wascan
WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using black-box method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc.
Details
Category: Scanners
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/wascan:cf2f61d
Source URL: https://github.com/R3dFruitRollUp/WAScan
Parameters
auth
string
Command:
-a
- HTTP Basic Authentication (user:pass)data
string
Command:
-d
- Data to be sent via POST methodhost
string
Command:
-h
- HTTP Host header valueproxy
string
Command:
-p
- Use a proxy, (host:port)cookie
string
Command:
-c
- HTTP Cookie header valueheaders
string
Command:
-H
- Extra Headers (e.g: Host:site.com)referer
string
Command:
-R
- HTTP Referer header valuetimeout
string
Command:
-t
- Seconds to wait before timeout connectionredirect
string
Command:
-n
- Set redirect target URL False (default=True)bruteforce
boolean
Command:
-b
- Bruteforce hidden parametersproxy-auth
string
Command:
-P
- Proxy Authentication, (user:pass)target-url
string
requiredCommand:
-u
- Target URLuser-agent
string
Command:
-A
- HTTP User-agent header valuehttp-method
string
Command:
-m
- HTTP method, GET or POSTscan-option
string
requiredCommand:
-s
- Choose scan option: 0 - Fingerprint, 1 - Attacks, 2 - Audit, 3 - Bruteforce, 4 - Disclosure, 5 - Full scanrandom-agent
boolean
Command:
-r
- Use random User-agent header value