wascan
WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using black-box method, that means it won’t study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages,..etc.
Details
Category: Scanners
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/wascan:cf2f61d
Source URL: https://github.com/R3dFruitRollUp/WAScan
Parameters
auth
string
Command:
-a - HTTP Basic Authentication (user:pass)data
string
Command:
-d - Data to be sent via POST methodhost
string
Command:
-h - HTTP Host header valueproxy
string
Command:
-p - Use a proxy, (host:port)cookie
string
Command:
-c - HTTP Cookie header valueheaders
string
Command:
-H - Extra Headers (e.g: Host:site.com)referer
string
Command:
-R - HTTP Referer header valuetimeout
string
Command:
-t - Seconds to wait before timeout connectionredirect
string
Command:
-n - Set redirect target URL False (default=True)bruteforce
boolean
Command:
-b - Bruteforce hidden parametersproxy-auth
string
Command:
-P - Proxy Authentication, (user:pass)target-url
string
requiredCommand:
-u - Target URLuser-agent
string
Command:
-A - HTTP User-agent header valuehttp-method
string
Command:
-m - HTTP method, GET or POSTscan-option
string
requiredCommand:
-s - Choose scan option: 0 - Fingerprint, 1 - Attacks, 2 - Audit, 3 - Bruteforce, 4 - Disclosure, 5 - Full scanrandom-agent
boolean
Command:
-r - Use random User-agent header value