WAScan - Web Application Scanner
WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc. WAScan is built on python2.7 and can run on any platform which has a Python environment.
Features
Fingerprint
- Content Management System (CMS) -> 6
- Web Frameworks -> 22
- Cookies/Headers Security
- Languages -> 9
- Operating Systems (OS) -> 7
- Server -> ALL
- Web App Firewall (WAF) -> 50+
Attacks
- Bash Commands Injection
- Blind SQL Injection
- Buffer Overflow
- Carriage Return Line Feed
- SQL Injection in Headers
- XSS in Headers
- HTML Injection
- LDAP Injection
- Local File Inclusion
- OS Commanding
- PHP Code Injection
- SQL Injection
- Server Side Injection
- XPath Injection
- Cross Site Scripting
- XML External Entity
Audit
- Apache Status Page
- Open Redirect
- PHPInfo
- Robots.txt
- XST
Bruteforce
- Admin Panel
- Common Backdoor
- Common Backup Dir
- Common Backup File
- Common Dir
- Common File
- Hidden Parameters
Disclosure
- Credit Cards
- Emails
- Private IP
- Errors -> (fatal errors,...)
- SSN
Installation
$ git clone https://github.com/m4ll0k/WAScan.git wascan
$ cd wascan
$ pip install BeautifulSoup
$ python wascan.py
Usage
Fingerprint:
$ python wascan.py --url http://xxxxx.com/ --scan 0
Attacks:
$ python wascan.py --url http://xxxxx.com/index.php?id=1 --scan 1
Audit:
$ python wascan.py --url http://xxxxx.com/ --scan 2
Bruteforce:
$ python wascan.py --url http://xxxxx.com/ --scan 3
Disclosure:
$ python wascan.py --url http://xxxxx.com/ --scan 4
Full Scan:
$ python wascan.py --url http://xxxxx.com --scan 5
Bruteforce Hidden Parameters:
$ python wascan.py --url http://xxxxx.com/test.php --brute
Advanced Usage
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234"
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --data "id=1" --method POST
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx --proxy-auth "root:4321"
$ python wascan.py --url http://xxxxx.com/test.php --scan 5 --auth "admin:1234" --proxy xxx.xxx.xxx.xxx --proxy-auth "root:4321 --ragent -v
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent