disclosure

  • Credit Cards
  • Emails
  • Private IP
  • Errors -> (fatal errors,...)
  • SSN

Installation

$ git clone https://github.com/m4ll0k/WAScan.git wascan
$ cd wascan 
$ pip install BeautifulSoup
$ python wascan.py

Usage

Fingerprint:

$ python wascan.py --url http://xxxxx.com/ --scan 0

screen_2

Attacks:

$ python wascan.py --url http://xxxxx.com/index.php?id=1 --scan 1

screen_3

Audit:

$ python wascan.py --url http://xxxxx.com/ --scan 2

screen_4

Bruteforce:

$ python wascan.py --url http://xxxxx.com/ --scan 3

screen_5

Disclosure:

$ python wascan.py --url http://xxxxx.com/ --scan 4

screen_5

Full Scan:

$ python wascan.py --url http://xxxxx.com --scan 5

screen_5

Bruteforce Hidden Parameters:

$ python wascan.py --url http://xxxxx.com/test.php --brute

screen_5

Advanced Usage

$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234"
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --data "id=1" --method POST
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx 
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx --proxy-auth "root:4321"
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx --proxy-auth "root:4321 --ragent -v
Open Source Agenda is not affiliated with "WAScan" Project. README Source: m4ll0k/WAScan
Stars
1,883
Open Issues
44
Last Commit
3 years ago
License
GPL-3.0
Tags
Injection Scanner Sql Web Webapp Xss

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?