m4ll0k / Wascan
Licence: gpl-3.0
WAScan - Web Application Scanner
Stars: ✭ 1,895
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Wascan
Sqlinjectionwiki
A wiki focusing on aggregating and documenting various SQL injection methods
Stars: ✭ 623 (-67.12%)
Mutual labels: sql, injection
Imagejs
Small tool to package javascript into a valid image file.
Stars: ✭ 828 (-56.31%)
Mutual labels: xss, injection
Azscanner
自动漏洞扫描器,自动子域名爆破,自动爬取注入,调用sqlmapapi检测注入,端口扫描,目录爆破,子网段服务探测及其端口扫描,常用框架漏洞检测。 Automatic scanner, automatic sub domain blasting, automatic crawl injection, injection, call the sqlmapapi port scan detection, directory service detection and segment blasting, port scanning, vulnerability detection framework commonly used.
Stars: ✭ 468 (-75.3%)
Mutual labels: scanner, injection
Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-85.91%)
Mutual labels: xss, injection
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (-53.19%)
Mutual labels: scanner, xss
Cancer Donation Portal Python Flask App
Flask App for Cancer Donation Portal using basic Python, SQLite3, HTML, CSS and Javascript
Stars: ✭ 32 (-98.31%)
Mutual labels: sql, webapp
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (-48.6%)
Mutual labels: scanner, xss
Javacodeaudit
Getting started with java code auditing 代码审计入门的小项目
Stars: ✭ 289 (-84.75%)
Mutual labels: sql, xss
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (-69.23%)
Mutual labels: scanner, xss
Arachni
Web Application Security Scanner Framework
Stars: ✭ 2,942 (+55.25%)
Mutual labels: scanner, xss
Dalfox
🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang
Stars: ✭ 791 (-58.26%)
Mutual labels: scanner, xss
moneta
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
Stars: ✭ 384 (-79.74%)
Mutual labels: scanner, injection
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (-55.3%)
Mutual labels: scanner, xss
WAScan - Web Application Scanner
Note: building of a new version is underway...
WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and can run on any platform which has a Python environment.
Features
Fingerprint
- Content Management System (CMS) -> 6
- Web Frameworks -> 22
- Cookies/Headers Security
- Languages -> 9
- Operating Systems (OS) -> 7
- Server -> ALL
- Web App Firewall (WAF) -> 50+
Attacks
- Bash Commands Injection
- Blind SQL Injection
- Buffer Overflow
- Carriage Return Line Feed
- SQL Injection in Headers
- XSS in Headers
- HTML Injection
- LDAP Injection
- Local File Inclusion
- OS Commanding
- PHP Code Injection
- SQL Injection
- Server Side Injection
- XPath Injection
- Cross Site Scripting
- XML External Entity
Audit
- Apache Status Page
- Open Redirect
- PHPInfo
- Robots.txt
- XST
Bruteforce
- Admin Panel
- Common Backdoor
- Common Backup Dir
- Common Backup File
- Common Dir
- Common File
- Hidden Parameters
Disclosure
- Credit Cards
- Emails
- Private IP
- Errors -> (fatal errors,...)
- SSN
Installation
$ git clone https://github.com/m4ll0k/WAScan.git wascan
$ cd wascan
$ pip install BeautifulSoup
$ python wascan.py
Usage
Fingerprint:
$ python wascan.py --url http://xxxxx.com/ --scan 0
Attacks:
$ python wascan.py --url http://xxxxx.com/index.php?id=1 --scan 1
Audit:
$ python wascan.py --url http://xxxxx.com/ --scan 2
Bruteforce:
$ python wascan.py --url http://xxxxx.com/ --scan 3
Disclosure:
$ python wascan.py --url http://xxxxx.com/ --scan 4
Full Scan:
$ python wascan.py --url http://xxxxx.com --scan 5
Bruteforce Hidden Parameters:
$ python wascan.py --url http://xxxxx.com/test.php --brute
Advanced Usage
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234"
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --data "id=1" --method POST
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx --proxy-auth "root:4321"
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx --proxy-auth "root:4321 --ragent -v
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].