WAScan - An Website Applications Scanner written in Python 2
WAScan - Web Application Scanner
WAScan (Web Application Scanner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on Python 2.7 and can run on any platform which has a Python environment.
Install and use
git clone https://github.com/m4ll0k/WAScan (Install WAScan)
cd WAScan
pip install -r requirements.txt (Install the required modules)
python wascan.py (Run WAScan)
Features
Fingerprint
* Detect Server
* Detect Web Frameworks (22)
* Check Cookie Security
* Check Headers Security
* Detect Language (9)
* Detect Operating System (OS - 8)
* Detect Content Management System (CMS - 6)
* Detect Web Application Firewall (WAF - 54)
Attacks
* Bash Command Injection (ShellShock)
* Blind SQL Injection
* SQL Injection via Cookie,Referer and User-Agent Header Value
* Cross-Site Scripting (XSS) via Cookie,Referer and User-Agent Header Value
* Buffer Overflow
* HTML Code Injection
* PHP Code Injection
* LDAP Injection
* Local File Inclusion (lfi)
* OS Commanding
* SQL Injection
* XPath Injection
* Cross Site Scripting (XSS)
Audit
* Apache Status
* WebDav
* PHPInfo
* Robots Paths
* Cross-Site Tracing (XST)
Bruteforce
* Admin Panel
* Backdoor (shell)
* Backup Dirs
* Backup Files
* Common Dirs
* Common Files
Disclosure
* Credit Cards
* Emails
* Private IP
* SSN
* Detect Warnings,Fatal Error,...
Example: Full scan of LuongTheVinh.com.vn
python wascan.py -u http://luongthevinh.com.vn -s 5
