Name:wapiti
Category:Scanners
Publisher:trickest-mhmdiaa
Created:9/7/2022
Container:quay.io/trickest/wapiti:3.1.3
Output Type:
License:Unknown

Parameters

url
string
required
--urlThe base URL used to define the scan scope
data
string
--dataUrlencoded data to send with the base URL if it is a POST request
--skipSkip attacking given parameter(s)
color
boolean
--colorColorize output
depth
string
--depthSet how deep the scanner should explore the website
level
string
--levelSet attack level
proxy
string
--proxySet the HTTP(S) proxy to use. Supported: http(s) and socks proxies
scope
string
--scopeSet scan scope (page, folder, domain, url, or punk)
start
string
--startAdds a url to start scan with
tasks
string
--tasksNumber of concurrent tasks to use for the exploration (crawling) of the target.
cookie
file
--cookieSet a JSON cookie file to use.
format
string
--formatSet output format. Supported: csv, html, json, txt, xml. Default is html.
header
string
--headerSet a custom header to use for every requests
module
string
--moduleList of modules to load
remove
string
--removeRemove this parameter from urls
exclude
string
--excludeAdds a url to exclude from the scan
timeout
string
--timeoutSet timeout for requests in seconds
verbose
string
--verboseSet verbosity level (0: quiet, 1: normal, 2: verbose)
endpoint
string
--endpointURL serving as endpoint for both attacker and target
auth-cred
string
--auth-credSet HTTP authentication credentials
auth-type
string
--auth-typeSet the authentication type to use (basic, digest, ntlm, or post)
scan-force
string
--scan-forceEasy way to reduce the number of scanned and attacked URLs. Possible values: paranoid, sneaky, polite, normal, aggressive, insane
user-agent
string
--user-agentSet a custom user-agent to use for every requests
verify-ssl
string
--verify-sslSet SSL check (0 or 1, default is 0)
dns-endpoint
string
--dns-endpointDomain serving as DNS endpoint for Log4Shell attack
no-bugreport
boolean
--no-bugreportDon't send automatic bug report when an attack module fails
max-scan-time
string
--max-scan-timeSet how many seconds you want the scan to last (floats accepted)
max-parameters
string
--max-parametersURLs and forms having more than MAX input parameters will be erased before attack.
drop-set-cookie
boolean
--drop-set-cookieIgnore Set-Cookie header from HTTP responses
max-attack-time
string
--max-attack-timeSet how many seconds you want each attack module to last (floats accepted)
external-endpoint
string
--external-endpointURL serving as endpoint for target
internal-endpoint
string
--internal-endpointURL serving as endpoint for attacker
max-files-per-dir
string
--max-files-per-dirSet how many pages the scanner should explore per directory
max-links-per-page
string
--max-links-per-pageSet how many (in-scope) links the scanner should extract for each page