wapiti
Web vulnerability scanner written in Python3
Details
Category: Scanners
Publisher: trickest-mhmdiaa
Created Date: 9/7/2022
Container: quay.io/trickest/wapiti:3.1.3
Source URL: https://github.com/wapiti-scanner/wapiti
Parameters
url
string
requiredCommand:
--url
- The base URL used to define the scan scopedata
string
Command:
--data
- Urlencoded data to send with the base URL if it is a POST requestskip
string
Command:
--skip
- Skip attacking given parameter(s)color
boolean
Command:
--color
- Colorize outputdepth
string
Command:
--depth
- Set how deep the scanner should explore the websitelevel
string
Command:
--level
- Set attack levelproxy
string
Command:
--proxy
- Set the HTTP(S) proxy to use. Supported: http(s) and socks proxiesscope
string
Command:
--scope
- Set scan scope (page, folder, domain, url, or punk)start
string
Command:
--start
- Adds a url to start scan withtasks
string
Command:
--tasks
- Number of concurrent tasks to use for the exploration (crawling) of the target.cookie
file
Command:
--cookie
- Set a JSON cookie file to use.format
string
Command:
--format
- Set output format. Supported: csv, html, json, txt, xml. Default is html.header
string
Command:
--header
- Set a custom header to use for every requestsmodule
string
Command:
--module
- List of modules to loadremove
string
Command:
--remove
- Remove this parameter from urlsexclude
string
Command:
--exclude
- Adds a url to exclude from the scantimeout
string
Command:
--timeout
- Set timeout for requests in secondsverbose
string
Command:
--verbose
- Set verbosity level (0: quiet, 1: normal, 2: verbose)endpoint
string
Command:
--endpoint
- URL serving as endpoint for both attacker and targetauth-cred
string
Command:
--auth-cred
- Set HTTP authentication credentialsauth-type
string
Command:
--auth-type
- Set the authentication type to use (basic, digest, ntlm, or post)scan-force
string
Command:
--scan-force
- Easy way to reduce the number of scanned and attacked URLs. Possible values: paranoid, sneaky, polite, normal, aggressive, insaneuser-agent
string
Command:
--user-agent
- Set a custom user-agent to use for every requestsverify-ssl
string
Command:
--verify-ssl
- Set SSL check (0 or 1, default is 0)dns-endpoint
string
Command:
--dns-endpoint
- Domain serving as DNS endpoint for Log4Shell attackno-bugreport
boolean
Command:
--no-bugreport
- Don't send automatic bug report when an attack module failsmax-scan-time
string
Command:
--max-scan-time
- Set how many seconds you want the scan to last (floats accepted)max-parameters
string
Command:
--max-parameters
- URLs and forms having more than MAX input parameters will be erased before attack.drop-set-cookie
boolean
Command:
--drop-set-cookie
- Ignore Set-Cookie header from HTTP responsesmax-attack-time
string
Command:
--max-attack-time
- Set how many seconds you want each attack module to last (floats accepted)external-endpoint
string
Command:
--external-endpoint
- URL serving as endpoint for targetinternal-endpoint
string
Command:
--internal-endpoint
- URL serving as endpoint for attackermax-files-per-dir
string
Command:
--max-files-per-dir
- Set how many pages the scanner should explore per directorymax-links-per-page
string
Command:
--max-links-per-page
- Set how many (in-scope) links the scanner should extract for each page