Details

Category: Scanners

Publisher: trickest-mhmdiaa

Created Date: 9/7/2022

Container: quay.io/trickest/wapiti:3.1.3

Source URL: https://github.com/wapiti-scanner/wapiti

Parameters

url
string
required
Command: --url - The base URL used to define the scan scope
data
string
Command: --data - Urlencoded data to send with the base URL if it is a POST request
Command: --skip - Skip attacking given parameter(s)
color
boolean
Command: --color - Colorize output
depth
string
Command: --depth - Set how deep the scanner should explore the website
level
string
Command: --level - Set attack level
proxy
string
Command: --proxy - Set the HTTP(S) proxy to use. Supported: http(s) and socks proxies
scope
string
Command: --scope - Set scan scope (page, folder, domain, url, or punk)
start
string
Command: --start - Adds a url to start scan with
tasks
string
Command: --tasks - Number of concurrent tasks to use for the exploration (crawling) of the target.
cookie
file
Command: --cookie - Set a JSON cookie file to use.
format
string
Command: --format - Set output format. Supported: csv, html, json, txt, xml. Default is html.
header
string
Command: --header - Set a custom header to use for every requests
module
string
Command: --module - List of modules to load
remove
string
Command: --remove - Remove this parameter from urls
exclude
string
Command: --exclude - Adds a url to exclude from the scan
timeout
string
Command: --timeout - Set timeout for requests in seconds
verbose
string
Command: --verbose - Set verbosity level (0: quiet, 1: normal, 2: verbose)
endpoint
string
Command: --endpoint - URL serving as endpoint for both attacker and target
auth-cred
string
Command: --auth-cred - Set HTTP authentication credentials
auth-type
string
Command: --auth-type - Set the authentication type to use (basic, digest, ntlm, or post)
scan-force
string
Command: --scan-force - Easy way to reduce the number of scanned and attacked URLs. Possible values: paranoid, sneaky, polite, normal, aggressive, insane
user-agent
string
Command: --user-agent - Set a custom user-agent to use for every requests
verify-ssl
string
Command: --verify-ssl - Set SSL check (0 or 1, default is 0)
dns-endpoint
string
Command: --dns-endpoint - Domain serving as DNS endpoint for Log4Shell attack
no-bugreport
boolean
Command: --no-bugreport - Don't send automatic bug report when an attack module fails
max-scan-time
string
Command: --max-scan-time - Set how many seconds you want the scan to last (floats accepted)
max-parameters
string
Command: --max-parameters - URLs and forms having more than MAX input parameters will be erased before attack.
drop-set-cookie
boolean
Command: --drop-set-cookie - Ignore Set-Cookie header from HTTP responses
max-attack-time
string
Command: --max-attack-time - Set how many seconds you want each attack module to last (floats accepted)
external-endpoint
string
Command: --external-endpoint - URL serving as endpoint for target
internal-endpoint
string
Command: --internal-endpoint - URL serving as endpoint for attacker
max-files-per-dir
string
Command: --max-files-per-dir - Set how many pages the scanner should explore per directory
max-links-per-page
string
Command: --max-links-per-page - Set how many (in-scope) links the scanner should extract for each page