WAES: A Fast Website Enumeration And Scanning Tool For Hackers

About WAES: CPH:SEC WAES at a Glance
   Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every box eg. Nmap, Nikto, Dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enumeration process can be optimized while saving time for hacker. This is what CPH:SEC WAES or Website Auto Enumeration And Scanning is created for. WAES runs 4 steps of scanning against target (see more below) to optimize the time spend scanning. While multi core or multi-threaded scanning could be implemented it will almost surely get boxes to hang and so is undesirable.

• From current version and forward WAES will include an install script (see blow) as project moves from alpha to beta phase. 
• WAES could have been developed in Python but good Bash projects are need to learn Bash. 
• WAES is currently made for CTF boxes but is moving towards online uses (see todo section)

WAES Installation and Running
   Make sure directories are set correctly in supergobuster.sh. Should be automatic with Kali Linux and Parrot Security OS.

• Standard directories for lists: SecLists/Discovery/Web-Content and SecLists/Discovery/Web-Content/CMS 
• Kali Linux and Parrot Security OS wordlists directory list:
  /usr/share/wordlists/dirbuster/

WAES Enumeration Process and Method: 
   The scanning and enumeration process includes four steps

• Step 0 - Passive scan - (disabled in the current version):
     whatweb - aggressive mode
     OSIRA (same author) - looks for subdomains 
• Step 1 - Fast scan
     wafw00 - firewall detection
     nmap with http-enum
• Step 2 - Scan - in-depth
     nmap - with NSE scripts: http-date,http-title,http-server-header,http-headers,http-enum,http-devframework,http-dombased-xss,http-stored-xss,http-xssed,http-cookie-flags,http-errors,http-grep,http-traceroute
     nmap with vulscan (CVSS 5.0+)
     nikto - with evasion A and all CGI dirs
     uniscan - all tests except stress test (qweds) 
• Step 3 - Fuzzing
  
  • supergobuster
    gobuster with multiple lists
    dirb with multiple lists 
  • xss scan (to come)

.. against target while dumping results files in report folder.

To-do list:

• Implement domain as input 
• Add XSS scan 
• Add SSL/TLS scanning 
• Add domain scans 
• Add golismero 
• Add dirble 
• Add progressbar 
• Add CMS detection 
• Add CMS specific scans

Download WAES